Privilege Escalation from Improper Access Control [Medium] — $700

Photo by Florian Olivo on Unsplash

What is Improper Access Control?

The Journey to $$$

  1. Company Admin
  • Allowed to modify and access company’s settings
  • Allowed to create, edit and delete groups
  • Allowed to invite new members to any group
  • Allowed to access and modify group resources
  • Allowed to invite new members to their group as user or group admin
  • Basic access to allocated resources
Adding other groups to my request
The circled groups are other groups within the company which I am not an admin of
Resolved as Privilege Escalation Vulnerability

Tips

--

--

--

Cybersecurity enthusiast! Eager to learn and share personal experiences with all of you.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

If Data is The New Oil, Then You’re The Oil

How to make digital identity more inclusive and accessible

Freedom Gateway’s Official Rebuke of the Treasuries Holiday Rule Proposal

Day 6: Security Misconfiguration

The Strategic Cooperation With CloudWallet

11 of the Worst Data Breaches in Media

Why we invested: Stoik

{UPDATE} Tetra Retro Brick Puzzle Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Emanuel Beni Harijanto

Emanuel Beni Harijanto

Cybersecurity enthusiast! Eager to learn and share personal experiences with all of you.

More from Medium

Let’s Get Offensive: Building a Purple Culture

The Ninja Sensei’s Logbook: Understanding the Transfer Limitation Obligation

The Network Security Pro’s Guide to RSAC 2022

Hello world, I am back at blogging again!