0x1452


Rank #53 Level 3



68
unique bugs discovered

59
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Test user can query all patients FirstBlood v2 Medium Application/Business Logic
rXSS at /register.php FirstBlood v2 Medium Reflective XSS
Open Redirect on /logout.php FirstBlood v2 Low Open Redirect
rXSS on login.php leads to account takeover FirstBlood v2 Medium Reflective XSS
Account takeover via /drpanel/drapi/editpassword.php FirstBlood v2 CRITICAL Auth issues
POST-based rXSS on login.php FirstBlood v2 Medium Reflective XSS
Stored XSS on /manageappointment.php FirstBlood v2 High Stored XSS
Stored XSS on /cancelled.php FirstBlood v2 High Stored XSS
RCE via PHAR deserialization on /api/checkproof.php FirstBlood v2 CRITICAL Deserialization
Leaked proofs of vaccination on /vaccination-manager/api/vax-proof-list.php FirstBlood v2 CRITICAL Info leak
Stored XSS on /vaccination-manager/portal.php FirstBlood v2 High Stored XSS
Patients can still change their application email FirstBlood v2 Medium Application/Business Logic
Drpanel admin username enumeration FirstBlood v2 Low Application/Business Logic
SQL Injection on /vaccination-manager/login.php FirstBlood v2 CRITICAL SQL Injection
Server misconfigurations post-RCE FirstBlood v2 CRITICAL Deserialization