This write-up is about how I found that one line of JavaScript code was leading to an account takeover. The target has its own bug bounty…