FirstBlood-#110Information Leak leads to full backend access



On 2021-05-10, jonlaing reported:

After running a google search on firstbloodhackers.com I came across the Reddit page which has post by someone revealing their Invitation Code.

https://www.reddit.com/r/BugBountyHunter/comments/n4xzw1/firstbloodhackerscom_doctor_registration/

From there we can register by entering our name and the invite code and it gives us an account.

P2 High

Parameter:

Payload:


FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.


Respect Earnt: 1500000
RESPECT ($RSP) is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.