FirstBlood-#743 — [COLLAB] Exposed api allows viewing of all vaccination proof leaking user emails
This issue was discovered on FirstBlood v2
On 2021-10-27, amec0e Level 3 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Hey again mate,
From my previous RCE report Here getting the directory listings we can see that there is a endpoint api.php located in the directory /vaccination-manager/ this brings us to a Swagger UI in which we can see a new endpoint called vax-proof-list.php upon viewing this we can see all the user emails of those who have uploaded vaccination proofs.
Impact:
PII Leak of user emails and IP addresses
Steps to Reproduce:
- Visit the endpoint
/vaccination-manager/api.php
You can see the new endpoint leaked on page, visiting this and we get a leak of users emails including their IP address.
In Collaboration with thebinarybot
P1 CRITICAL
Endpoint: /vaccination-manager/api.php
Parameter: NA
Payload: NA
FirstBlood ID: 31
Vulnerability Type: Information leak/disclosure
The endpoint api.php can be found under the vaccination manage portal directory which allows for user interaction and results in PII leak on vax-proof-list.php