Tags: php eval 

Rating: 2.7

## 104 PHP Eval White-List ##

(re, web)

**Files provided**

- `eval.so`

**Description**

The challenge website which lets us run PHP's `eval` with "patched" version of `eval`. The shared object file contained the patched function.

**Solution**

Since the website said to try and execute `flag`, before even looking into the shared object, I tried `system("../flag")`. Done: `OOO{Fortunately_php_has_some_rock_solid_defense_in_depth_mecanisms,_so-everything_is_fine.}`