Below is the hint that was given with challenge description
`HINT - Try looking past the typical vulnerabilities. Think about possible programming mistakes.`
I was not going to post a write up for this but when I randomly saw other write up for this challenge. I realised that I solved this chall totally different way.
When I read the hint `Access Control` was the bug that I immediately thought of. So I went to challenge website and tried to guess what will be the resource path where user will be redirected to when logged in.
And guess what last one gave me the flag. I dont know if this was really intended bug but till now I was thinking that this is how it was supposed to be solved haha.