I think it's more a joke from the fake 'anonymous' hacker in context to the tech-news. After some testing I think the solution could be within this so called 'pass-through' attack which is described in the tech-news.
There is an 'admin' account, with whom I think you can access the /administration site. For now I think the solution could be with modifying cookies, maybe the session cookie (after you create an account and log in) to get access to the admin account
I think the exploit would have something to do with the PNG
profile picture upload feature,
I've figured out how to upload my own files but not sure what I can do with this.