BugBountyHunter

Description

It is possible to create a new account with the test/test credentials instead of using a unique invite code.

Steps to reproduce

1. Navigate to services > Doctor login https://87357338e250-vigilante.a.firstbloodhackers.com/login.php
2. Click on the register here url https://87357338e250-vigilante.a.firstbloodhackers.com/register.php
3. Use username:test and unique invite code:test, click on "Secure register".
4. You'll will get a message that you've successfully created an account.

Success! Your account has been created with the following credentials:

Username: test Password: Kpu2K8iIta

POST /register.php HTTP/1.1
Host: 87357338e250-vigilante.a.firstbloodhackers.com
Cookie: doctorAuthed=eyJkb2N0b3JBdXRoIjphdXRoZWR9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Origin: https://87357338e250-vigilante.a.firstbloodhackers.com
Referer: https://87357338e250-vigilante.a.firstbloodhackers.com/register.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
Te: trailers
Connection: close

action=register&username=test&inviteCode=test

Screenshot:

Impact:

It is possible to bypass the unique code requirement, it looks like some test credentials made it to production and we can use the word "test" when creating new accounts.