diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb
index 934f588e..3c4937f6 100644
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -123,6 +123,17 @@ class WpTarget
     @uri.merge("#{wp_content_dir()}/debug.log").to_s
   end
 
+  # Script for replacing strings in wordpress databases
+  # reveals databse credentials after hitting submit
+  def search_replace_db_2_url
+    @uri.merge("searchreplacedb2.php").to_s
+  end
+
+  def search_replace_db_2_exists?
+    resp = Browser.instance.get(search_replace_db_2_url)
+    resp.status == 200 && resp.body[%r{by interconnect}i]
+  end
+
   # Should check wp-login.php if registration is enabled or not
   def registration_enabled?
     # TODO
diff --git a/wpscan.rb b/wpscan.rb
index 4d7c6897..985acc66 100755
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -131,6 +131,10 @@ begin
     puts red("[!] A wp-config.php backup file has been found '#{file_url}'")
   end
 
+  if wp_target.search_replace_db_2_exists?
+    puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'")
+  end
+
   if wp_target.has_malwares?
     malwares = wp_target.malwares
     puts red("[!]") + " #{malwares.size} malware(s) found :"