FirstBlood-#856 — Registering as Doctor by using `Test` as invite code
This issue was discovered on FirstBlood v2.0.0 (issues patched)
On 2021-10-29, th4nu0x0 Level 2 reported:
To register account on First Blood we need a Unique invite code which is not available for normal users but using
Testas code anyone can create a Doctor account.
Steps To Reproduce:
- GoTo https://firstbloodhackers.com/register.php
- Enter a username and on invite code enter
Testand you'll be presented with your username and password
Registering Doctor account with test code
FirstBlood ID: 24
Vulnerability Type: Auth issues
The old invite code was deleted but when testing FirstBlood v2 the developers accidentally left the test code working.