This one was really easy:
Alls we have to do is set admin=1 for the win. Let’s try:
Well that didn’t work. What’s up with this experimenter thing anyway? I wonder what would happen if we used the PHPSESSID from that and made the same request?
Oh…that’s what happens.