Here’s my attempt – hunting for $_GET / $_POST / $_COOKIE placed at the start of on and include / require / include_once / require_once – potentially a path to include remote files. (Un)?fortunately seems to break the search interface right now – although more results are reported, you can’t seem to get beyond page 2 right now.
Harry Fuecks is the Engineering Project Lead at Tamedia and formerly the Head of Engineering at Squirro. He is a data-driven facilitator, leader, coach and specializes in line management, hiring software engineers, analytics, mobile, and marketing. Harry also enjoys writing and you can read his articles on SitePoint and Medium.