Hey infosec Geeks ✌,

Hope you all are doing well, Here comes my 5th article showing how I was able to upgrade my account to premium and escalate my role to admin.

let's get started,

let us consider the target as redacted.com,

firstly I normally registered and log in to my account, I captured the simple update profile request and intercepted response to the request and analysed the response objects from API/server-side,

request to the server was like :

and the responses was somewhat :

Some parameters like “role”:”user ” and another one with “planId”:”Redacted-basic” and “planName”:”Redacted Basic” caught my eye .

First, I changed the parameter to “role”:”admin” and I worked!! but I think about what extra I can do as in this role: admin does not the site admin here, it was just admin related to a specific group/organisation or admin to the specific account which enables more features to collaborate with other employees, at this point, I already founded a vulnerability. But I Think of more,

Then Again, I changed the parameter value to “role”:”admin” , “planId”:”Redacted-pro” and “planName”:”Redacted Pro”.

And submitted the response and Boom I got access to the premium version with the admin role.

If you want to see video POC for this vulnerability then check out my youtube channel 🎞: see_poc_here

subscribe to my channel here 👩‍💻: subscribe__here

connect me via LinkedIn: https://www.linkedin.com/in/anurag-verma-650b771a2

connect me on Instagram: varmaanu001