< Back 1. Remote code execution via web shell upload We abuse an existing vulnerability in the website that allows you to uplood arbitrary file types as the user's avatar. We abuse this by logging in and uploading a PHP web shell as our profile's avatar. We use this to gain remote code execution on the server, downloading the contents of /home/carlos/secret. Solution