0xblackbird


Rank #15 Level 4



83
unique bugs discovered in
136 hours, 49 minutes and 33 seconds

90
reports accepted
97 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
[COLLAB] 1 Click XSS can lead to Admin Account Takeover FirstBlood v1 CRITICAL Stored XSS
It is possible to view patient's data as a new doctor FirstBlood v1 CRITICAL Application/Business Logic
Open redirect on /drpanel/logout.php FirstBlood v1 Low Open Redirect
Leaked invite ID allows anyone to register for an account. FirstBlood v1 High Authorisation Issue
Creating a new user with same username overrides old password which can lead to account takeover FirstBlood v1 High Authorisation Issue
Reflected xss on login.php FirstBlood v1 Medium Reflective XSS
Reflected XSS on register.php FirstBlood v1 Medium Reflective XSS
Reflected xss on register.php FirstBlood v1 Medium Reflective XSS
Unauthenticated access to PII data on /drpanel/drapi/qp.php FirstBlood v1 CRITICAL Authorisation Issue
Hackerback event attendees information disclosed through /attendees/event.php FirstBlood v1 CRITICAL Info leak
Adding cookie to the request allows us to modify way more data then allowed FirstBlood v1 High Application/Business Logic
New doctors are able to view patient's private data through /drpanel/drapi/qp.php FirstBlood v1 CRITICAL Application/Business Logic
GUUID is replaceable by an 8 digit number which makes it vulnerable to IDOR FirstBlood v1 High Insecure direct object reference
Stored XSS on /drpanel/drapi/query.php FirstBlood v1 High Stored XSS
Reflected xss on login.php leads to account takeover FirstBlood v1 Medium Reflective XSS
Stored XSS on yourappointments.php can lead to account takeover FirstBlood v1 High Stored XSS
Reflected XSS on /login.php via goto parameter leads to account takeover FirstBlood v2 Medium Reflective XSS
Endpoint allows unauthorized users to update other user's passwords FirstBlood v2 CRITICAL Auth issues
Default credentials allow any unauthorized user to get access to a doctor account FirstBlood v2 Medium Authorisation Issue
DOM-based XSS on /login.php via the goto parameter FirstBlood v2 Medium Reflective XSS
Open redirect on /login.php via the goto parameter FirstBlood v2 Medium Reflective XSS
Reflected XSS on /register.php via the ref parameter FirstBlood v2 Medium Reflective XSS
Stored XSS on /drpanel/index.php by cancelling an appointment FirstBlood v2 High Stored XSS
Stored XSS on /manageappointment.php can lead to account takeover FirstBlood v2 High Stored XSS
Appointment data can still be modified when upon adding a cookie FirstBlood v2 Medium Application/Business Logic
New doctors can easily get access to patients private data FirstBlood v2 Medium Application/Business Logic
Remote Code Execution via insecure deserialization on /api/checkproof.php FirstBlood v2 CRITICAL Deserialization
Open redirect on logout.php FirstBlood v2 Low Open Redirect
Endpoint discloses information about all vaccination proof records FirstBlood v2 CRITICAL Info leak