jpdev


Rank #46 Level 3



59
unique bugs discovered in
84 hours, 50 minutes and 58 seconds

61
reports accepted
97 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
IDOR on /api/qa.php FirstBlood v1 High Insecure direct object reference
/attendees/event.php authoriation bypass using X-SITE-REQ: permitted FirstBlood v1 CRITICAL Info leak
Invite Code Leaked on Reddit leading to broken Authorisation FirstBlood v1 High Authorisation Issue
Invite codes do not expire after use FirstBlood v1 High Authorisation Issue
IDOR on ma.php FirstBlood v1 High Insecure direct object reference
IDOR 2 on ma.php - confirms numerical id for bug chain to report 127 without the need for drpanel FirstBlood v1 High Insecure direct object reference
Docauth cookie used to amend email - Additionally chained with Rpt 127 and 129 - This is the full report. FirstBlood v1 High Insecure direct object reference
CWE-601 Open Redirect on GET /drpanel/logout.php via ref param FirstBlood v1 Low Open Redirect