So at first glance and with limited info... it's a plugin. Not that this surprises me, I still use vBulletin and I spend a lot of time code-reading the plugins for that before I use them. Mostly to make sure they don't do silly things like have SQL inside a loop over potentially lots of items, but also for the obvious security holes.
phew I don't feel bad now. I wrote a HTML preprocessor in 1999 to allow PHP-like embedding of Perl in webpages. It did the equivalent of register globals. I still have it up on my website but with a big warning that says "this has known security issues, don't use it". At least someone else made the same mistake around that time :)
If you can place a .php file in the plugins directory located here: http://www.techcrunch.com/plugins/
And then if you call the script as per your example, then it appears that plugin is loaded (and evaluated).
Someone else more versed in PHP might want to cast their eyes over the wordpress plugin to see whether I'm right: http://wordpress.org/extend/plugins/wp-super-cache/
But it appears it's a case of globals not being checked prior to use: http://php.net/manual/en/security.globals.php
So at first glance and with limited info... it's a plugin. Not that this surprises me, I still use vBulletin and I spend a lot of time code-reading the plugins for that before I use them. Mostly to make sure they don't do silly things like have SQL inside a loop over potentially lots of items, but also for the obvious security holes.
register_globals is an old one though, should be disabled: http://drupal.org/node/222343