A WAF or filter that blocks Remote Code Execution (RCE) and Local File Inclusion (LFI) vulnerabilities can be bypassed using globbing. Globbing is a technique where wildcard characters are used to match patterns in file paths. This can be used to evade the WAF's filtering rules and execute malicious code or include unauthorized files. More details can be found in the blogpost.
For more insights, check out the original tweet here: https://twitter.com/0x0SojalSec/status/1918792591190991120. And don’t forget to follow @0x0SojalSec for more exciting updates in the world of cybersecurity.