HotDoc
- $50 – $8,000 per vulnerability
New feature added: patient search page on dashboard
We hope your testing is going well. Here is an update that should make things a bit more interesting!
The patient search feature is now available for testing on HotDoc Dashboard. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:
| Name | URL | Description | Change |
|---|---|---|---|
| Patient Search | https://staging.hotdoc.com.au/dashboard#/patients/search | Patient search on Dashboard | Added |
How to access the patient search page?
Visit the dashboard at https://staging.hotdoc.com.au/dashboard and log in as a clinic user. By clicking the 'Patients' button in the navigation bar, a 'Patient Search' link should be expanded. It will take you to the patient search page at https://staging.hotdoc.com.au/dashboard#/patients/search
How does the patient search work?
Endpoint: https://staging.hotdoc.com.au/api/dashboard/pms_patients?search=
The patient search functionality takes a patient's full name or partial name as the query parameter. It shows a list of matched patients and clinic users can manage the communication preference and view the patient activity of a selected patient. To assist your testing with this feature, we have seeded ten patients for each account.
| First name | Last name | |
|---|---|---|
| 1 | Nadia | Schuster |
| 2 | Louisa | Kulas |
| 3 | Finn | Leuschke |
| 4 | Maeve | Casper |
| 5 | Marcelina | Zulauf |
| 6 | Newton | McDermott |
| 7 | Frieda | Wilkinson |
| 8 | Kieran | Gorczany |
| 9 | Annabelle | Corwin |
| 10 | Isom | Dickens |
As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.
Get out there and lay claim to those bugs!
