Ali Hussainzada

@koalasec

Joined September 2024

About

Senior Student of Computer Science | 21 y/o Web Application Pentester My HackerOne Profile: https://hackerone.com/amir_shah

Available for

sleeping and learning..

Ali Hussainzada's blogs

KoalaSEC's blogkoalasec.hashnode.dev10 posts

Articles Comments

Recently published

AHAli Hussainzadakoalasec.hashnode.devJun 15 · 3 min read

eWPTX Exam Review: My First Certification Experience

Hello folks, In this article, I will write about my very first cybersecurity certification and give you my review of it. I am not sure to what extent I can talk and write about it, but I will try my b

4

SH

AHAli Hussainzadakoalasec.hashnode.devJan 3 · 4 min read

Stored XSS leads to Zero-Click Account Takeover

Hey, yolo guys! Long time no chat! As we already know, bug bounty is a scam (just kidding 🙂). I recently started doing penetration testing for startups in my country. In this case, it was an online marketplace, where I discovered eight security vuln...

0

AHAli Hussainzadakoalasec.hashnode.devNov 2, 2025 · 4 min read

How a Second-Order IDOR Lets You Delete Other Users’ Posts, Profile Picture, and Cover Photo

Hey Geeks, It was a cool bug, so let’s skip the formalities and dive straight in. So, the target was a social media application, pretty standard stuff. Users could upload profile pictures, cover photos, and post images. For obvious confidentiality re...

1

H

AHAli Hussainzadakoalasec.hashnode.devAug 25, 2025 · 3 min read

From LaTeX Injection to RCE: A Real Bug Bounty Case

Hello Friends It’s been two months since I took a break from bug bounty hunting. During that time, I graduated from university 🎓, recharged, and now I’m officially back in the game. And guess what? Within just a few days of returning, I landed a cri...

2

DH

AHAli Hussainzadakoalasec.hashnode.devAug 19, 2025 · 6 min read

Hunting Vulnerabilities and Securing MizbanApp: Mass Assignment & IDOR

Intro, Yo, I hope you’re all doing well!I decided to write a new article once again. The journey of finding these vulnerabilities started when I came across a post about MizbanApp on LinkedIn — an application where you can discover restaurants, cafés...

3

5MN

Ali Hussainzada

About

Available for

Ali Hussainzada's blogs

Recently published

eWPTX Exam Review: My First Certification Experience

Stored XSS leads to Zero-Click Account Takeover

How a Second-Order IDOR Lets You Delete Other Users’ Posts, Profile Picture, and Cover Photo

From LaTeX Injection to RCE: A Real Bug Bounty Case

Hunting Vulnerabilities and Securing MizbanApp: Mass Assignment & IDOR

Search Hashnode

Ali Hussainzada

About

Available for

Ali Hussainzada's blogs

Recently published

eWPTX Exam Review: My First Certification Experience

Stored XSS leads to Zero-Click Account Takeover

How a Second-Order IDOR Lets You Delete Other Users’ Posts, Profile Picture, and Cover Photo

From LaTeX Injection to RCE: A Real Bug Bounty Case

Hunting Vulnerabilities and Securing MizbanApp: Mass Assignment & IDOR