PHP attacks

From pentestwiki.org

Tests:

{phpinfo()}.txt
{${phpinfo()}}.txt
{sleep(5)}.txt
NULL byte in octal: \400
NULL byte in hex: \x00

Tricky php file uploads extensions:

.php3
.php4
.php5
.pht


application/dime: Direct Internet Message Encapsulation (Sending binary data with SOAP messages)