FirstBlood-#536 — Anyone can register as doctor by giving invite code "test"
This issue was discovered on FirstBlood v2.0.0 (issues patched)
On 2021-10-26, vishal Level 2 reported:
Discription : Anyone can register as doctor by giving invite code "test"
Steps to Reproduce the issue :
- Visit /register.php.
- Now enter any username you want to register as and invite code enter test as below
- Click on Secure Register you should be successfully registered as a doctor below.
Impact: Anyone can register as a Doctor.
Let me know, if anything missing or further information is required.
Thanks and Regards - Vishal
FirstBlood ID: 24
Vulnerability Type: Auth issues
The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.