PHP Eval White-List
For this challenge, we were given a [webpage](http://c67f8ffd.quals2018.oooverflow.io/) written in PHP, as well as its source code and the binary of a custom PHP extension (that supposedly implements the whitelist to be bypassed). The goal was to execute a binary, `flag`, and read its output.
The page contains a simple form that takes a PHP code snippet, and `eval()`s it. The challenge was far easier than expected: `passthru` was allowed (as well as `system`), and just putting in the form `passthru('../flag');` returned the flag :)