Three vulnerabilities, one target. From injecting malicious configs into Swagger UI to hijacking an abandoned subdomain and bypassing API auth with a single header — here's how I found them and why they matter.