vigilante has reached Level 4 with 75+ unique vulnerabilities discovered and they have proven to us that they understand web application vulnerabilities and how to discover them. If you run a bug bounty/vulnerability disclosure program and you are looking for an active, professional researcher, we recommend considering this user

vigilante

Rank #63 — Level 4

81
unique bugs discovered
216 hours, 3 minutes and 14 seconds active hacking time

77
reports accepted
99 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Report Title	Event ID	Severity	Vulnerability Type
Stored XSS + stealing cookies through XSS hunter	FirstBlood v1	High	`Stored XSS`
Unique invite code bypass	FirstBlood v2	Medium	`Auth issues`
It is possible to reset drAdmin's password	FirstBlood v2	CRITICAL	`Auth issues`
Reflected XSS on register.php leads to account takeover	FirstBlood v2	Medium	`Reflective XSS`
The parameter "goto" is vulnerable to XSS on login.php.	FirstBlood v2	Medium	`Reflective XSS`
Stored XSS in cancelled appointment message	FirstBlood v2	High	`Stored XSS`
New doctor account (limited access) can view patient information through an API call	FirstBlood v2	Medium	`Application/Business Logic`
It is possible to modify the email address of an appointment.	FirstBlood v2	Medium	`Application/Business Logic`
Reflected XSS on the login form in the goto parameter	FirstBlood v2	Medium	`Reflective XSS`
Open redirect vulnerability in the logout function	FirstBlood v2	Low	`Open Redirect`
The login form for Vaccination Manager is vulnerable to SQL injection	FirstBlood v2	CRITICAL	`SQL Injection`
List of vaccination disclosure	FirstBlood v2	CRITICAL	`Information leak/disclosure`
The User Agent parameter is vulnerable to XSS in the vaccination-manager portal.	FirstBlood v2	High	`Stored XSS`
phar out - PHP deseriliazation RCE + priv. escalation	FirstBlood v2	CRITICAL	`Deserialization`

BugBountyHunter