Table of content TL;DR Spot the bug First exploit attempt: accessing Dashboard and identifying some obstacles Second exploit attempt: Found some endpoint to exploit, create a high-privilege admin account from a low-privilege admin account Final exploit attempt: Preauth bypass access control, create a new high-privilege admin account Bonus Timeline
