While the code on GitHub is functional against a target, it will fail immediately against any modern PHP-FPM setup, nginx configuration, or CGI handler patched after 2012.
Which option do you want?
cgi.fix_pathinfo = 0 # Critical! Stops path traversal allow_url_include = Off auto_prepend_file = none # Don't let attackers define this php 5416 exploit github new