Several links I've received in the last few days, related to PHP security.
PHP filesystem attack vectors
PHP filesystem attack vectors - Take Two
Local File Inclusion (LFI) of session files to root escalation
Shared hosting "file" handler PHP session dumper
LFI2RCE (Local File Inclusion to Remote Code Execution) advanced exploitation: /proc shortcuts
HTTP HEAD method trick in php scripts
Overriding $_FILES array during uploading multiple files in php.
That's that,
2011-03-22:
Add a comment: