Exploiting privilege escalation vulnerability

· What is Privilege escalation:

Accessing those resources for which user do not have authorization by escalating the privilege comes under Privilege escalation.

There are multiple ways to achieve this such as by modifying user, directly accessing URL. Ultimate goal of attacker is to access sensitive data, API tokens, bypassing user controls or performing any malicious actions. It has two types:

i. Horizontal Privilege Escalation: If user accesses the resource of the another user who have same level access rights then its known as the horizontal privilege escalation.

As User ‘A’ can take privilege of User ‘B’.

ii. Vertical Privilege Escalation: If a user accesses the information which of a user who has more privilege then him mostly root (admin) privilege then this is known as the vertical privilege escalation.

As “normal user” can take privilege of “admin”.

· Why privilege escalation occurs ?

There are many reasons behind it. Let me focus on some:

i. Weak access control: Access control tells us who we are such as if we are admin then we have admin authorization but due to weak access control on the endpoints, we can…