vishal

Rank #198 — Level 2

42
unique bugs discovered
149 hours, 52 minutes and 46 seconds active hacking time

40
reports accepted
93 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Report Title	Event ID	Severity	Vulnerability Type
parameter "ref" at endpoint /register.php is vulnerable to reflected XSS.	FirstBlood v2	Medium	`Reflective XSS`
Anyone can register as doctor by giving invite code "test"	FirstBlood v2	Medium	`Auth issues`
goto paramerter at /login.php vulnerable to reflective xss.	FirstBlood v2	Medium	`Reflective XSS`
drAdmin ATO by using doctor account.	FirstBlood v2	CRITICAL	`Auth issues`
stored xss in message left at the time of cancelation of appointment.	FirstBlood v2	High	`Stored XSS`
vaccination-management login panel can be bypassed using sql injection in password paramerter for username=admin.	FirstBlood v2	CRITICAL	`SQL Injection`
Stored can be gained by giving payload in User-Agent Request header . It's fired on /vaccination-manager/portal.php.	FirstBlood v2	High	`Stored XSS`
Open Url Redirect found at /drpanel/logout.php?ref=	FirstBlood v2	Low	`Open Redirect`
User can upload infinite times vaccination certificate with same email leads to app/business Logic failure.	FirstBlood v2	Informative
Session Doesn't not expire at /drpanel/index.php and /vaccination-manager/portal.php.	FirstBlood v2	Low	`Application/Business Logic`
multiple server config files are accessable publicly.	FirstBlood v2	High	`Information leak/disclosure`
Rce can be obtained by uploading malicious .phar file at image field on /vaccination-manager/pub/upload-vaccination-proof.php because of vulnerable version of monolog.	FirstBlood v2	CRITICAL	`Deserialization`
Administrator endpoints can be accessed by non privileged doctor accounts which reveals sensitive patient information.	FirstBlood v2	Medium	`Application/Business Logic`
Original account registered with invite code get deleted after registering another account with invite code	FirstBlood v2	Medium	`Auth issues`
Deleted doctor account can be used to access private user information of paient	FirstBlood v2	Medium	`Application/Business Logic`
patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php	FirstBlood v2	CRITICAL	`Information leak/disclosure`
The endpoint MA.php (to modify an appointment) only allows for certain values to be modified, however due to some application logic error, if the user has tried to signup as a doctor and has the cookie "doctorAuthed" set, then it allows them to modify the email address for any appointment.	FirstBlood v2	Medium	`Application/Business Logic`
DOM xss found on management portal	FirstBlood v2	High	`Stored XSS`