Hack my server challenge

The above Hyperlambda editor allows you to type in Hyperlambda, and execute it by clicking the 'Execute' button. It is using [eval-whitelist], with a handful of legal Active Events listed below, displaying the results of your execution afterwards. Below is the complete list of what vocabulary you are legally allowed to execute.

  • [set]
  • [add]
  • [src]
  • [return]
  • [hypereval.snippets.load]
  • [hypereval.snippets.search]

Its intention is to illustrate first of all that [eval] is not evil if used correctly, and that with Hyperlambda you can securely implement really cool things, such as 'lambda web services', where the client supplies the Hyperlambda to be executed, without compromising security. Its second intention is to illustrate that Hyperlambda is a secure programming language, and such combat vicious rumours about it, surfacing around on different forums on the internet.

I hereby therefor invite you to try to break into Phosphorus Five. If Phosphorus Five is as insecure as some developers are claiming, this should be easy. After all, I have given you permission to execute Hyperlambda on my server, and I have opened up my server for allowing anonymous access to execute [eval] on my server, for any random visitor. In addition I've opened up to query into my MySQL database, through querying the snippets database. Below is an example snippet you can legally execute, and see the results of.

hypereval.snippets.search:%widget%
hypereval.snippets.load:x:/-/0?name
return:x:/-

If you need AutoCompletion to see the Active Events, you can click CTRL+SPACE. You can create an HTTP POST request towards the same URL as this application, at which point the results of your execution will be returned as the HTTP response to you, illustrating how to create a 'lambda web service'.