jpdev


Rank #121 Level 3



59
unique bugs discovered
67 hours, 39 minutes and 24 seconds active hacking time

61
reports accepted
97 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
IDOR on /api/qa.php FirstBlood v1 High Insecure direct object reference
/attendees/event.php authoriation bypass using X-SITE-REQ: permitted FirstBlood v1 CRITICAL Information leak/disclosure
Invite Code Leaked on Reddit leading to broken Authorisation FirstBlood v1 High Auth issues
Invite codes do not expire after use FirstBlood v1 High Auth issues
IDOR on ma.php FirstBlood v1 High Insecure direct object reference
IDOR 2 on ma.php - confirms numerical id for bug chain to report 127 without the need for drpanel FirstBlood v1 High Insecure direct object reference
Docauth cookie used to amend email - Additionally chained with Rpt 127 and 129 - This is the full report. FirstBlood v1 High Insecure direct object reference
CWE-601 Open Redirect on GET /drpanel/logout.php via ref param FirstBlood v1 Low Open Redirect