**TL;DR**: `system("../flag");`

Else check the following links to read the full write-up.

* [Quick way](https://rawsec.ml/en/DefCon-2018-Quals-write-up/#quick-way)
* [Longer way](https://rawsec.ml/en/DefCon-2018-Quals-write-up/#longer-way)
* [Bonus](https://rawsec.ml/en/DefCon-2018-Quals-write-up/#bonus)

Original writeup (https://rawsec.ml/en/DefCon-2018-Quals-write-up/#php-eval-white-list-web).