Nice find. File upload is always scarily dangerous when unprotected.

Just a word of caution from one white hat to another… Getting the site owner’s permission is not really sufficient where they do not own the web server. In this case the shared hosting provider would be within their rights to complain about your activities, so you should always check with the infrastructure owner first (and get written permission).

One more thing — kernel exploits like dirty c0w are temperamental and can easily crash a server and kill a website. I’d recommend you exhaust all your other privesc options before that — and only use them if explicitly agreed with the site/server owner. Noting to the site owner that their kernel version is listed as vulnerable should be sufficient to prove your point in any case.

All that said, nice write-up and all the best for your professional development ☺