After finding and analysing the source code we found a GQL injection. Unfortunately there is a system in place that will ban you for too many requests. So we use a modified binary search algorithm to finish in time.
There are a lot of charlatans out their overhyping by posting misleading content. It's infuriating because a lot of the actual research is less flashy and thus more hidden. Maybe I'm a bit too pessimistic in this video, but I think it's a concrete example we can use talk about it.