Debugger to obtain the flag required your IP to be 127.0.0.0, which is not directly modifiable due to the fact that it used `$_SERVER['REMOTE_ADDR']`, using the following PHP code:
```php

```
The vulnerability at this point lies in the PHP `extract()` function, which [imports variables](https://www.php.net/manual/en/function.extract.php) from an array into the current symbol table. My exploit, more precisely, involved overwriting the `$is_admin` variable with 1 by using the following payload in the GET request URL `/?action=debug&filters[is_admin]=1`. \
This way, I managed to obtain the flag.

Original writeup (https://github.com/AlBovo/CTF-Writeups/tree/main/nullcon%20CTF%202023).