Posted by https://t.co/PHu2I4tUXj
protip:
if you found OS command Injection vulnerability but there’s a WAF that blocks payloads with special characters like (/”‘&|()-;:.,`) so its still possible to bypass it.
E.g: /etc/passwd File :
cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?s… https://t.co/npqr8H1JAd