I monitor the 404s on this site, and I found an interesting one today. It was an inbound request to:
“phpgwapi” is an open source groupware toolkit. It must have a recorded exploit, because the deleted part was a URL that someone was trying to get phpgwapi to remotely include and execute.
I visited the URL and found an unparsed PHP page called “Defacing Tool Pro 3.0,” part of which is screencapped above (remember that it wasn’t parsed or executed, so there’s some random PHP code scattered around up there).
This baby has everything you could ever need to deface a Web site, including the ability to manipulate the file system, run interactive PHP, send arbitrary code through POST and GET, try common URLs for database administration tools, etc. Essentially, if you can get this to run on someone’s machine, it’s a control panel using which you can really screw with their Web site.