The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

It is common to find cases where a vulnerability in the application’s hori-

zontal separation of privileges can lead immediately to a vertical escalation

attack. For example, if a user finds a way to set a different user’s password,

then the user can attack an administrative account and take control of the

application. 

In the cases described so far, broken access controls enable users who have

authenticated themselves to the application in a particular user context to per-

form actions or access data for which that context does not authorize them.

However, in the most serious cases of broken access control, it may be possible

for completely unauthorized users to gain access to functionality or data that

is intended to be accessed only by privileged authenticated users.

Download 5,76 Mb.

Do'stlaringiz bilan baham: