[kwlug-disc] Nice example of remote execution

[Mikalai Birukou]

Clean show of actual code that has remote execution vulnerability in it. 
Very instructive:

https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/

1) Yes, it is PHP.

2) Yes, RegExp-based is attempted on input. Dev's tried, but RegExp is 
more complex than my group theory class was.

3) Yes, execution of a string, concatenated with input.

4) Yes, even sudo is there. Elevatable privileges?