buraaq


Rank #186 Level 2



38
unique bugs discovered
46 hours, 28 minutes and 24 seconds active hacking time

40
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
XSS bypass on cancel report FirstBlood v2 High Stored XSS
Admin account takeover by password reset FirstBlood v2 CRITICAL Application/Business Logic
All vaccination proof records leaked FirstBlood v2 CRITICAL Information leak/disclosure
Vaccine Login is vulnerable to SQLi FirstBlood v2 CRITICAL SQL Injection
[BYPASS] Open URL Redirect on /drpanel/logout.php FirstBlood v2 Low Open Redirect
[BYPASS] Newly registered Doctor can access to PII data FirstBlood v2 Medium Application/Business Logic
[Collab] Unauthorized Access to Patients' PII at /api/ambulances.php FirstBlood v3 High Information leak/disclosure