FAIL (the browser should render some flash content, not this).
 
 
 Along the same lines of SQL injection and XSS, remote file inclusion vulnerabilities rely on the user being able to manipulate variables interpreted by PHP. The most common occurance of this vulnerability is the utilization of URL strings to determine included files. This threat of this vulnerability is largely determined by the configuration of the PHP server. Some servers will allow more malicious includes than others.

Resources.
* http://www.madirish.net/?article=203  [4]
* http://www.benwiggy.com/hacking/website_hacking.php  [5]
* http://www.securereality.com.au/studyinscarlet.txt  [6].


 
 SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Resources.
* http://en.wikipedia.org/wiki/SQL_injection  [7]
* http://www.unixwiz.net/techtips/sql-injection.html  [8]
* http://www.oracle.com/techn...te_injection_proof_plsql.pdf  [9].


 
 Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack "everything looks fine" to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss.

Resources.
* http://en.wikipedia.org/wiki/Cross-site_scripting  [10]
* http://www.cgisecurity.com/articles/xss-faq.shtml  [11]
* http://it.toolbox.com/bl...-xss-cookies-session-ids-11098  [12]
* http://www.ihtb.org/security/xss_hacking_exposed.txt  [13].


 
 LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection.

Resources.
* http://www.owasp.org/index.php/LDAP_injection  [14]
* http://www.testingsecurity.com/how-to...s/LDAP-Injection  [15]
* http://www.webappsec.org/proje...ldap_injection.shtml  [16].


 
 Another concern when dealing with user data is the possibility that it may be executed in PHP code or on the system shell. PHP provides the eval() function, which allows arbitrary PHP code within a string to be evaluated (run). There are also the system(), passthru() and exec() functions, and the backtick operator, all of which allow a string to be run as a command on the operating system shell.

Resources.
* http://www.acunetix.com/websitesecurity/php-security-1.htm
  # Executing Code Containing User Input  [17]


 
 The term CRLF stands for Carriage Return (CR, ASCII 13, \r) Line Feed (LF, ASCII 10, \n). These are ACSII characters which display nothing on screen but are very widely used in Windows to indicate an end of line. On Linux/UNIX systems the end of line is indicated by the use of the Line Feed only.

This combination of CR and LR is used for example when pressing "Enter" on the keyboard. Depending on the application being used, pressing "Enter" generally instructs the application to start a new line, or to send a command.

A CRLF Injection attack occurs when a hacker manages to inject CRLF Commands into the system. This kind of attack is not a technological security hole in the Operating System or server software, but rather it depends on the way that a website is developed. Some developers are unaware of this kind of attack and leave open doors when developing web applications, allowing hackers to inject CRLF Commands.

Resources.
* http://www.acunetix.com/websitesecurity/crlf-injection.htm  [18]


 
 Users without permissions are able to upload any kind of files, also .php; so the attacker can upload their own remote PHP shell...