amec0e

XSS (all types)

CSRF

IDOR

CORS

AppLogic

Open Redirect

Authorisation

Privacy Issues

SQL Injection

SSRF

Info Leak

XXE

Server Misconfig

Remote Code Execution

Below you can find disclosed reports from our Hackevents which are events we host for our members to win rewards. You can find more information here.

Show entries

Search:

Report Title	Event ID	Severity	Vulnerability Type
[COLLAB] Able to modify email post booking an appointment	FirstBlood v2	Medium	`Application/Business Logic`
[COLLAB] Can register as a doctor and steal token upon login.	FirstBlood v2	High	`Reflective XSS`
[COLLAB] DOM XSS on register patch bypass	FirstBlood v2	Medium	`Reflective XSS`
[COLLAB] Enumerate users via vaccination manager login	FirstBlood v2	CRITICAL	`SQL Injection`
[COLLAB] Exposed api allows viewing of all vaccination proof leaking user emails	FirstBlood v2	CRITICAL	`Information leak/disclosure`
[COLLAB] Password change endpoint leads to ATO of drAdmin account.	FirstBlood v2	CRITICAL	`Application/Business Logic`
[COLLAB] Phar deserialization to RCE via upload vaccination proof	FirstBlood v2	CRITICAL	`Deserialization`
[COLLAB] Reflected XSS via login endpoint	FirstBlood v2	Medium	`Reflective XSS`
[COLLAB] Stored XSS on Cancel appointment which leads to ATO	FirstBlood v2	High	`Stored XSS`
[COLLAB] Stored/Blind XSS / DOS via vaccination portal	FirstBlood v2	High	`Stored XSS`

Showing 1 to 10 of 10 entries

BugBountyHunter