0xblackbird


Rank #44 Level 5



100
unique bugs discovered
131 hours, 28 minutes and 26 seconds active hacking time

108
reports accepted
97 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
[COLLAB] 1 Click XSS can lead to Admin Account Takeover FirstBlood v1 CRITICAL Auth issues
It is possible to view patient's data as a new doctor FirstBlood v1 CRITICAL Application/Business Logic
Open redirect on /drpanel/logout.php FirstBlood v1 Low Open Redirect
Leaked invite ID allows anyone to register for an account. FirstBlood v1 High Auth issues
Creating a new user with same username overrides old password which can lead to account takeover FirstBlood v1 High Auth issues
Reflected xss on login.php FirstBlood v1 Medium Reflective XSS
Reflected XSS on register.php FirstBlood v1 Medium Reflective XSS
Reflected xss on register.php FirstBlood v1 Medium Reflective XSS
Unauthenticated access to PII data on /drpanel/drapi/qp.php FirstBlood v1 CRITICAL Auth issues
Hackerback event attendees information disclosed through /attendees/event.php FirstBlood v1 CRITICAL Information leak/disclosure
Adding cookie to the request allows us to modify way more data then allowed FirstBlood v1 High Application/Business Logic
New doctors are able to view patient's private data through /drpanel/drapi/qp.php FirstBlood v1 CRITICAL Application/Business Logic
GUUID is replaceable by an 8 digit number which makes it vulnerable to IDOR FirstBlood v1 High Insecure direct object reference
Stored XSS on /drpanel/drapi/query.php FirstBlood v1 High Stored XSS
Reflected xss on login.php leads to account takeover FirstBlood v1 Medium Reflective XSS
Stored XSS on yourappointments.php can lead to account takeover FirstBlood v1 High Stored XSS
Reflected XSS on /login.php via goto parameter leads to account takeover FirstBlood v2 Medium Reflective XSS
Endpoint allows unauthorized users to update other user's passwords FirstBlood v2 CRITICAL Application/Business Logic
Default credentials allow any unauthorized user to get access to a doctor account FirstBlood v2 Medium Auth issues
DOM-based XSS on /login.php via the goto parameter FirstBlood v2 Medium Reflective XSS
Open redirect on /login.php via the goto parameter FirstBlood v2 Medium Reflective XSS
Reflected XSS on /register.php via the ref parameter FirstBlood v2 Medium Reflective XSS
Stored XSS on /drpanel/index.php by cancelling an appointment FirstBlood v2 High Stored XSS
Stored XSS on /manageappointment.php can lead to account takeover FirstBlood v2 High Stored XSS
Appointment data can still be modified when upon adding a cookie FirstBlood v2 Medium Application/Business Logic
New doctors can easily get access to patients private data FirstBlood v2 Medium Application/Business Logic
Remote Code Execution via insecure deserialization on /api/checkproof.php FirstBlood v2 CRITICAL Deserialization
Open redirect on logout.php FirstBlood v2 Low Open Redirect
Endpoint discloses information about all vaccination proof records FirstBlood v2 CRITICAL Information leak/disclosure
editpassword.php allows anyone to edit any user's passwords FirstBlood v3 CRITICAL Auth issues
DOM-based XSS on /about.html can lead to account takeover FirstBlood v3 Medium Reflective XSS
Reflected XSS on /edit-doctor.php FirstBlood v3 Medium Reflective XSS
DOM-based XSS on /book-appointment.html can lead to account takeover FirstBlood v3 Medium Reflective XSS
Reflected XSS on /doctors.php FirstBlood v3 Medium Reflective XSS
Default credentials admin:admin work on login.php FirstBlood v3 CRITICAL Auth issues
Open redirect on logout remained unpatched FirstBlood v3 Low Open Redirect
Username enumeration through editpassword.php FirstBlood v3 Informative
CSRF bypass on edit-dr.php FirstBlood v3 Low Cross Site Request Forgery
No CSRF protection on editpassword.php FirstBlood v3 Informative
Unauthenticated Stored XSS on ambulances.php can lead to account takeover (of doctors) FirstBlood v3 High Stored XSS
Stored XSS on drpanel after joining hackerback can lead to account takeover FirstBlood v3 CRITICAL Stored XSS
Stored XSS on manageappointment.php after selecting a doctor FirstBlood v3 High Stored XSS
Stored XSS on /meet_drs.php due to unfiltered doctor's name FirstBlood v3 High Stored XSS
Stored XSS on doctors.php FirstBlood v3 High Stored XSS
It is possible to book an appointment with an unavailable doctor FirstBlood v3 Low Application/Business Logic
2nd Reflected XSS on edit-doctor.php (different injection point + payload) FirstBlood v3 Medium Reflective XSS
Doctors can change doctor's profile photo FirstBlood v3 Low Application/Business Logic
Stored XSS on /meet_drs.php can lead to full account takeover FirstBlood v3 High Stored XSS
It is possible to bypass relative URL by using triple forward slashes on photoURL and load external images FirstBlood v3 Low Application/Business Logic
PII of doctors leaked through /api/doctors.php FirstBlood v3 High Information leak/disclosure
Private office locations disclosed on /api/locations.php FirstBlood v3 High Access control
Stored XSS through doctor tagline on meet_drs.php FirstBlood v3 High Stored XSS
Blind Stored XSS on admin panel can lead to SSRF FirstBlood v3 CRITICAL Stored XSS
Stored XSS on about.php's doctor of the month field FirstBlood v3 High Stored XSS
Stored XSS on about.php through doctor of the profile photo FirstBlood v3 High Stored XSS
It is still possible to edit some data of a confirmed & cancelled appointment FirstBlood v3 Low Application/Business Logic
Appointment UUIDs leaked through new ambulances API endpoint FirstBlood v3 High Information leak/disclosure