kinako


Rank #12 Level 4



90
unique bugs discovered in
183 hours, 23 minutes and 56 seconds

92
reports accepted
98 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Referer header reflection leads to Reflective XSS FirstBlood v2 Medium Reflective XSS
register.php is still vulenerable to Reflective XSS FirstBlood v2 Medium Reflective XSS
logout.php is still vulnearble to Open Redirect FirstBlood v2 Low Open Redirect
email value in Modify Appointment Form is still changable FirstBlood v2 Medium Application/Business Logic
goto parameter is still vulnerable to Reflective XSS FirstBlood v2 Medium Reflective XSS
normal doctor can update other users' password FirstBlood v2 CRITICAL Authorisation Issue
Cancelled Appintments is still vulnerable to Stored XSS FirstBlood v2 High Stored XSS
non-admin doctor account can use qp.php API FirstBlood v2 Medium Application/Business Logic
Modify Appointment Form is vulnerable to Stored XSS FirstBlood v2 High Stored XSS
[COLLAB]Vaccination Management portal is vulnerable to Stored XSS FirstBlood v2 High Stored XSS