Will a Web Server detect a base64 encoded reverse shell on run time?


A vulnerable website blocks almost everything that is related to PE (Privilege Escalation), but when encoding the ls -al code into a base64 format, the website doesn’t block the dangerous code (at Scan Time), will the web server detect and block the code at Run Time ?

base64 -d <<< bHMgLWFs | sh: Base64 of ls -al

Web Server: Scanning the input.. Seems fine, I will not block it.

Web Server Inside: ls -al # Will it block it at run time ?