Privilege Escalation from Improper Access Control [Medium] — $700

Disclaimer: This writeup is heavily redacted due to the company’s policy on disclosing reports. Don’t forget to read my previous Bug Bounty Writeup — Stored XSS on Product Description [HIGH] — $400. Thank you for your time!

Photo by Florian Olivo on Unsplash

Within a web application, user roles are often established in order to correctly restrict resources accordingly. This translates…