I thought you all would be interested in my recent blog post on this topic - http://tacticalwebappsec.blogspot.com/2009/06/generic-remote-file-inclusion-attack.html

 

Cheers,

Ryan