th4nu0x0


Rank #96 Level 2



30
unique bugs discovered in
66 hours, 13 minutes and 4 seconds

28
reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Viewing/Cancelling anyone's appointment FirstBlood v1 High Insecure direct object reference
[IDOR] Modifying anyone's Appointment information FirstBlood v1 High Application/Business Logic
Creating Admin account using a leaked token on r/BugBountyHunter and using restricted API calls . FirstBlood v1 High Auth issues
Event is leaking attendees Personal information. FirstBlood v1 CRITICAL Info leak
Open Redirect on /drpanel/logout.php?ref= FirstBlood v2 Low Open Redirect
Modifying information on Appointment Form which are not allowed to be modified. FirstBlood v2 Medium Application/Business Logic
Reflective XSS on /login.php?goto= FirstBlood v2 Medium Reflective XSS
Registering as Doctor by using `Test` as invite code FirstBlood v2 Medium Authorisation Issue
Changing Anyone's Password Including drAdmin (As a Non-authenticated user) FirstBlood v2 CRITICAL Auth issues
Stored XSS on Cancel Appointment Message. FirstBlood v2 High Stored XSS
Newly Registered Doctor's can query for patient inforamtion FirstBlood v2 Medium Application/Business Logic