A vulnerable PHP application. This application is vulnerable to RCE in the includes() function with php filters.
Refer to https://www.youtube.com/watch?v=TnLELBtmZ24 for exploiting
You can use https://github.com/synacktiv/php_filter_chain_generator to write the exploit for this server.