Durning one of my project few days ago I wrote another version of my source code scanner.
Another one, because this 'super code' is a never ending story. Maybe I will put here few examples in the future in some kind of 'how to do' this or that. We'll see... ;)
Below, simple example (related to post about nice trick @ seclists.org and questions about 'how I found this webapp' code to tests):
Yes, in this example this is local file include vulnerability in a PICOL Generator .
If we will set 'wrong' php.ini settings, we can make here remote file include attack too.
Anyway, durning a webapp pentest, if we'll find this webapp, server can be 'hacked' ;)
Have fun! at localhost ;]
One more idea if you don't know this site, check it now .;)