Exploiting a format string vulnerability and arbitrary file upload in a Python typing game to achieve remote code execution.