This is a two part article about code execution in PHP. It’s a very detailed article and contains references from other sources as well. I will discuss about some of the mistakes done by PHP developers which result in Remote Code Execution Vulnerability. It’s no secret that PHP is an easy to code language; however a lot of new PHP developers lack the knowledge of basic security principles which results in to new poorly written web-application often introducing critical vulnerabilities.
more here...........http://www.rafayhackingarticles.net/2014/08/remote-code-execution-in-php-explained.html
more here...........http://www.rafayhackingarticles.net/2014/08/remote-code-execution-in-php-explained.html