Seen a trend recently where vulns are the result of indirect method invocation and there are LOADS of ways to do this.
Ruby: obj.send(method, args)
PHP: $obj -► $method
Python: globals()[method]()
Java: Method.invoke(), callable.call()
JS: obj[method](), .apply()
