Rating: 0

PHP Eval White-List
-------------------
For this challenge, we were given a [webpage](http://c67f8ffd.quals2018.oooverflow.io/) written in PHP, as well as its source code and the binary of a custom PHP extension (that supposedly implements the whitelist to be bypassed). The goal was to execute a binary, flag, and read its output.

The page contains a simple form that takes a PHP code snippet, and eval()s it. The challenge was far easier than expected: passthru was allowed (as well as system), and just putting in the form passthru('../flag'); returned the flag :)

Flag: OOO{Fortunately_php_has_some_rock_solid_defense_in_depth_mecanisms,_so-everything_is_fine.}