FirstBlood-#836Patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-29, vishal Level 2 reported:

Discription:patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php

Steps to Reproduce :

  1. visit /vaccination-manager/api.php( found by go buster).

  2. I noticed intresting endponint here /vaccination-manager/api/vax-proof-list.php. let's go there lot's of private info such as :ip, email,vaccination certificate exposed here.

  3. vaccination certificate can be accessed by adding above get proff jpg file path after /upload/ like i did here.

Impact: user private info ip, email, vaccination certifiate exposed publicly.

Let me know if anything required - Thanks and regards -vishal

P1 CRITICAL

Endpoint: vaccination-manager/api/vax-proof-list.php

Parameter: none

Payload: none


FirstBlood ID: 31
Vulnerability Type: Information leak/disclosure

The endpoint api.php can be found under the vaccination manage portal directory which allows for user interaction and results in PII leak on vax-proof-list.php