Rating: 0

PHP Eval White-List
For this challenge, we were given a [webpage](http://c67f8ffd.quals2018.oooverflow.io/) written in PHP, as well as its source code and the binary of a custom PHP extension (that supposedly implements the whitelist to be bypassed). The goal was to execute a binary, `flag`, and read its output.

The page contains a simple form that takes a PHP code snippet, and `eval()`s it. The challenge was far easier than expected: `passthru` was allowed (as well as `system`), and just putting in the form `passthru('../flag');` returned the flag :)

Flag: `OOO{Fortunately_php_has_some_rock_solid_defense_in_depth_mecanisms,_so-everything_is_fine.}`