FirstBlood-#671Vaccination proof leak
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-27, shivam18u Level 3 reported:

Hi Sean,

I found that the url https://31b7af0d2012-shivam18u.a.firstbloodhackers.com/vaccination-manager/api/vax-proof-list.php leaks the vaccination proof of all the submissions along with their emails.

The vaccination proof might contain PII. The images can be fetched from firstblood.com/upload/filename.jpg

Have a nice day!

P1 CRITICAL

Endpoint: /vaccination-manager/api/vax-proof-list.php

Parameter: .

Payload: .


FirstBlood ID: 37
Vulnerability Type: Information leak/disclosure

The endpoint /vaccination-manager/api/vax-proof-list.php leaks PII without any authentication. The intended solution was to find it via swagger-ui at /vaccination-manager/api.php