From 82c3cd92d11aebc6f28b3646c6f9933f1d560bd9 Mon Sep 17 00:00:00 2001
From: the-pythonist <68852419+the-pythonist@users.noreply.github.com>
Date: Thu, 12 Oct 2023 14:51:23 +0200
Subject: [PATCH] Update README.md

Prefer ${IFS} to $IFS when doing filter bypass without space as $IFS does not work as a separator for certain commands.
---
 Command Injection/README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Command Injection/README.md b/Command Injection/README.md
index 9b297fb..a9e70e6 100644
--- a/Command Injection/README.md	
+++ b/Command Injection/README.md	
@@ -113,9 +113,10 @@ command1 | command2  # Pipe the output of command1 into command2
 
 ### Bypass without space
 
-* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space.
+* `$IFS` is a special shell variable called the Internal Field Separator. By default, in many shells, it contains whitespace characters (space, tab, newline). When used in a command, the shell will interpret `$IFS` as a space. `$IFS` does not directly work as a seperator in commands like `ls`, `wget`; use `${IFS}` instead. 
   ```powershell
-  cat$IFS/etc/passwd
+  cat${IFS}/etc/passwd
+  ls${IFS}-la
   ```
 * In some shells, brace expansion generates arbitrary strings. When executed, the shell will treat the items inside the braces as separate commands or arguments.
   ```powershell