0. Open the webpage, we find that a file needs to be uploaded, and it is a picture file
1. Write a word of Trojan horse, rename it to jpg file and upload it
Upload is successful, then capture the package and modify the file name
2. Use BurpSuite to capture the package and modify the file extension
Change the suffix name to php2, php3, php4, php5, phps, pht, phtm, phtml (alias of php), and find that only php4 is not filtered
Note that there are two changes here, the first is to bypass the case