RedTeam
3.Web-Hacking
3.Business-Logic
Access-Control-Vulnerabilities
Notes
2.vertical Privilege Escalation

Vertical Privilege Escalation

  • Non-administrative user gaining access to an admin page where they can delete accounts
  • Attacker might be able to access administrative functions via the URL https://insecure-website.com/admin (opens in a new tab)
  • Admin URL might be more obscure but still leaked in JavaScript that constructs the user interface:
<script>
var isAdmin = false;
if (isAdmin) {
...
var adminPanelTag = document.createElement('a');
adminPanelTag.setAttribute('https://insecure-
website.com/administrator-panel-yb556');
adminPanelTag.innerText = 'Admin panel';
...
}
</script>

Parameter-based Access Control Methods- Storing access information in a user-controlled location (hidden field, cookie, query string, etc.) https://insecure-website.com/login/home.jsp?admin=true (opens in a new tab) https://insecure-website.com/login/home.jsp?role=1 (opens in a new tab)

  • Platform Misconfiguration
    • Restricting access at the platform layer by specific URLs and HTP methods:
DENY: POST, /admin/deleteUser,
managers
- Can override by editing the request header
POST / HTTP/1.1
X-Original-URL:
/admin/deleteUser
1.what Is Access Control3.horizontal Privilege Escalation