FirstBlood-#569 — Default credentials allow any unauthorized user to get access to a doctor account
This issue was discovered on FirstBlood v2
On 2021-10-26, 0xblackbird Level 5 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Hi! From the description of the FirstBlood event, I can see that credentials were not given for the following reason:
No credentials are available this time for FirstBlood v2.0.0 as we're still doing some testing on this.
From this information, we can extract 2 things, the password (which is in bold text) and that the v2.0.0 is still being tested. Which means, test accounts are created in order for the developers to fully test the release. The username wasn't that hard to guess: testdoctor.
Steps to reproduce
- Now that we've got the credentials, all we have to do is use them. To do so, visit
/login.php and use the following credentials: testdoctor:test and login.
- You'll see that we're successfully logged in as the testdoctor.
Kind regards,
0xblackbird
P3 Medium
Parameter:
Payload:
FirstBlood ID: 24
Vulnerability Type: Auth issues
The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.