Tags: bash expansion eval
Rating: 4.0
tl;dr:
1. Notice that assignment to integer typed variable performs arithmetic evaluation
2. Notice that array index calculation has full-eval power
3. Place payload as index of an array to gain RCE
Full writeup: https://github.com/p4-team/ctf/tree/master/2019-10-19-seccon/multiplicate
