The assessment team uploaded the ZIP file containing Symlink in the application:
After uploading the file, the assessment team extracted the Symlink file, as shown in below snapshot:
The application allowed the assessment team to preview the content of uploaded documents, on previewing the file the assessment team was able to access the content of server’s “passwd” file: