File Upload - Skills Assessment

I am currently stuck I am able to get some semblance of file disclosure with an xxe attack on the machine but the problem is I can not find the flag’s file name nor can I get a reverse shell on the target’s server in order to find the flag. I can, however, read the /etc/passwd file on the target computer.

I don’t know where to go from here. Someone, please help!

how did u managed to read /etc/passwd?