bobbylin has reached Level 4 with 75+ unique vulnerabilities discovered and they have proven to us that they understand web application vulnerabilities and how to discover them. If you run a bug bounty/vulnerability disclosure program and you are looking for an active, professional researcher, we recommend considering this user
| Report Title | Event ID | Severity | Vulnerability Type |
|---|---|---|---|
| The patient email can be changed even though the application UI mentioned that this is not allowed. | FirstBlood v1 | High | Application/Business Logic |
| Newly created Doctor account was able to search for patient info via the query api | FirstBlood v1 | CRITICAL | Application/Business Logic |
| Account takeover of a doctor account is possible due to flawed logic in the registration process | FirstBlood v1 | High | Auth issues |
| [Two Tales of Info leak] Site setting can be accessed and leaked a "x-site-req" header. This header can be used to get HackerBack event attendees info. | FirstBlood v1 | CRITICAL | Information leak/disclosure |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles 