newrouge


Rank #51 Level 3



55
unique bugs discovered in
174 hours, 36 minutes and 1 seconds

53
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Admin Panel Exposure by old credentials FirstBlood v2 Informative Authorisation Issue
Modifying more information than intended on /manageappointment.php FirstBlood v2 Medium Application/Business Logic
Anyone can register as a doctor due to weak Invite key FirstBlood v2 Medium Authorisation Issue
Reflective xss vis 'goto=' parmater on login.php FirstBlood v2 Medium Reflective XSS
Enumerating files/directories and tools/binaries installed on FirstBlood server FirstBlood v2 Low Info leak
Admin account takeover FirstBlood v2 CRITICAL Authorisation Issue
Important files leaking on firstblood FirstBlood v2 High Info leak
Insecure Deserialization leading to RCE [COLLAB]- mrrootsec FirstBlood v2 CRITICAL Deserialization
Stored xss by meesage field on MANAGE APPOINTMENT FirstBlood v2 High Stored XSS
0 click admin account takeover via stored xss on admin dashboard through cancel appointment. FirstBlood v2 High Stored XSS
Reflected xss bypass on register.php with ref paramter FirstBlood v2 Medium Reflective XSS
sql injection on /vaccination-manager/login.php FirstBlood v2 CRITICAL SQL Injection
XSS on /vaccination-manager/portal.php through User-agent pollution FirstBlood v2 High Stored XSS
User's vaacination data leak and with other info without needing to log into vaccine-manger portal FirstBlood v2 CRITICAL Info leak
Open redirect by logout.php FirstBlood v2 Low Open Redirect
New doctor can query patients information by API endpoint. FirstBlood v2 Medium Application/Business Logic
No session invalidation after logout on vaccine-portal FirstBlood v2 Low Application/Business Logic
FirstBlood server Rooted! FirstBlood v2 CRITICAL RCE
Reflective xss on login.php by goto paramter FirstBlood v2 Medium Reflective XSS
It is possible to login as TestDoctor with <BLANK> cookie. FirstBlood v2 High Application/Business Logic