Last Sunday Embalmed gave a presentation on how the topic of PHP Local File Inclusions (LFI). He covered the many different types of these attacks, how they are commonly exploited, and what you can do as a defender to prevent it from happening to you. You can find the slides of the presentation online here:
https://www.blacklodgeresearch.org/talks/PHPLFI/PHP_LFI.pptx
Embalmed had also put together a vulnerable CentOS 5.3 VM for folks to mess around with (user: user1 / password: password1).
https://www.blacklodgeresearch.org/talks/PHPLFI/Centos-5.3-LFI.ova
If you folks have any questions about this talk, feel free to send them to the list@dc206.org and we'll gladly help you out. We hope to see you guys and glas at the next BLR talk!
-breadtk