Hi there!
i use php 4.3.5 and tried this "proof of concept". i assumed, that the
form attribute "methode" is a typing mistake and adapted the exploit to
get it working under a php 4.3.x default configuration (it's kinda
paradox to use autoglobals in an exploit that aims to secure other
products).
but even this adapted version (see below) does not show anything on
execution.
this exploit seems to rely on a exploitable web service, that gets paths
to include files from a get variable named "page".
so this seems to me like a (fixed/changed) bug at the single service
"www.exemple.com" (not to be mixed up with www.example.com from rfc
2606) and not a general php issue.