protip:
if you found OS command Injection vulnerability but there’s a WAF that blocks payloads with special characters like (/”‘&|()-;:.,`) and whitespaces its still possible to bypass it.
E.g.:reading /etc/passwd File:
cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??
#bugbounty … https://t.co/hkw3GDgN25