FirstBlood-#140Invitation code leaked on reddit

On 2021-05-10, codersanjay reported:

Invitation code of a doctor was leaked on reddit with which I was able to register a doc myself.


Create doctor account and impersonate.

P2 High


Parameter: none

Payload: none

FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.

Respect Earnt: 1500000
RESPECT ($RSP) is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.