FirstBlood-#140Invitation code leaked on reddit



On 2021-05-10, codersanjay reported:

Invitation code of a doctor was leaked on reddit with which I was able to register a doc myself.

Impact

Create doctor account and impersonate.

P2 High

Endpoint: https://www.reddit.com/r/BugBountyHunter/comments/n4xzw1/firstbloodhackerscom_doctor_registration/

Parameter: none

Payload: none


FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.


Respect Earnt: 1500000
RESPECT ($RSP) is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.