FirstBlood-#856Registering as Doctor by using `Test` as invite code
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-29, th4nu0x0 Level 2 reported:

Summary:

To register account on First Blood we need a Unique invite code which is not available for normal users but using Test as code anyone can create a Doctor account.

Steps To Reproduce:

Impact:

Registering Doctor account with test code

P3 Medium

Endpoint: /register.php

Parameter: /register.php

Payload: Test


FirstBlood ID: 24
Vulnerability Type: Auth issues

The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.