sorry man but its not exploit u forgot something include("track_config.php"); and this code in the begining of ur file that contain the exploit and the config file have value for $header track_config.php //Design $header="c_header.php"; $footer="c_footer.php"; so it CAAAAAANT BE INCLUSION it already have value in the config aaaand the tracking.php file included the config so its not inclusion