Rank #215 Level 2

unique bugs discovered
49 hours, 0 minutes and 30 seconds active hacking time

reports accepted
100 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Viewing/Cancelling anyone's appointment FirstBlood v1 High Insecure direct object reference
[IDOR] Modifying anyone's Appointment information FirstBlood v1 High Application/Business Logic
Creating Admin account using a leaked token on r/BugBountyHunter and using restricted API calls . FirstBlood v1 High Auth issues
Event is leaking attendees Personal information. FirstBlood v1 CRITICAL Information leak/disclosure
Open Redirect on /drpanel/logout.php?ref= FirstBlood v2 Low Open Redirect
Modifying information on Appointment Form which are not allowed to be modified. FirstBlood v2 Medium Application/Business Logic
Reflective XSS on /login.php?goto= FirstBlood v2 Medium Reflective XSS
Registering as Doctor by using `Test` as invite code FirstBlood v2 Medium Auth issues
Changing Anyone's Password Including drAdmin (As a Non-authenticated user) FirstBlood v2 CRITICAL Application/Business Logic
Stored XSS on Cancel Appointment Message. FirstBlood v2 High Stored XSS
Newly Registered Doctor's can query for patient inforamtion FirstBlood v2 Medium Application/Business Logic