I am in the process of learning how to protect my web server.
I have two servers.
One allows users to upload files.
Another one is general static website server.
If you can penetrate and get root, I'll pay you out.
Once I pay you, you must tell me how you got in, step by step, and help me fix it.
The website URL is in the picture attached.