shivam18u


Rank #108 Level 3



68
unique bugs discovered
78 hours, 3 minutes and 34 seconds active hacking time

68
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Reflective XSS on login.php FirstBlood v2 Medium Reflective XSS
Reflective xss on register.php with user interaction FirstBlood v2 Medium Reflective XSS
Able to register account using invite code "test" FirstBlood v2 Medium Auth issues
Able to change password of any account (admin account access) FirstBlood v2 CRITICAL Application/Business Logic
Able to change the email id in any appointment FirstBlood v2 Medium Application/Business Logic
Stored XSS on /drpanel/cancelled.php can lead to admin account takeover FirstBlood v2 High Stored XSS
[COLLAB] RCE using insecure deserialization FirstBlood v2 CRITICAL Deserialization
Vaccination proof leak FirstBlood v2 CRITICAL Information leak/disclosure
Stored XSS on vaccination-manager/portal.php FirstBlood v2 High Stored XSS
Root access on the web server FirstBlood v2 CRITICAL RCE
SQLi on /vaccination-manager/login.php FirstBlood v2 CRITICAL SQL Injection
Patient data can be accessed by Non Admin doctors FirstBlood v2 Medium Application/Business Logic