Oh dear

Google Code Search for Security Vulnerabilities

Here’s my attempt – hunting for $_GET / $_POST / $_COOKIE placed at the start of on and include / require / include_once / require_once – potentially a path to include remote files. (Un)?fortunately seems to break the search interface right now – although more results are reported, you can’t seem to get beyond page 2 right now.

lang:php (include|require)(_once)?s*['"(]?s*$_(GET|POST|COOKIE)

So what’s the opposite of “security by obscurity” – because this seems to be it – Koders at least kept their search syntax weak.