We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!
FirstBlood-#578 — Application Logic flaw leads to anyone registering a doctor account without invite code
This issue was discovered on FirstBlood v2
On 2021-10-26, th33phoenix Level 4 reported:
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles
Hey there!!!!!
I have found a app logic error, resulting in an attacker registering a doctor account without an invitation code
Description:
Doctor accounts are pre-made and the invite codes sent to them. But using a bypass, any attacker can register for a doctor account
Impact:
An attacker can create a doctor account of his choice, which gives him access to more functionalities like seeing patient info, searching for patients, etc
Steps to reproduce:
- Visit /register.php and try to register for an account using the previous invitation code that was leaked on reddit. See that we get an error:
- Use "test" as invite code and see that we are able to register:
- Now login into the account using the provided password:
P3 Medium
Endpoint: /register.php
Parameter: none
Payload: none
FirstBlood ID: 24
Vulnerability Type: Auth issues
The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.