Challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic unless clearly specified in the challenge information below.
This challenge is recreated around a real bug I found on a bug bounty program. The challenge url will take a parameter named
?url= and will iframe the results. There is filtering in place to only allow you to iframe
Your goal: Try bypass the filter and read the admins password from
https://www.bugbountytraining.com/interactive/admin.php using the challenge URL.
Note: If you find a way to view admin.php directly and view the password then this is not eligible. The idea behind the challenge is trying to find a bypass to the filter in place when displaying content via the challenge URL.
The answer to this challenge hasn't been revealed yet! Check back on 2019-10-17 for the answer.