In this challenge, we had to combine an XXE and an insecure PHP deserialization to get an RCE.

Original writeup (https://blog.oppida.apave.com/en/Nos-articles/InsomniHack-2022-Pimp-my-variant).