Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
2021-12-30 15:32:55 Author: infosecwriteups.com(查看原文) 阅读量:15 收藏

Anurag__Verma

Hey infosec Geeks ✌,

Hope you all are doing well, Here comes my 5th article showing how I was able to upgrade my account to premium and escalate my role to admin.

let's get started,

let us consider the target as redacted.com,

firstly I normally registered and log in to my account, I captured the simple update profile request and intercepted response to the request and analysed the response objects from API/server-side,

request to the server was like :

and the responses was somewhat :

Some parameters like “role”:”user ” and another one with “planId”:”Redacted-basic” and “planName”:”Redacted Basic” caught my eye .

First, I changed the parameter to “role”:”admin” and I worked!! but I think about what extra I can do as in this role: admin does not the site admin here, it was just admin related to a specific group/organisation or admin to the specific account which enables more features to collaborate with other employees, at this point, I already founded a vulnerability. But I Think of more,

Then Again, I changed the parameter value to “role”:”admin” , “planId”:”Redacted-pro” and “planName”:”Redacted Pro”.

And submitted the response and Boom I got access to the premium version with the admin role.

If you want to see video POC for this vulnerability then check out my youtube channel 🎞: see_poc_here

subscribe to my channel here 👩‍💻: subscribe__here

connect me via LinkedIn: https://www.linkedin.com/in/anurag-verma-650b771a2

connect me on Instagram: varmaanu001


文章来源: https://infosecwriteups.com/easy-premium-account-access-and-admin-role-escalation-via-object-manipulation-in-the-server-619d325ab66?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh