LOG FILE POISONING

this method relies on writing php code in a field we control that gets logged into a log file (e.g., poison/contaminate the log file). the log file is then included to execute the php code. IOF this attack to work, the php webapp must have read privileges over the logged files.