FirstBlood-#239Attacker can register a user name that has already been registered



On 2021-05-14, xnl-h4ck3r reported:

Summary

You can register the same user more than once and get a new password, potentially taking over an existing account.

Steps to Reproduce

  1. Go to /register.php and regsiter a user, e.g. xnl:

  2. An attacker can then fo to the site and go to /register.php and use the same user name, and be assigned a new password. Register the name xnl with an invite code:

Impact

If a doctor has an existing account, and attacker can register an account with the same username and get a new password to log into that account.

P2 High

Endpoint: /register.php

Parameter: n/a

Payload: n/a


FirstBlood ID: 17
Vulnerability Type: Auth issues

Unintended: An account with the same username can be created which leads to the original account being deleted and replaced with the attackers


Respect Earnt: 2000000
RESPECT ($RSP) is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.