The Hacker Webzine makes a note of two, less known PHP eeconnaissance vectors, which can be used to trigger error messages or to obtain more intelligence about the server within PHP.

The first one occurs because of how PHP and the programmer handles the server variables. These variables are usually not sanitized because the developer thinks it cannot be modified. That is a wrong assumption, however. Most web sites are vulnerable to these kinds reconnaissance vectors. So all variables inside the the global needs to be sanitized.

The second vector is triggered in the request uri by modifying the PHPSESSID. If the session is echoed back into a script we can trigger an error. If you've ever seen this kind of error message: "cannot modify header session already started" ? take note, because it can give away plenty of information.