How I found a Stored XSS to Admin Takeover in Anchorr using Claude Code