ritk updates to beta 0.2
this new release of ritk ("remote inclusion toolkit") contains cleaner syntax, some constants set for use in the reverse connection backdoor, and finally the addition of a method to exploit a weakness in PHP's safemode/open_basedir(). The vulnerability was disclosed by email@example.com and I thought it would be such a neat usage for remote inclusion penetration testing.
the variable to use ritk's new feature is &bypass=1, which currently supports the libcurl means of bypassing safemode/open_basedir. I am in the middle of research to expand the method; for it seems PHP's safemode/open_basedir system is quite flawed.
you can read its README file here