Tags: web 

Rating:

1) Create account
2) Decode PHPSESSID cookie
3) Change "approved" to true and rencode
4) Upload PNG image containing PHP shell
5) Retrieve the flag via webshell

Full walkthrough: https://www.youtube.com/watch?v=JJD45W-C9mQ&t=326s

Original writeup (https://www.youtube.com/watch?v=JJD45W-C9mQ&t=326s).