mrrootsec


Rank #123 Level 2



34
unique bugs discovered

32
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Reflected XSS at Register.php FirstBlood v2 Medium Reflective XSS
Reflected XSS at Login.php FirstBlood v2 Medium Reflective XSS
Environment Files Exposed Publicly FirstBlood v2 High Info leak
Applogic at Modifying Appointment Details FirstBlood v2 Medium Application/Business Logic
drAdmin account recoverable using editpassword.php FirstBlood v2 CRITICAL Auth issues
[COLLAB ] Session Invalidation at Vaccine Management Portal FirstBlood v2 Low Application/Business Logic
Stored XSS at /book-appointment.php FirstBlood v2 High Stored XSS
Stored XSS Leads to Admin Account Takeover FirstBlood v2 High Stored XSS
Open Redirect at Doctor Panel FirstBlood v2 Low Open Redirect
Broken Access Control Leads to Information Leak FirstBlood v2 Medium Application/Business Logic
Doctor Role can be obtained using leaked invite code FirstBlood v2 Medium Authorisation Issue
AppLogic when registering as a doctor using invite code FirstBlood v2 Medium Authorisation Issue
Reflected XSS at /login.php using goto patameter leads to Account Takeover FirstBlood v2 Medium Reflective XSS
[COLLAB]Vaccination Management portal is vulnerable to Stored XSS FirstBlood v2 High Stored XSS
[COLLAB]vaccination-manager Login page is vulnerable to SQL injection FirstBlood v2 CRITICAL SQL Injection
[COLLAB]PII leakage via vax-proof-list API FirstBlood v2 CRITICAL Info leak
[COLLAB]Upload Proof of Vaccination is vulnerable to RCE FirstBlood v2 CRITICAL Deserialization