
Rank #71 Level 4

unique bugs discovered
216 hours, 3 minutes and 14 seconds active hacking time

reports accepted
99 Accuracy

Vulnerability Types Found

Bug Submissions & total bug count

Hackevent (FirstBlood) Activity

Report Title Event ID Severity Vulnerability Type
Stored XSS + stealing cookies through XSS hunter FirstBlood v1 High Stored XSS
Unique invite code bypass FirstBlood v2 Medium Auth issues
It is possible to reset drAdmin's password FirstBlood v2 CRITICAL Auth issues
Reflected XSS on register.php leads to account takeover FirstBlood v2 Medium Reflective XSS
The parameter "goto" is vulnerable to XSS on login.php. FirstBlood v2 Medium Reflective XSS
Stored XSS in cancelled appointment message FirstBlood v2 High Stored XSS
New doctor account (limited access) can view patient information through an API call FirstBlood v2 Medium Application/Business Logic
It is possible to modify the email address of an appointment. FirstBlood v2 Medium Application/Business Logic
Reflected XSS on the login form in the goto parameter FirstBlood v2 Medium Reflective XSS
Open redirect vulnerability in the logout function FirstBlood v2 Low Open Redirect
The login form for Vaccination Manager is vulnerable to SQL injection FirstBlood v2 CRITICAL SQL Injection
List of vaccination disclosure FirstBlood v2 CRITICAL Information leak/disclosure
The User Agent parameter is vulnerable to XSS in the vaccination-manager portal. FirstBlood v2 High Stored XSS
phar out - PHP deseriliazation RCE + priv. escalation FirstBlood v2 CRITICAL Deserialization