API Misconfiguration Leads to PrevEsc
1- Admin invite user
2- User login
3- In user login request there's parameter called role:"user"
4- Use match & replace to changed it to role:"admin"
5- Login with user, it's logout me directly
6- But i see all informtion with burp via api endpoints