newrouge

Rank #156 — Level 3

54
unique bugs discovered
135 hours, 29 minutes and 50 seconds active hacking time

53
reports accepted
100 Accuracy

Vulnerability Types Found

XSS (all types)

CSRF

IDOR

CORS

AppLogic

Open Redirect

Authorisation

Privacy Issues

SQL Injection

SSRF

Info Leak

XXE

Server Misconfig

Remote Code Execution

Access Control

Session Management

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Show entries

Search:

Report Title	Event ID	Severity	Vulnerability Type
0 click admin account takeover via stored xss on admin dashboard through cancel appointment.	FirstBlood v2	High	`Stored XSS`
Admin account takeover	FirstBlood v2	CRITICAL	`Application/Business Logic`
Admin Panel Exposure by old credentials	FirstBlood v2	Informative
Anyone can register as a doctor due to weak Invite key	FirstBlood v2	Medium	`Auth issues`
Enumerating files/directories and tools/binaries installed on FirstBlood server	FirstBlood v2	Low	`Information leak/disclosure`
FirstBlood server Rooted!	FirstBlood v2	CRITICAL	`RCE`
Important files leaking on firstblood	FirstBlood v2	High	`Information leak/disclosure`
Insecure Deserialization leading to RCE [COLLAB]- mrrootsec	FirstBlood v2	CRITICAL	`Deserialization`
It is possible to login as TestDoctor with <BLANK> cookie.	FirstBlood v2	High	`Application/Business Logic`
Modifying more information than intended on /manageappointment.php	FirstBlood v2	Medium	`Application/Business Logic`
New doctor can query patients information by API endpoint.	FirstBlood v2	Medium	`Application/Business Logic`
No session invalidation after logout on vaccine-portal	FirstBlood v2	Low	`Application/Business Logic`
Open redirect by logout.php	FirstBlood v2	Low	`Open Redirect`
Reflected xss bypass on register.php with ref paramter	FirstBlood v2	Medium	`Reflective XSS`
Reflective xss on login.php by goto paramter	FirstBlood v2	Medium	`Reflective XSS`
Reflective xss vis 'goto=' parmater on login.php	FirstBlood v2	Medium	`Reflective XSS`
sql injection on /vaccination-manager/login.php	FirstBlood v2	CRITICAL	`SQL Injection`
Stored xss by meesage field on MANAGE APPOINTMENT	FirstBlood v2	High	`Stored XSS`
User's vaacination data leak and with other info without needing to log into vaccine-manger portal	FirstBlood v2	CRITICAL	`Information leak/disclosure`
XSS on /vaccination-manager/portal.php through User-agent pollution	FirstBlood v2	High	`Stored XSS`

Showing 1 to 20 of 20 entries

Previous1Next

BugBountyHunter