This solution doesn't use bug implanted into PHP. We exploit curl 1-day vulnerability instead.

Original writeup (https://blog.bushwhackers.ru/pwning-master-of-php-like-its-real-real-world-ctf/).