There is a File Inclusion vulnerability here. Leverage the Security Misconfiguration to exploit the badness. Hint 1 Access to files in other directories is not prohibited Hint 2 Can you get to sensitive files like /etc/passwd? Solution Fetch sensitive files by changing the fname parameter e.g., fname=../../../../../etc/passwd