Rating: 5.0
PyCalX2 was part of the MeePwnCTF Quals 2018 and consists of a webpage with 3 inputs,
a value, an operator and a second value.
You should have a look PyCalX before reading this writeup.
## Filtered input
The code differs from PyCalX by the fact that our operation is filtered now too, this
breaks our quote injection and we have to find a new way in.
```diff
- op = get_op(arguments['op'].value)
+ op = get_op(get_value(arguments['op'].value))
```
## Fun with flags
Well, seeing the flag of PyCalcX we get a hint for python3.6, reading the changelog we
found that python3.6 intruduced a new type of format-strings, often called f-strings
or Literal String Interpolation.
With that information our new operator now is: `+f`
## Exploit
These new format strings allow some eval-like behaviour, using `{FLAG
