iffu


Rank #34 Level 5



102
unique bugs discovered
257 hours, 41 minutes and 5 seconds active hacking time

130
reports accepted
96 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count


Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Leakage of P2 information of users who have taken appointment FirstBlood v1 High Insecure direct object reference
Stored XSS on /drpanel/drapi/query.php?aptid FirstBlood v1 High Stored XSS
Open Redirect /drpanel/logout.php FirstBlood v1 Low Open Redirect
P2 information disclosure of the users attending the events FirstBlood v1 CRITICAL Information leak/disclosure
Found a way to register as non-admin user FirstBlood v1 High Auth issues
Privilege Escalation on /drpanel/drapi/query.php and /drpanel/drapi/query.php FirstBlood v1 CRITICAL Application/Business Logic
Reflected XSS on /login.php using ref parameter FirstBlood v1 Medium Reflective XSS
Reflected XSS on /login.php using the GET paramter 'goto' FirstBlood v1 Medium Reflective XSS
Open Redirect on /login.php via goto body parameter FirstBlood v1 Low Reflective XSS