ByteDance interview question

A scenario based question where there exists a vulnerable web application which allows arbitrary file upload