### Explanation

After we published the file, we can access it by following link: http://codefest-ctf.iitbhu.tech:10192/download?file=uploads/{file_name}

Because of "uploads/" in the link, it hints us that **Path Traversal Exploit** works here, so we can access parent directories (e.g. http://codefest-ctf.iitbhu.tech:10192/download?file=../../upload.png).

So, our goal is to find flag.txt in parent directories.

### Solution

All we need is to download the file from parent directory of "uploads" by following link: http://codefest-ctf.iitbhu.tech:10192/download?file=../flag.txt