neolex

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Report Title	Event ID	Severity	Vulnerability Type
File Enumeration inside /api/checkproof.php?proof=file:///etc/passwd	FirstBlood v2	Low	`Information leak/disclosure`
Easily guessed invited code on doctor register	FirstBlood v2	Medium	`Auth issues`
DOM Based XSS via redirection to javascript uri	FirstBlood v2	Medium	`Reflective XSS`
open redirect inside drpanel/logout.php endpoint	FirstBlood v2	Low	`Open Redirect`
Reflected XSS inside ref parameter on /register.php	FirstBlood v2	Medium	`Reflective XSS`
Stored XSS when cancelling an appointement triggered in doctor panel	FirstBlood v2	High	`Stored XSS`
Account takeover by overwriting user's password	FirstBlood v2	Medium	`Auth issues`
Remote Command Execution via deserialization by uploading phar file	FirstBlood v2	CRITICAL	`Deserialization`
Dangerous /drpanel/drapi/editpassword.php endpoint leading to 0 click account takeover	FirstBlood v2	CRITICAL	`Application/Business Logic`
Posibility to modify email of any appointment via /api/ma.php endpoint if attacker know the appointment id	FirstBlood v2	Medium	`Application/Business Logic`

BugBountyHunter