First we look at the html,

there we can see a comment:

there you can see Selina our neighborhood superhero used eval,

so we try a known injection, we inject: system("ls")

and as is suppous to because once again the superheroes lost we can see Selina's files

flag.txt index.php index.php

we can see that there is a flag.txt so we cat it.

system("cat flag.txt")

from here we can just copy and paste the flag: KCTF{WaS_mY_cAlCuLaToR_sAfE}

all that is left is to submit a report to Selina, the report:

"No Selina, your calculator wasn't safe :("

Flag: KCTF{WaS_mY_cAlCuLaToR_sAfE}