Can you bypass the filter and read the admins password?

Challenge Information

This challenge is recreated around a real bug I found on a bug bounty program. The challenge url will take a parameter named ?url= and will iframe the results. There is filtering in place to only allow you to iframe

Your goal: Try bypass the filter and read the admins password from using the challenge URL.

Note: If you find a way to view admin.php directly and view the password then this is not eligible. The idea behind the challenge is trying to find a bypass to the filter in place when displaying content via the challenge URL.

Challenge Solutions

The answer to this challenge hasn't been revealed yet! Check back on 2019-10-17 for the answer.