Exploiting Unprotected Functionality to Access User Profiles
How searching for legacy applications and leveraging URL history archives led to unauthorized access and modification of sensitive user profiles, earning a $500 bounty.
Samidu Nimsara // nmsr
Role: Application Security Researcher & Bug Bounty Hunter
Origin: Sri Lanka
Handle: hackerone.com/nmsr
Focus: Application Security · Offensive Security · Threat Intelligence · Pentesting
// @nmsr on HackerOne · @samidunimsara on GitHub
Security Researcher from Sri Lanka.
Web application penetration testing, OWASP Top 10, API security flaws
Vulnerability assessment, exploit development, defensive remediation
Bug Bounty Hunter, vulnerability disclosure , exploit analysis
OSINT (Open Source Intelligence), attack surface mapping, digital footprints . recon
How searching for legacy applications and leveraging URL history archives led to unauthorized access and modification of sensitive user profiles, earning a $500 bounty.
Analyzing JWT verification flaws and signature validation vulnerabilities to elevate privileges from guest to administrator.
My workflow for harvesting hidden endpoints and API credentials from minified Webpack chunks using custom regex pipelines.