Dirbusting/fuzzing `?template=index.php`  Test the php code locally to figure out how to bypass the sanitization. turns out, it can be beaten by nesting `secretadsecadmin.phpretadmadmin.phpin.phpmin.php` this works because the code first removes all instances of `admin.php` so the above becomes `secretadsecretadmin.phpmin.php` And then, it removes all instances of `secretadmin.php` so the above becomes `secretadmin.php`  --- Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]] Tags: #ctf #php #filter_evasion #web Related: