xnl-h4ck3r has reached Level 4 with 75+ unique vulnerabilities discovered and they have proven to us that they understand web application vulnerabilities and how to discover them. If you run a bug bounty/vulnerability disclosure program and you are looking for an active, professional researcher, we recommend considering this user

xnl-h4ck3r

Rank #61 — Level 4

82
unique bugs discovered
252 hours, 41 minutes and 21 seconds active hacking time

91
reports accepted
97 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Report Title	Event ID	Severity	Vulnerability Type
A User can modify the Email of their appointment despite being disabled for safeguarding reasons	FirstBlood v1	High	`Application/Business Logic`
Leaking PII data of users who have appointments using stored XSS and IDOR	FirstBlood v1	High	`Stored XSS`
An new user account can bypass security and view all patient data	FirstBlood v1	High	`Auth issues`
An new user account can bypass security and view all appointment data	FirstBlood v1	CRITICAL	`Application/Business Logic`
Info leak for events and attendees including PII data	FirstBlood v1	CRITICAL	`Information leak/disclosure`
Stored XSS payload allowed in names when making an appointment can leak admin cookie	FirstBlood v1	High	`Stored XSS`
Authorisation vulnerabilities with cookies	FirstBlood v1	High	`Application/Business Logic`
Reflective XSS on Register page leading to leak of PII data	FirstBlood v1	Medium	`Reflective XSS`
Reflective XSS on Login page (requiring interaction), leading to leak of PII data	FirstBlood v1	Medium	`Reflective XSS`
Stored XSS on Admn API endpoint for querying Appointment	FirstBlood v1	High	`Stored XSS`
Attacker can register a user name that has already been registered	FirstBlood v1	High	`Auth issues`
Open Redirect on login page with "goto" parameter leading to account takeover	FirstBlood v2	Medium	`Reflective XSS`
A doctors invite code is easily guessable and grants anyone access to the doctor portal and patient PII data	FirstBlood v2	Medium	`Auth issues`
A User can modify the Email of their appointment despite being disabled for safeguarding reasons	FirstBlood v2	Medium	`Application/Business Logic`
Reflected XSS on register.php with ref parameter, leaking cookies (requires interaction)	FirstBlood v2	Medium	`Reflective XSS`
Can update any users password if know the username, and therefore takeover any account and get Admin access	FirstBlood v2	CRITICAL	`Application/Business Logic`
Insecure Deserialization leading to RCE and rooting the server	FirstBlood v2	CRITICAL	`Deserialization`
Info disclosure on /vaccination-manager/api/vax-proof-list.php	FirstBlood v2	CRITICAL	`Information leak/disclosure`
SQL Injection on vaccination-manager login page to access portal	FirstBlood v2	CRITICAL	`SQL Injection`
Stored XSS on Vaccination Manager Portal through User Agent	FirstBlood v2	High	`Stored XSS`
Reflective XSS on Login page using the hidden "goto" parameter	FirstBlood v2	Medium	`Reflective XSS`
An account with the same username can be created which leads to the original account being deleted and replaced with the attackers	FirstBlood v2	Medium	`Auth issues`
Stored XSS on cancelled appointment can leak admin cookies	FirstBlood v2	High	`Stored XSS`
Auth issue allowing a new doctor to view all appointment details that should require admin access	FirstBlood v2	Medium	`Application/Business Logic`
Open Redirect on logout.php using ref parameter	FirstBlood v2	Low	`Open Redirect`
Open Redirect on login.php with goto parameter	FirstBlood v2	Informative
Reflected XSS on login.php using Referer header	FirstBlood v2	Medium	`Reflective XSS`
Stored XSS through Doctors photo URL pn endpoint meet_drs.php	FirstBlood v3	High	`Stored XSS`
Infomation Disclosure about private locations	FirstBlood v3	High	`Access control`

BugBountyHunter