source: https://www.securityfocus.com/bid/5905/info

The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request.

Exploiting this issue may allow attackers to access sensitive usernames and passwords, which could be used in future attacks.


http://[target]/vars.inc

and

http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD]