some links
http://php.net/manual/en/function.eval.php
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
http://www.cgisecurity.com/csrf-faq.html
http://projects.webappsec.org/w/page/13246947/LDAP-Injection
http://www.owasp.org/index.php/LDAP_injection
http://www.owasp.org/index.php/OS_Command_Injection
http://www.owasp.org/index.php/OS_Command_Injection
http://www.owasp.org/index.php/Path_Traversal
http://projects.webappsec.org/Path-Traversal
http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
http://www.owasp.org/index.php/HTTP_Response_Splitting
http://projects.webappsec.org/Remote-File-Inclusion
http://en.wikipedia.org/wiki/Remote_File_Inclusion
https://www.owasp.org/index.php/Session_fixation
http://unixwiz.net/techtips/sql-injection.html
http://en.wikipedia.org/wiki/SQL_injection
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.owasp.org/index.php/SQL_Injection