Usama Varikkottil
Usama Varikkottil

Usama Varikkottil

Blog Author Picture

Usama Varikkottil

8 followers

Security Analyst, Bug bounty hunter, full-stack web developer

Pinned article

Two account takeover bugs worth $4300 🎁

Aug 29, 202111 min read 6.3K views

Making some weird API requests resulted in full user account takeovers, which paid me the highest reward of two bug bounty programs. Account takeovers are critical security vulnerabilities. Sometimes making some weird API requests could lead to some ...

Two account takeover bugs worth $4300 🎁
How to fix XSS vulnerabilities in Node.js and expressJS
How to exploit a basic SSRF vulnerability?
How I got $400 for my first SSRF bug?