Rank #131 Level 3

unique bugs discovered
207 hours, 30 minutes and 43 seconds active hacking time

reports accepted
93 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
[COLLAB] Reflected XSS via login endpoint FirstBlood v2 Medium Reflective XSS
[COLLAB] Can register as a doctor and steal token upon login. FirstBlood v2 High Reflective XSS
[COLLAB] DOM XSS on register patch bypass FirstBlood v2 Medium Reflective XSS
[COLLAB] Stored XSS on Cancel appointment which leads to ATO FirstBlood v2 High Stored XSS
[COLLAB] Phar deserialization to RCE via upload vaccination proof FirstBlood v2 CRITICAL Deserialization
[COLLAB] Password change endpoint leads to ATO of drAdmin account. FirstBlood v2 CRITICAL Application/Business Logic
[COLLAB] Enumerate users via vaccination manager login FirstBlood v2 CRITICAL SQL Injection
[COLLAB] Exposed api allows viewing of all vaccination proof leaking user emails FirstBlood v2 CRITICAL Information leak/disclosure
[COLLAB] Stored/Blind XSS / DOS via vaccination portal FirstBlood v2 High Stored XSS
[COLLAB] Able to modify email post booking an appointment FirstBlood v2 Medium Application/Business Logic