This is one way you could exploit a server. This will work on any unsecure php upload forms. I used a new tool included in backtrack 5 to evade any antivirus software by encrypting the php backdoor. If you are sucessful, you can then run any command on the targeted server.