Credit to @buypassi for discovering the exploit!