Category: Write-ups

  • Blog
  • Category: Write-ups
How could privilege escalation vulnerability lead to full account takeover?

How could privilege escalation vulnerability lead to full account takeover?

While performing a pentesting engagement with CyberAR on a cloud solutions web application, I chained a vulnerability and a weird function to reach a critical impact. The website has some roles for managing project content, let’s say Admin, Team member, and Viewer. The really weird function is that an Admin can edit other admins’ email

Read More
Critical Logic Flaw Allows Overwrite of Any User Account: What You Need to Know

Critical Logic Flaw Allows Overwrite of Any User Account: What You Need to Know

While conducting web application testing, I focused on the email and password update sections, particularly the email update functionality. This feature is crucial as it contains a critical vulnerability that can lead to the overwriting of any user account. Description: A critical logic flaw in the account update functionality allows an attacker to overwrite any

Read More

Copyright © 2024 Cyber AR LLC. All rights reserved.