FirstBlood-#140Invitation code leaked on reddit
This issue was discovered on FirstBlood v1

On 2021-05-10, codersanjay Level 3 reported:

Invitation code of a doctor was leaked on reddit with which I was able to register a doc myself.


Create doctor account and impersonate.

P2 High


Parameter: none

Payload: none

FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.