Rank #23 Level 4

unique bugs discovered in
276 hours, 27 minutes and 39 seconds

reports accepted
94 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
The patient email can be changed even though the application UI mentioned that this is not allowed. FirstBlood v1 High Application/Business Logic
Newly created Doctor account was able to search for patient info via the query api FirstBlood v1 CRITICAL Application/Business Logic
Account takeover of a doctor account is possible due to flawed logic in the registration process FirstBlood v1 High Authorisation Issue
[Two Tales of Info leak] Site setting can be accessed and leaked a "x-site-req" header. This header can be used to get HackerBack event attendees info. FirstBlood v1 CRITICAL Info leak