xnl-h4ck3r

Rank #75 Level 4



82
unique bugs discovered
252 hours, 41 minutes and 21 seconds active hacking time

91
reports accepted
97 Accuracy
Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
A User can modify the Email of their appointment despite being disabled for safeguarding reasons FirstBlood v1 High Application/Business Logic
Leaking PII data of users who have appointments using stored XSS and IDOR FirstBlood v1 High Stored XSS
An new user account can bypass security and view all patient data FirstBlood v1 High Auth issues
An new user account can bypass security and view all appointment data FirstBlood v1 CRITICAL Application/Business Logic
Info leak for events and attendees including PII data FirstBlood v1 CRITICAL Information leak/disclosure
Stored XSS payload allowed in names when making an appointment can leak admin cookie FirstBlood v1 High Stored XSS
Authorisation vulnerabilities with cookies FirstBlood v1 High Application/Business Logic
Reflective XSS on Register page leading to leak of PII data FirstBlood v1 Medium Reflective XSS
Reflective XSS on Login page (requiring interaction), leading to leak of PII data FirstBlood v1 Medium Reflective XSS
Stored XSS on Admn API endpoint for querying Appointment FirstBlood v1 High Stored XSS
Attacker can register a user name that has already been registered FirstBlood v1 High Auth issues
Open Redirect on login page with "goto" parameter leading to account takeover FirstBlood v2 Medium Reflective XSS
A doctors invite code is easily guessable and grants anyone access to the doctor portal and patient PII data FirstBlood v2 Medium Auth issues
A User can modify the Email of their appointment despite being disabled for safeguarding reasons FirstBlood v2 Medium Application/Business Logic
Reflected XSS on register.php with ref parameter, leaking cookies (requires interaction) FirstBlood v2 Medium Reflective XSS
Can update any users password if know the username, and therefore takeover any account and get Admin access FirstBlood v2 CRITICAL Application/Business Logic
Insecure Deserialization leading to RCE and rooting the server FirstBlood v2 CRITICAL Deserialization
Info disclosure on /vaccination-manager/api/vax-proof-list.php FirstBlood v2 CRITICAL Information leak/disclosure
SQL Injection on vaccination-manager login page to access portal FirstBlood v2 CRITICAL SQL Injection
Stored XSS on Vaccination Manager Portal through User Agent FirstBlood v2 High Stored XSS
Reflective XSS on Login page using the hidden "goto" parameter FirstBlood v2 Medium Reflective XSS
An account with the same username can be created which leads to the original account being deleted and replaced with the attackers FirstBlood v2 Medium Auth issues
Stored XSS on cancelled appointment can leak admin cookies FirstBlood v2 High Stored XSS
Auth issue allowing a new doctor to view all appointment details that should require admin access FirstBlood v2 Medium Application/Business Logic
Open Redirect on logout.php using ref parameter FirstBlood v2 Low Open Redirect
Open Redirect on login.php with goto parameter FirstBlood v2 Informative
Reflected XSS on login.php using Referer header FirstBlood v2 Medium Reflective XSS
Stored XSS through Doctors photo URL pn endpoint meet_drs.php FirstBlood v3 High Stored XSS
Infomation Disclosure about private locations FirstBlood v3 High Access control