Rating: 3.7

tl;dr: append an image at the end of the file and use malformed compressed data to leak the flag (which is inserted directly before the appended image after uploading the file)

Original writeup (https://github.com/ldruschk/ctf-writeups/blob/master/2020_plaidctf_bonzi_scheme.md).