Local File Inclusion with insecure filter

Infect and include the log file data.log to be able to execute PHP code on the target application and perform a remote code execution (RCE).

Goal

Read the flag in the environment variables of the vulnerable application.