On the Security Musings blog today there's a new post from Anurag that walks you through the process, step-by-step, of how he exploited an image gallery written in PHP (including the tools he used).
I always read, PHP applications are a security guy's nightmare. Always thought why, Coming from a world of packets and frames code made lesser sense. Until I stumbled upon this application. The application was an Image gallery, with a lot of nice cool pics and an option to share and upload pics. This was a PHP application. Oh, it was fun! I thought of playing with it. As soon as I checked the Image upload option, the security freak in me took over.