File Upload Vulnerability

This lab contains a vulnerable image upload function. Certain file extensions are blacklisted, but this defense can be bypassed using a classic obfuscation technique.

I solve the lab, upload a basic PHP web shell, then use it to exfiltrate the contents of the file /home/carlos/secret.