From Accessing Restricted Functionality via URL Found in .js File, to Vertical Privilege Escalation through Modification of the ‘accessLevel’ Value in HTTP Responses on the API – Company Blog

March 18, 2024

The Story of How Allah Allowed Us to Obtain Super Admin Access Through a Chain of Vulnerabilities (Including the Use of a Data Leak Monitoring Platform).

In the name of Allah, the Most Gracious, the Most Merciful.

This article has been published on the company blog where I am employed. Please visit the post for more details:

https://medium.com/haktrak-cybersecurity-squad/from-accessing-restricted-url-found-in-js-file-to-vertical-privilege-escalation-08b49a6e66ce

Tags: Broken Access Control Data Leak Monitoring Platform JS Leak Privilege Escalation

From Accessing Restricted Functionality via URL Found in .js File, to Vertical Privilege Escalation through Modification of the ‘accessLevel’ Value in HTTP Responses on the API – Company Blog

You may also like...

Search

Recent Posts

Categories

From Accessing Restricted Functionality via URL Found in .js File, to Vertical Privilege Escalation through Modification of the ‘accessLevel’ Value in HTTP Responses on the API – Company Blog

You may also like...

Broken Validation of Whatsapp for iOS – Using / Cloning other Whatsapp Number (Jan 16th, 2015)

CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)

Oppo – Open URL Redirection at Activation Link via Base64

Search

Recent Posts

Categories