i could exploit it in local, but in remote instead of popping a shell i've got somthing like :
sh : 1 : %s%s%s%s%s%s : not found
my best guess : the address of bin sh is changed. if so any hint to get through.
or did i just did shitt somewhere...
thank you for your answers guys