FirstBlood-#856 — Registering as Doctor by using `Test` as invite code
This issue was discovered on FirstBlood v2
On 2021-10-29, th4nu0x0 Level 2 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Summary:
To register account on First Blood we need a Unique invite code which is not available for normal users but using Test as code anyone can create a Doctor account.
Steps To Reproduce:
- GoTo https://firstbloodhackers.com/register.php
- Enter a username and on invite code enter
Test and you'll be presented with your username and password
Impact:
Registering Doctor account with test code
P3 Medium
Endpoint: /register.php
Parameter: /register.php
Payload: Test
FirstBlood ID: 24
Vulnerability Type: Auth issues
The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.