iffu


Rank #9 Level 5



103
unique bugs discovered in
312 hours, 37 minutes and 33 seconds

129
reports accepted
96 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Leakage of P2 information of users who have taken appointment FirstBlood v1 High Insecure direct object reference
Stored XSS on /drpanel/drapi/query.php?aptid FirstBlood v1 High Stored XSS
Open Redirect /drpanel/logout.php FirstBlood v1 Low Open Redirect
P2 information disclosure of the users attending the events FirstBlood v1 CRITICAL Info leak
Found a way to register as non-admin user FirstBlood v1 High Authorisation Issue
Privilege Escalation on /drpanel/drapi/query.php and /drpanel/drapi/query.php FirstBlood v1 CRITICAL Application/Business Logic
Reflected XSS on /login.php using ref parameter FirstBlood v1 Medium Reflective XSS
Reflected XSS on /login.php using the GET paramter 'goto' FirstBlood v1 Medium Reflective XSS
Open Redirect on /login.php via goto body parameter FirstBlood v1 Low Reflective XSS