amec0e


Rank #71 Level 3



56
unique bugs discovered

42
reports accepted
93 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
[COLLAB] Reflected XSS via login endpoint FirstBlood v2 Medium Reflective XSS
[COLLAB] Can register as a doctor and steal token upon login. FirstBlood v2 High Reflective XSS
[COLLAB] DOM XSS on register patch bypass FirstBlood v2 Medium Reflective XSS
[COLLAB] Stored XSS on Cancel appointment which leads to ATO FirstBlood v2 High Stored XSS
[COLLAB] Phar deserialization to RCE via upload vaccination proof FirstBlood v2 CRITICAL Deserialization
[COLLAB] Password change endpoint leads to ATO of drAdmin account. FirstBlood v2 CRITICAL Authorisation Issue
[COLLAB] Enumerate users via vaccination manager login FirstBlood v2 CRITICAL SQL Injection
[COLLAB] Exposed api allows viewing of all vaccination proof leaking user emails FirstBlood v2 CRITICAL Info leak
[COLLAB] Stored/Blind XSS / DOS via vaccination portal FirstBlood v2 High Stored XSS
[COLLAB] Able to modify email post booking an appointment FirstBlood v2 Medium Application/Business Logic