we can see the full path within the errors
ex file: _dil.php | index.php | liste.php | _yardim.php | arama.php | anasayfa.php | url.php
After getting access through a lfi it's possible to see that we are on a (windows) box with the default configuration, with the permissions for -everybody- in some important folders. It's possible to operate quite like an administrator with a simple -webshell- script
There are some shared folders without password on other boxes
this xss is locked by the webserver
The problem is within "Search Engine Builder 2010"