Tags: php-shell htaccess
Rating: 5.0
tl;dr:
1. Upload .htaccess to enable php execution in html
2. Upload shell
3. Use proc-open to run shell command and recover the flag
Full writeup here: https://github.com/p4-team/ctf/tree/master/2017-12-09-seccon-quals/web_automatic
