shivam18u


Rank #34 Level 3



68
unique bugs discovered in
114 hours, 24 minutes and 3 seconds

68
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Reflective XSS on login.php FirstBlood v2 Medium Reflective XSS
Reflective xss on register.php with user interaction FirstBlood v2 Medium Reflective XSS
Able to register account using invite code "test" FirstBlood v2 Medium Authorisation Issue
Able to change password of any account (admin account access) FirstBlood v2 CRITICAL Auth issues
Able to change the email id in any appointment FirstBlood v2 Medium Application/Business Logic
Stored XSS on /drpanel/cancelled.php can lead to admin account takeover FirstBlood v2 High Stored XSS
[COLLAB] RCE using insecure deserialization FirstBlood v2 CRITICAL Deserialization
Vaccination proof leak FirstBlood v2 CRITICAL Info leak
Stored XSS on vaccination-manager/portal.php FirstBlood v2 High Stored XSS
Root access on the web server FirstBlood v2 CRITICAL RCE
SQLi on /vaccination-manager/login.php FirstBlood v2 CRITICAL SQL Injection
Patient data can be accessed by Non Admin doctors FirstBlood v2 Medium Application/Business Logic