ibruteforce


Rank #24 Level 4



83
unique bugs discovered

84
reports accepted
98 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Leak arbitrary users appointment details Manage/delete them FirstBlood v1 High Insecure direct object reference
Cancel arbitrary reports through 'aptid' parameter FirstBlood v1 High Insecure direct object reference
IDOR - Restricted doctor can view all the details of the patient such as contact details etc. FirstBlood v1 CRITICAL Application/Business Logic
IDOR - Restricted user can view the details of hospital user. FirstBlood v1 CRITICAL Authorisation Issue
Potentially takeover other doctors account? FirstBlood v1 High Authorisation Issue