0xblackbird has reached Level 4 with 75+ unique vulnerabilities discovered and they have proven to us that they understand web application vulnerabilities and how to discover them. If you run a bug bounty/vulnerability disclosure program and you are looking for an active, professional researcher, we recommend considering this user

0xblackbird

Rank #46 — Level 5

100
unique bugs discovered
131 hours, 28 minutes and 26 seconds active hacking time

108
reports accepted
97 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Show entries

Search:

Report Title	Event ID	Severity	Vulnerability Type
2nd Reflected XSS on edit-doctor.php (different injection point + payload)	FirstBlood v3	Medium	`Reflective XSS`
[COLLAB] 1 Click XSS can lead to Admin Account Takeover	FirstBlood v1	CRITICAL	`Auth issues`
Adding cookie to the request allows us to modify way more data then allowed	FirstBlood v1	High	`Application/Business Logic`
Appointment data can still be modified when upon adding a cookie	FirstBlood v2	Medium	`Application/Business Logic`
Appointment UUIDs leaked through new ambulances API endpoint	FirstBlood v3	High	`Information leak/disclosure`
Blind Stored XSS on admin panel can lead to SSRF	FirstBlood v3	CRITICAL	`Stored XSS`
Creating a new user with same username overrides old password which can lead to account takeover	FirstBlood v1	High	`Auth issues`
CSRF bypass on edit-dr.php	FirstBlood v3	Low	`Cross Site Request Forgery`
Default credentials admin:admin work on login.php	FirstBlood v3	CRITICAL	`Auth issues`
Default credentials allow any unauthorized user to get access to a doctor account	FirstBlood v2	Medium	`Auth issues`
Doctors can change doctor's profile photo	FirstBlood v3	Low	`Application/Business Logic`
DOM-based XSS on /about.html can lead to account takeover	FirstBlood v3	Medium	`Reflective XSS`
DOM-based XSS on /book-appointment.html can lead to account takeover	FirstBlood v3	Medium	`Reflective XSS`
DOM-based XSS on /login.php via the goto parameter	FirstBlood v2	Medium	`Reflective XSS`
editpassword.php allows anyone to edit any user's passwords	FirstBlood v3	CRITICAL	`Auth issues`
Endpoint allows unauthorized users to update other user's passwords	FirstBlood v2	CRITICAL	`Application/Business Logic`
Endpoint discloses information about all vaccination proof records	FirstBlood v2	CRITICAL	`Information leak/disclosure`
GUUID is replaceable by an 8 digit number which makes it vulnerable to IDOR	FirstBlood v1	High	`Insecure direct object reference`
Hackerback event attendees information disclosed through /attendees/event.php	FirstBlood v1	CRITICAL	`Information leak/disclosure`
It is possible to book an appointment with an unavailable doctor	FirstBlood v3	Low	`Application/Business Logic`
It is possible to bypass relative URL by using triple forward slashes on photoURL and load external images	FirstBlood v3	Low	`Application/Business Logic`
It is possible to view patient's data as a new doctor	FirstBlood v1	CRITICAL	`Application/Business Logic`
It is still possible to edit some data of a confirmed & cancelled appointment	FirstBlood v3	Low	`Application/Business Logic`
Leaked invite ID allows anyone to register for an account.	FirstBlood v1	High	`Auth issues`
New doctors are able to view patient's private data through /drpanel/drapi/qp.php	FirstBlood v1	CRITICAL	`Application/Business Logic`
New doctors can easily get access to patients private data	FirstBlood v2	Medium	`Application/Business Logic`
No CSRF protection on editpassword.php	FirstBlood v3	Informative
Open redirect on /drpanel/logout.php	FirstBlood v1	Low	`Open Redirect`
Open redirect on /login.php via the goto parameter	FirstBlood v2	Medium	`Reflective XSS`
Open redirect on logout remained unpatched	FirstBlood v3	Low	`Open Redirect`

Showing 1 to 30 of 57 entries

Previous1 2Next

BugBountyHunter