File inclusion to remote code execution
Similar to the file:// scheme used in the earlier example, the PHP interpreter also provides access to various input and output streams via the php:// scheme. This makes sense for when PHP is used in a command-line interface (CLI) and the developer needs to access these common operating system standard streams: stdin, stderr, stdout, and even the memory. Standard streams are used by applications to communicate with the environment they are executing in. For example, the Linux passwd will utilize the stdout stream to display informational messages to the terminal ("Enter your existing password"), stderr to display error messages ("Invalid password"), and stdin to prompt for user input to change the existing password.
The traditional way to parse input coming in from a web client is to read data using the $_GET and $_POST superglobals. The $_GET superglobal provides data that is passed in via the URL, while the $_POST superglobal...
