Rank #157 Level 3

unique bugs discovered
82 hours, 20 minutes and 40 seconds active hacking time

reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Open redirect on logout FirstBlood v1 Low Open Redirect
Doctor Invitation Code doesn't expire after first uage FirstBlood v1 High Auth issues
New Doctors can use the api to get patients data FirstBlood v1 CRITICAL Application/Business Logic
Event attendees leaked FirstBlood v1 CRITICAL Information leak/disclosure
Bypass the invitation code and register your self as a doctor FirstBlood v2 Medium Auth issues
Full Account takeover (even for admins) FirstBlood v2 CRITICAL Application/Business Logic
newly created dr accounts can access patient PII via search api FirstBlood v2 Medium Application/Business Logic