0xsaltyhash


Rank #104 Level 2



48
unique bugs discovered

47
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Open redirect on logout FirstBlood v1 Low Open Redirect
Doctor Invitation Code doesn't expire after first uage FirstBlood v1 High Authorisation Issue
New Doctors can use the api to get patients data FirstBlood v1 CRITICAL Application/Business Logic
Event attendees leaked FirstBlood v1 CRITICAL Info leak
Bypass the invitation code and register your self as a doctor FirstBlood v2 Medium Authorisation Issue
Full Account takeover (even for admins) FirstBlood v2 CRITICAL Authorisation Issue
newly created dr accounts can access patient PII via search api FirstBlood v2 Medium Application/Business Logic