Rank #4 Level 7

unique bugs discovered
236 hours, 52 minutes and 57 seconds active hacking time

reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
PrivEsc to root user on firstblood through deserialisation aided by unintended disclosure of composer installation FirstBlood v2 CRITICAL Deserialization
Stored XSS through DOB FirstBlood v2 Low Stored XSS
XSS through hidden `goto` parameter on `/login.php` FirstBlood v2 High Reflective XSS
Application logic error on /drpanel/ leads to ATO of doctors who have never signed in FirstBlood v2 High Application/Business Logic