Tags: php-wrappers sqlinjection lfi 

Rating: 5.0

Full writeup: https://github.com/p4-team/ctf/tree/master/2017-08-25-hackit/web100

tl;dr: Blind SQLi to read database, php wrappers to dump php source code, SQLi + LFI to load php shell