This was IPFilters's source code:
```php

```
Apparently, there don't seem to be any specific bypasses to perform. However, by analyzing each PHP function used in the program one by one, I discovered that `inet_pton` is vulnerable because it also accepts IPv4 addresses containing zeros in the last subset. For example: `xxx.xxx.x.00x`. \
In this way, I can fit the backend's IP address within the subnet range by passing it the same IP printed by the debug, with trailing zeros. \
For instance, `192.168.1.2` => `192.168.1.002`.

Original writeup (https://github.com/AlBovo/CTF-Writeups/tree/main/nullcon%20CTF%202023).