Seeking vulnerable server-side scripts

[jeremy.j.epstein at gmail.com (Jeremy Epstein)]

Greetings,

I'm experimenting (on paper initially) with a technique for improving
resiliency of web applications, and to do so am looking for examples
of server side scripts (PHP, Perl, whatever) that have security
vulnerabilities, to see if the technique would work.  If you have
scripts you'd be willing to share, please contact me off-list.  The
scripts don't have to be open source; I'm happy to take scripts that
are not for redistribution (but I can't sign formal NDAs).  The ideal
scenario would include enough of the infrastructure (scripts,
descriptions of the environment) and a description of the
vulnerability... but again, I'll take what I can get for now.  The
important thing is that the scripts be server-side and written in an
interpreted scripting language; I'm not looking for server-side C or
Java programs.

If there are repositories of such things, please excuse the newbie
question and point me in the right direction!

Thanks,
--Jeremy
703-989-8907 (mobile)
jeremy.j.epstein at gmail.com

P.S. Yes, you may forward this message to other people, but I'd
appreciate not sending it to other lists without checking with me
first.