kinako


Rank #19 Level 5



103
unique bugs discovered

107
reports accepted
99 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Referer header reflection leads to Reflective XSS FirstBlood v2 Medium Reflective XSS
register.php is still vulenerable to Reflective XSS FirstBlood v2 Medium Reflective XSS
logout.php is still vulnearble to Open Redirect FirstBlood v2 Low Open Redirect
email value in Modify Appointment Form is still changable FirstBlood v2 Medium Application/Business Logic
goto parameter is still vulnerable to Reflective XSS FirstBlood v2 Medium Reflective XSS
normal doctor can update other users' password FirstBlood v2 CRITICAL Authorisation Issue
Cancelled Appintments is still vulnerable to Stored XSS FirstBlood v2 High Stored XSS
non-admin doctor account can use qp.php API FirstBlood v2 Medium Application/Business Logic
Modify Appointment Form is vulnerable to Stored XSS FirstBlood v2 High Stored XSS
[COLLAB]Vaccination Management portal is vulnerable to Stored XSS FirstBlood v2 High Stored XSS