All the actions described in the article were performed with the permission of the site owner as the part of vulnerability tests. Requests text was modified with respect to the test subject privacy. Prehistory Some time ago I found a suspicious behavior on the file upload to the site. Spoiler: I…