first step: login to your account and then change your profile picture.
second step: send request to intruder, and add posiotion like below.
third step: send request to intruder, and add posiotion like below.
forth step: start attack.
result: Look at the responses, as you can see all of files has been uploaded and you can access the file. the file upload location pattern is "upload_date-folder(random number)/file(random number)" Look at below image.
