Basically, it’s an XSS vulnerability in the phpinfo() function which gives unescaped output for all user-submitted arrays in GET, POST and Cookies. Translation? Well if anyone has a spare phpinfo() for PHP versions 4.4.3 -> 4.4.6 hanging about, try appending this to its URL: ?f[]=%3Ca%20href%3Dhttp%3A//www.digitalpoint.com/%3EDigitalPoint%20Ownz%20j00%3C/a%3E Then scroll down to “PHP Variablesâ€. If you have an exploitable version, you should get one, clean, un-condomned backlink. Ain’t that precious? So all you would need to do is to get a bunch of them indexed and you’re happy as a black hatter. However happy that is. Now would anyone like 60,600 free backlinks?