Rank #49 Level 4

unique bugs discovered
270 hours, 30 minutes and 36 seconds active hacking time

reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Information Disclosure allowing an attacker to register as a doctor FirstBlood v1 High Auth issues
Application Logic allowing access to unauthorised information belonging to patients FirstBlood v1 CRITICAL Application/Business Logic
Application Logic Issue allowing a doctor who is not authorised to view patients information on the dashboard FirstBlood v1 CRITICAL Application/Business Logic
Un-Authorized users can access "/drpanel/drapi/qp.php" endpoint and access users personal information FirstBlood v2 Medium Application/Business Logic
A chain of two open redirects to leak some users token FirstBlood v2 High Reflective XSS
Insecure Deserialization leading to Remote Code Execution FirstBlood v2 CRITICAL Deserialization