FirstBlood-#140Invitation code leaked on reddit
This issue was discovered on FirstBlood v1.0.0



On 2021-05-10, codersanjay Level 3 reported:

Invitation code of a doctor was leaked on reddit with which I was able to register a doc myself.

Impact

Create doctor account and impersonate.

P2 High

Endpoint: https://www.reddit.com/r/BugBountyHunter/comments/n4xzw1/firstbloodhackerscom_doctor_registration/

Parameter: none

Payload: none


FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.