FirstBlood-#1061PII data leak
This issue was discovered on FirstBlood v3

On 2022-12-08, twsec Level 2 reported:

i have discovered an PII info leak while navigating to /api/doctors.php

P2 High

Endpoint: /api/doctor.php

Parameter: /api/doctors.php

Payload: /api/doctor.php

FirstBlood ID: 66
Vulnerability Type: Information leak/disclosure

It is possible to leak doctors private information such as email and phone number via the /api/doctors.php endpoint. No authentication is needed.

Report Feedback


Creator & Administrator

Congratulations you were the second user to discover this!