tip from @0x_rood: 🔍 File upload bypassed with .php2 and stored XSS found 🤔How to get RCE or escalate to critical bug? 🚫 Blocked by WAF? 🤔Any tips? 💡Check out https://twitter.com/0x_rood/status/1653803823352168448 for ideas 🔰 Let’s see what the #infosec community has to say!