https://blog.akmee.xyz/tags/file-upload/Recent content in File-Upload on tomato's blogHugoen-usMon, 20 Apr 2026 14:48:49 -0300https://blog.akmee.xyz/writeups/retired/environment/Mon, 05 May 2025 00:00:00 +0000https://blog.akmee.xyz/writeups/retired/environment/Environment is a medium Linux machine where breaking the login page leaks the Laravel version, leading to CVE-2024-52301 — an argument injection that lets you switch the app environment and bypass authentication. From the dashboard, a file upload filter bypass gives RCE. Root comes from decrypting a GPG backup to recover credentials and abusing BASH_ENV preserved via env_keep in sudoers.