FirstBlood-#592 — Register a doctor
This issue was discovered on FirstBlood v2
On 2021-10-26, twsec Level 2 reported:
while to login we are faced with a login or register doctor, since we have no credentials we need to register
- it's always important to read the scope because there's a hidden message there
note the bold test
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635260084/xfqyzp7jv1l7ynjqgy1q.jpg)
so where might we use it, tried username ,but there's still the invite code so we try invite code "test" and it works.
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635260163/yigut8mrb0ykppg4psu7.jpg)
but since it should be unique which means it should be used once, we can use the same code to register another doctor at the same time.
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635260243/ywyt5gy4b9rc0q2uepck.jpg)
now we have access to the drpanel we could view the source of the page and notice the commented out code for editpassword function
![](https://res.cloudinary.com/bugbountynotes/image/upload/v1635260329/ndqneoew6mfv4wyynr0a.jpg)
and we can escalate our privileges to become an Admin Doctor.
P3 Medium
Endpoint: /register.php
Parameter: unique invite code
Payload: test
FirstBlood ID: 24
Vulnerability Type: Auth issues
The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.