What kind of vulnerabilities involve the attacker sending "php://input"?

My site was just bombarded by an attacker trying to pass "php://input" into any GET/POST variable they coul开发者_运维百科d think of. If this is trying to take advantage of a vulnerability, I'm unaware of it. What could this user be trying to exploit?

http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution

php://input reads data from the incoming request. Basically, what the attacker might be trying to do is pass "php://input" into a weak php directive such as:

include $_REQUEST['filename'];

It would allow the attacker to send the "contents" of the php file to execute via the request, thereby allowing him to execute php code on your machine

Perhaps anyone who runs an eval on php input?

$data = file_get_contents('php://input');
eval($data);

I have not seen this personally but I bet someones done it at some point thinking it could be safe.

This is probably an attempt to force evaluation of PHP code passed through raw request data - seems a bit hopeful though.