Skip to content

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level

License

Notifications You must be signed in to change notification settings

qeeqbox/vertical-privilege-escalation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

A threat actor may perform unauthorized functions belonging to another user with a higher privilege level.

Clone this current repo recursively

git clone --recursive https://github.com/qeeqbox/horizontal-privilege-escalation

Run the webapp using Python

python3 horizontal-privilege-escalation/vulnerable-web-app/webapp.py

Open the webapp in your browser 127.0.0.1:5142

Login as John (username: john and password: john - The threat actor stole this account)

John has access to the tickets only

Logout

Login as Joe (username: joe and password: joe - The threat actor stole this account)

Joe also has access to the tickets and sysinfo

Code

This logic checks if the user is logged in, then it renders sections based on the user's access

@logged_in
def render_home_page(self):
    content = b""
    cookies = SimpleCookie(self.headers.get('Cookie'))
    if "access" in cookies:
        for access in cookies["access"].value.split(","):
            content += getattr(self, f"{access}_section" , None)()
    return BASE_TEMPLATE.replace(b"{{body}}",content)

Impact

Vary

Risk

  • Session Hijacking
  • Credential Theft

Redemption

  • Client input validation
  • Output encoding
  • Browser built-in XSS preveiton

ID

cb251c97-067d-4f13-8195-4f918273f41b

About

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Sponsor this project