vishal


Rank #87 Level 2


33
unique bugs discovered

34
reports accepted

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
parameter "ref" at endpoint /register.php is vulnerable to reflected XSS. FirstBlood v2 Medium Reflective XSS
Anyone can register as doctor by giving invite code "test" FirstBlood v2 Medium Authorisation Issue
goto paramerter at /login.php vulnerable to reflective xss. FirstBlood v2 Medium Reflective XSS
drAdmin ATO by using doctor account. FirstBlood v2 CRITICAL Auth issues
stored xss in message left at the time of cancelation of appointment. FirstBlood v2 High Stored XSS
vaccination-management login panel can be bypassed using sql injection in password paramerter for username=admin. FirstBlood v2 CRITICAL SQL Injection
Stored can be gained by giving payload in User-Agent Request header . It's fired on /vaccination-manager/portal.php. FirstBlood v2 High Stored XSS
Open Url Redirect found at /drpanel/logout.php?ref= FirstBlood v2 Low Open Redirect
User can upload infinite times vaccination certificate with same email leads to app/business Logic failure. FirstBlood v2 Informative Application/Business Logic
Session Doesn't not expire at /drpanel/index.php and /vaccination-manager/portal.php. FirstBlood v2 Low Application/Business Logic
multiple server config files are accessable publicly. FirstBlood v2 High Info leak
Rce can be obtained by uploading malicious .phar file at image field on /vaccination-manager/pub/upload-vaccination-proof.php because of vulnerable version of monolog. FirstBlood v2 CRITICAL Deserialization
Administrator endpoints can be accessed by non privileged doctor accounts which reveals sensitive patient information. FirstBlood v2 Medium Application/Business Logic
Original account registered with invite code get deleted after registering another account with invite code FirstBlood v2 Medium Authorisation Issue
Deleted doctor account can be used to access private user information of paient FirstBlood v2 Medium Application/Business Logic
patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php FirstBlood v2 CRITICAL Info leak
The endpoint MA.php (to modify an appointment) only allows for certain values to be modified, however due to some application logic error, if the user has tried to signup as a doctor and has the cookie "doctorAuthed" set, then it allows them to modify the email address for any appointment. FirstBlood v2 Medium Application/Business Logic
DOM xss found on management portal FirstBlood v2 High Stored XSS