Feature/lab upload files

[Edmar-Sousa]

- INSECURE FILE UPLOAD

Summary

Added a new PHP teaching scenario that demonstrates an Unrestricted File Upload vulnerability that occasionally leads to Remote Code Execution (RCE). The goal is to provide a reproducible (Docker) lab for study—exploitation, understanding the attack vector, and subsequent demonstration of mitigations.

OWASP:

• A5 — Security Misconfiguration (primary);
• A3 — Injection (secondary)

Language/Stack: PHP (vanilla) + Apache + Docker

I think it's a good app! A good app for practicing: hashing filenames before saving them to disk, checking magic bytes/MIME TYPE, Re-encoding to remove malicious metadata, etc.