FirstBlood-#275 — Register as non admin doctor
This issue was discovered on FirstBlood v1
On 2021-05-15, twsec Level 2 reported:
i really cracked my head from this, at first i thought there must be some bypass or hidden api endpoint, but all it was some OSINT
we google firstbloodhackers and we get
a reddit link we open it and
and we find the invite code
then we use the invite code and register a new doctor
P2 High
Endpoint: /register
Parameter: unique invite code
Payload: F16CA47250E445888824A9E63AE445CE
FirstBlood ID: 15
Vulnerability Type: Auth issues
A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.