tip from @0x_rood: ? File upload bypassed with .php2 and stored XSS found ?How to get RCE or escalate to critical bug? ? Blocked by WAF? ?Any tips? ?Check out https://twitter.com/0x_rood/status/1653803823352168448 for ideas ? Let’s see what the #infosec community has to say!