It was discussed quite a bit on this forum near the end of last month. The path to exploit was through the restapps module.