It’s great because I can copy the script anywhere into html space, then browse there, and presto I can see inside most any folder on the server. In any folder world-writable, I can copy files, make links to files, delete files, edit files. Neat.
It’s terrible because, if I can do it, anybody can do it. Getting into a previously ‘secured’ folder and stealing the credit-card number proved way easy. If I can’t throttle this boy into acting with some restraint, he’s outta here!