Privilege Esclation
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
Privilege escalation can be exploited in multiple ways, but mostly all are similar in nature.
Below are a few ways i have exploited for Priv Esc:
Response Manipulation:
1 way this this method works if application is validating requests based on previous responses. Any resource that is not accessible by a user i.e. they get a access denied, changing the response code to 200 OK, might give access.
Another way is cookie tampering, where privileged users have cookies that define roles such as admin or normal user.
Such cookies can be exploited and user can successfully gain higher privilege.
In some cases, login response will have a role parameter which will be verified in front end by JS which eventually is responsible for access accross application. Manipulating that as well, would give higher privileges.
Below are a few ways i have exploited for Priv Esc:
Response Manipulation:
1 way this this method works if application is validating requests based on previous responses. Any resource that is not accessible by a user i.e. they get a access denied, changing the response code to 200 OK, might give access.
Another way is cookie tampering, where privileged users have cookies that define roles such as admin or normal user.
Such cookies can be exploited and user can successfully gain higher privilege.
In some cases, login response will have a role parameter which will be verified in front end by JS which eventually is responsible for access accross application. Manipulating that as well, would give higher privileges.