Upload bypass

Magic byte + mime type + extension

Confirm that we’re able to upload PDF files:

We are not able to bypass the restriction by changing MIME type and/or file extension:

Bypass by adding %PDF-1.5 at the start of our payload, changing extension to .pdf.php and MIME type to application/pdf: