Source:- https://tutorialboy24.blogspot.com/2023/07/bypassing-php-waf-to-achieve-remote.htmlhttps://tutorialboy24.blogspot.com/2023/07/bypassing-php-waf-to-achieve-remote.html
Before testing to bypass WAF to execute remote code, first construct a simple and vulnerable remote code execution script, as shown in the figure:
Line 6 is an obvious command execution code, and line 3 tries to intercept functions such as system, exec, or pass-thru (there are many other functions in PHP that can execute system commands, these three are the most common).
This script is deployed behind Cloudflare WAF and ModSecurity + OWASP CRS3. For the first test, try to read the contents of passed.
/cfwaf.php?code=system("cat /etc/passwd");
As you can see, it was intercepted by CloudFlare, we can try to bypass it by using uninitialized variables, for example: