It seems that the developper often leaves backup files around...
Developers often seems to put the backup file ...
Direct download site backups:
index.php.bak
Source of this section:
Conditions are met can print out the red part of the hidden password ---------- payload :( here filtered "" can be removed)
http://challenge01.root-me.org/web-serveur/ch17/?_SESSION[logged]=1
Backup Source: