Bug
Bounty
Hunter
Access your account
Getting started
Learn about vulnerability types
Getting started in bug bounties
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts
ZSeano's Methodology
Effective Note Taking for bug bounties
Making use of JavaScript (.js) files
Testing APIs
Testing file uploads
Bug Bounty ToolKit
Finding bugs using WayBackMachine
Useful Resources
Disclosed HackerOne Reports
Public HackerOne Programs
Our community
Endorsed Members
Hackevents
Member Articles
My BARKER Experience
— Contributed by
bongo
Reaching 1000+ reps on H1 and how you can do it too!
— Contributed by
iBruteforce
My Hackevent Experience
— Contributed by
iBruteforce
BugBountyHunter Experience & Review
— Contributed by
eliee
BugBountyHunter.com Review
— Contributed by
gprime31
Challenge Available
Mass assignement and learning new things
— Contributed by
Jomar
Reaching 1000+ reps on H1 and how you can do it too!
— Contributed by
iBruteforce
Choose vulnerability type
×
Cross Site Scripting (XSS)
5 labs available
Cross Site Request Forgery (CSRF)
1 lab available
Open Redirects (+Oauth flows)
3 labs available
Broken Access Control
Free Labs coming soon! Available for members
Server Side Request Forgery (SSRF)
Free Labs coming soon! Available for members
SQL Injection (SQLi)
Free Labs coming soon! Available for members
Command Injection
Insecure Direct Object Reference (IDOR)
1 Lab Available
XML External Entity (XXE)
Free Labs coming soon! Available for members
d20s84
Rank #153
—
Level 3
53
unique bugs discovered
79 hours, 0 minutes and 4 seconds active hacking time
56
reports accepted
90
Accuracy
Vulnerability Types Found
Bug Submissions & total bug count
Hackevent (FirstBlood) Activity
Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find
more information
here.
Report Title
Event ID
Severity
Vulnerability Type
Open Url redirection
FirstBlood v1
Low
Open Redirect
Stored Cross site scripting
FirstBlood v1
CRITICAL
Stored XSS
Info leak that leads to non admin login
FirstBlood v1
High
Auth issues
Patient's information can be obtained from a non admin account
FirstBlood v1
CRITICAL
Application/Business Logic
Email id can be modified for a patient
FirstBlood v1
High
Application/Business Logic
Stored XSS found on /manageappointment.php?success&aptid={id}
FirstBlood v2
High
Stored XSS
Reflective XSS at /login.php
FirstBlood v2
Medium
Reflective XSS
[unpatched]Reflective XSS on /login.php?action=login&ref={payload}
FirstBlood v2
Medium
Reflective XSS
Test Credentials are still working
FirstBlood v2
Medium
Auth issues
[Unpatched] Patient's information can be changed that is not allowed to change by the webapp
FirstBlood v2
Medium
Application/Business Logic
Admin password can be changed and retained by anyone
FirstBlood v2
CRITICAL
Application/Business Logic
[Unpatched] Stored XSS still working on admin's cancelled report panel
FirstBlood v2
High
Stored XSS
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles 
