Web - Server

hi all,

I have seen the ping command is taking the posted content as a whole part and then pass this as argument to itself.
Like -> ping " ***the content*** ". But i do not see how to escape from the ping command. It appears to parse the string and does nothing else then run it.
But there is more with "$0 ’parameters’ ..." i could not explain what is wrong with that ?

as the challenge says filtre bypass :
so there is filtres in place look for some charchater developer may forget to add to his exclusion list ^^

hi,

i can guess the characters and could probe them properly, at least i suppose i did so. I have used even the commix tool but without getting good results. There could be a function that escapes all the special characters like escapeshellcmd of php. I think there is a funny detail i missed on this way. Maybe a good hint without to spoil :) would be great. Thx a lot for reading. In God we trust.