d20s84


Rank #54 Level 3



53
unique bugs discovered in
105 hours, 16 minutes and 39 seconds

55
reports accepted
89 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Open Url redirection FirstBlood v1 Low Open Redirect
Stored Cross site scripting FirstBlood v1 CRITICAL Stored XSS
Info leak that leads to non admin login FirstBlood v1 High Authorisation Issue
Patient's information can be obtained from a non admin account FirstBlood v1 CRITICAL Application/Business Logic
Email id can be modified for a patient FirstBlood v1 High Application/Business Logic
Stored XSS found on /manageappointment.php?success&aptid={id} FirstBlood v2 High Stored XSS
Reflective XSS at /login.php FirstBlood v2 Medium Reflective XSS
[unpatched]Reflective XSS on /login.php?action=login&ref={payload} FirstBlood v2 Medium Reflective XSS
Test Credentials are still working FirstBlood v2 Medium Authorisation Issue
[Unpatched] Patient's information can be changed that is not allowed to change by the webapp FirstBlood v2 Medium Application/Business Logic
Admin password can be changed and retained by anyone FirstBlood v2 CRITICAL Auth issues
[Unpatched] Stored XSS still working on admin's cancelled report panel FirstBlood v2 High Stored XSS