PHP is adorable. It’s learning curve is short, yet its features allow you to create virtually any kind of web application. But PHP, as some use to say, allows the programmer to do a lot of weird things. While I really think it’s a good aspect for a programming language, for beginners it might bring a lot of headaches and angry clients. The vulnerabilities that we are going to see here really do deserve some attention from us (as any other vulnerability). They’re not vulnerabilities that will provide, to some attacker, permissions to hack the entire server (maybe this is the reason why it’s so forgotten), but this does not mean that they can’t create a path, sometimes with some basic social engineering1 , for the attacker to reach this target.