c3phas


Rank #22 Level 5



100
unique bugs discovered

114
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Information Disclosure allowing an attacker to register as a doctor FirstBlood v1 High Authorisation Issue
Application Logic allowing access to unauthorised information belonging to patients FirstBlood v1 CRITICAL Application/Business Logic
Application Logic Issue allowing a doctor who is not authorised to view patients information on the dashboard FirstBlood v1 CRITICAL Application/Business Logic
Un-Authorized users can access "/drpanel/drapi/qp.php" endpoint and access users personal information FirstBlood v2 Medium Application/Business Logic
A chain of two open redirects to leak some users token FirstBlood v2 High Reflective XSS
Insecure Deserialization leading to Remote Code Execution FirstBlood v2 CRITICAL Deserialization