Slashdotted today an experience to anonymizing RFI Attacks Through Google. An interesting approach that search engines should be aware, and if it could be done using Google crawler, it could be done also using any other spider :

Noam Rathaus on his SecuriTeam blog describes a technique by which "Google can be utilized to hack into websites - actively exploiting them (not information gathering by the use of "Google hacking", although that is how most of the sites vulnerable to RFI attacks are found)." He cites examples in the wild and even mentions that the technique could be used as a "covert" communications channel.