for those who are VERY curious about the second payload..

I'm working on a separate write-up for that payload because the cat got it :D

I got the idea of a possible account takeover mostly because the endpoint was vulnerable to external DNS interactions as well (which also got closed as p5), so I guess it was a combination of both those