PHP Eval White-List
For this challenge, we were given a [webpage](http://c67f8ffd.quals2018.oooverflow.io/) written in PHP, as well as its source code and the binary of a custom PHP extension (that supposedly implements the whitelist to be bypassed). The goal was to execute a binary, `flag`, and read its output.

The page contains a simple form that takes a PHP code snippet, and `eval()`s it. The challenge was far easier than expected: `passthru` was allowed (as well as `system`), and just putting in the form `passthru('../flag');` returned the flag :)

Flag: `OOO{Fortunately_php_has_some_rock_solid_defense_in_depth_mecanisms,_so-everything_is_fine.}`

Original writeup (https://mhackeroni.it/archive/2018/05/20/defconctfquals-2018-all-writeups.html#php-eval-white-list).