FirstBlood-#25Invite Code leaking on Reddit
This issue was discovered on FirstBlood v1.0.0

On 2021-05-09, mava Level 2 reported:

Hi zseano,
I found an Info Leak on Reddit.


This Reddit leaks the invite code F16CA47250E445888824A9E63AE445CE which thereby allows anybody to signup as a doctor.
This could allow anybody to read sensitive information.


  1. Goto
  2. Enter a username and F16CA47250E445888824A9E63AE445CE.
  3. You are signed in!


Invalidate the invite Code.

Best regards,

P2 High

Endpoint: reddit

Parameter: Invite Code

Payload: F16CA47250E445888824A9E63AE445CE

FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.

Report Feedback


Creator & Administrator

Nice find mava :)