When someone tries to bash a cleanly designed RESTful interface as being "too complicated", you know it's a sad state of affairs. If this can lead to even one person reading chapter 5 of Fielding's dissertation, maybe some good can come of it after all...
If you feel like making an exploit public, go right ahead. Just make sure you send your patch along with it.
What? No patch? It's a java servlet app, not an ELF binary. Unzip the.war, decompile the classes with jad, and fix the damn thing yourself.
I've lost patience with the attention whoring from wannabe security researchers.