How a Loose Regex in a File Upload Component Led to a $12,000 Remote Code Execution (RCE) (opens in new tab)

If you ask any bug hunter what their holy grail vulnerability is, the answer is almost always the same: Remote Code Execution (RCE). It is…