FirstBlood-#569Default credentials allow any unauthorized user to get access to a doctor account
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-26, 0xblackbird Level 5 reported:

Hi! From the description of the FirstBlood event, I can see that credentials were not given for the following reason:

No credentials are available this time for FirstBlood v2.0.0 as we're still doing some testing on this.

From this information, we can extract 2 things, the password (which is in bold text) and that the v2.0.0 is still being tested. Which means, test accounts are created in order for the developers to fully test the release. The username wasn't that hard to guess: testdoctor.

Steps to reproduce

  • Now that we've got the credentials, all we have to do is use them. To do so, visit /login.php and use the following credentials: testdoctor:test and login.

  • You'll see that we're successfully logged in as the testdoctor.

Kind regards,
0xblackbird

P3 Medium

Parameter:

Payload:


FirstBlood ID: 24
Vulnerability Type: Auth issues

The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.