FirstBlood-#1762Leak all the Appointment Id with ambulance enabled
This issue was discovered on FirstBlood v3

On 2022-12-15, mr_xhunt Level 8 reported:


The /api/ambulances.php is used to view the appointment details by ID but if we send all in the select parameter then all the appointment whose ambulance is enabled IDs are leaked.

Steps To Reproduce:

  1. Visit the following link and the Appointment Id will be leaked:

P2 High

Endpoint: /api/ambulances.php

Parameter: select

Payload: all

FirstBlood ID: 71
Vulnerability Type: Information leak/disclosure

The endpoint /api/ambulances.php leaks patient information if the parameter ?select=all is supplied