Privilege Escalation
what is Privilege Escalation?
Privilege escalation vulnerabilities are security issues that allow users to gain more permissions and a higher level
Hello guys,who love to hack .Today I will talk about how I got this bug. It’s easy. All you have to do is focus and take time to think
While I was roaming in bugcrowd programs, I entered one of the programs that give points and logged into that program
Then I went into the settings and then into the account data that I entered, and I created the account, in fact I was not looking for privilege escalation bug. In fact, I was looking for cors vulnerability
(Cross-origin resource sharing).I clicked on Edit then I intercept request using burp suite
And It was a surprise
I looked at the request and thought for a few seconds what it meant by "IsMember: false"
I am a member of the site and I created an account on the site and then looked and found these words below the personal picture
Non-member
So I decided to change the value of “false” to “true” to see what happens.It was a surprise. When i went to the account page then reload it .
I become Active member and have a certification badges.
You may find it in some scenarios “isadmin:false” or you can add it to request may be website is vulnerable and you get a privilege of admin
OR you can add it manual to your browser .
In firfox >>> go to website >>>inspect elements >> Storage >> cookies
you will find link of website in items put values “isadmin:true” then refresh page (if website vulnerable)
After reporting the bug they told me it was duplicated and I got 2points.
Don’t forget to follow me, I have more stories waiting for you, friend, to tell you
Bye