User-agent poisoning bug

When i pass user-agent like <?php system('ls') ?> everything works fine, but when i pass <?php system($_GET['cmd']); ?> and cmd param it doesn't work. Is it my fault or this is some option of nginx ? I met this bug in Skills Assessment - File Inclusion/Directory Traversal, it worked fine in other chapters.

Sign In to comment.