Tags: web
Rating: 5.0
# Back end code
- code
```php
", "", $notetoadd);
$notetoadd = str_replace("
```
# Solution
notice that input is filtered 3 times, now to escape that filter we need to nest filtered commands, like so:
```php
<<< cacacacatttt
flag --> flaflaflaflagggg
```
as you can see i nested the commands four times so that after all the filtering is done we're left with the original command we intended
and the final payload:
```php
<<<>>>
```
`flag{wait_but_i_fixed_it_after_my_last_two_blunders_i_even_filtered_three_times_:(((}`
