Tags: web 

Rating: 5.0

# Back end code

- code

", "", $notetoadd);
$notetoadd = str_replace("
# Solution

notice that input is filtered 3 times, now to escape that filter we need to nest filtered commands, like so:

<<< cacacacatttt
flag --> flaflaflaflagggg

as you can see i nested the commands four times so that after all the filtering is done we're left with the original command we intended

and the final payload:



Original writeup (https://earthy-saguaro-61f.notion.site/PHat-Pottomed-Girls-3b5423df204a455ab63f75fd27543a0d).