Rank #51 Level 4

unique bugs discovered
282 hours, 45 minutes and 15 seconds active hacking time

reports accepted
95 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
The patient email can be changed even though the application UI mentioned that this is not allowed. FirstBlood v1 High Application/Business Logic
Newly created Doctor account was able to search for patient info via the query api FirstBlood v1 CRITICAL Application/Business Logic
Account takeover of a doctor account is possible due to flawed logic in the registration process FirstBlood v1 High Auth issues
[Two Tales of Info leak] Site setting can be accessed and leaked a "x-site-req" header. This header can be used to get HackerBack event attendees info. FirstBlood v1 CRITICAL Information leak/disclosure