Using OWASP Mutillidae II as our target application, let's manipulate the value of the phpfile parameter to determine whether we can make a call to a direct object reference on the system, such as /etc/passwd file.