Skip to content

References

Vulnerable functions

Local / Remote file inclusion bugs:

include()
include_once()
require()
require_once()

Local / Remote command execution bugs:

eval()
preg_replace()
fwrite()
passthru()
file_get_contents()
shell_exec()
system()

SQL Injection bugs:

mysql_query()

File / File system bugs:

fopen()
readfile()
glob()
file()
popen()
exec()

https://0xzoidberg.wordpress.com/2010/05/26/vulnerable-php-functions/