shivam18u

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Report Title	Event ID	Severity	Vulnerability Type
Reflective XSS on login.php	FirstBlood v2	Medium	`Reflective XSS`
Reflective xss on register.php with user interaction	FirstBlood v2	Medium	`Reflective XSS`
Able to register account using invite code "test"	FirstBlood v2	Medium	`Auth issues`
Able to change password of any account (admin account access)	FirstBlood v2	CRITICAL	`Application/Business Logic`
Able to change the email id in any appointment	FirstBlood v2	Medium	`Application/Business Logic`
Stored XSS on /drpanel/cancelled.php can lead to admin account takeover	FirstBlood v2	High	`Stored XSS`
[COLLAB] RCE using insecure deserialization	FirstBlood v2	CRITICAL	`Deserialization`
Vaccination proof leak	FirstBlood v2	CRITICAL	`Information leak/disclosure`
Stored XSS on vaccination-manager/portal.php	FirstBlood v2	High	`Stored XSS`
Root access on the web server	FirstBlood v2	CRITICAL	`RCE`
SQLi on /vaccination-manager/login.php	FirstBlood v2	CRITICAL	`SQL Injection`
Patient data can be accessed by Non Admin doctors	FirstBlood v2	Medium	`Application/Business Logic`

BugBountyHunter