In this article, we are telling you about Access control vulnerabilities like Access control vulnerabilities and how to find it in a website while doing bug bounty.
Here we are telling you about the access control vulnerabilities practically as we have told you by solving the labs of information disclosure vulnerability.
If you get access control vulnerabilities in a website, then you get unauthorized access, you are being told all this for educational purpose, you should never misuse it.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
Access control vulnerabilities ?
Let us first tell you about the access control vulnerabilities, as the name suggests, if this bug occurs in a website, then hackers get access.
Here Access control vulnerabilities are not the same as users can be deleted after getting admin access. Access is also done through sessions. When you solve its labs, you understand yourself.
You get a lot of labs of access control vulnerabilities on portswigger here, here we are telling you to solve two labs, but you must try all its labs by yourself.
Access control vulnerabilities are found in a website when there is some kind of mistake from the web developer due to which the normal user can also access the features of admin
Let us try to understand this by example, as if a web developer has created a website, in such a function has been created for admin access in it, in such case admin can normally access it.
In the same way when a normal user visits the website, in such a way, if he can login to his account only, he can access the features of admin, in such a case it is called Access control vulnerabilities.
Access control vulnerabilities Labs
Here we are telling you to solve two labs of Access control vulnerabilities, here you get a lot of labs apart from them, you must solve all of them once.
Unprotected Admin functionality
First of all, you are being told about Unprotected Admin functionality. This is done using the robot.txt file, here first you have to access the lab.
As the name itself suggests, the web developer accidentally unprotect the admin function, in such a normal user can also see admin function as well.
After accessing the lab here, in this way the page is open in front of you, after the page is open, you can perform the Unprotected Admin functionality only through the url address.
As you can see in the image here we have robot.txt in url. Opening the file by doing this, we have got the admin panel show here, in this way if you find it in any website.
In such a way, you can remove the information about users by accessing the admin panel, like we have accessed the admin panel in the url address here, in such a way we have shown the information of the users.
To solve the lab here, you have to delete the carlos user, as you can see in the image, you have to show the names of all the users here, in such a way, you have to delete the carlos user here.
After doing all this, the lab of Unprotected Admin functionality is solved as you can see in the image as you get a message show of congratulations on solving labs.
User ID controlled by request parameter
Let us now talk about the User ID controlled by request parameter as you can understand by the name here, if we are able to access another user’s account with the help of burp suite if we login with another user. This user ID is controlled by request parameter vulnerability.
Here first you have to run the burp suite, after that you have to access lab, after accessing lab you can perform user ID controlled by request parameter.
After accessing the lab here, something gets opened in front of you in this way, here you have been given the username and password to login, here we are from login wiener but api key carlos are left.
After login, the api key of the wiener user gets displayed in front of you as you can see in the image, here you can note this api key, after this you get the url in the burp suite.
As you can see in the image, we have logged in here from wiener user, in such a way we have shown url in burp suite here we have to send it to repeater, after this we can change it
After sending the repeater in such a way, you have to change the name of the user like we have given carlos here, after doing all this, the request has to be sent, in such a way we get the api key of the carlos user in response.
Here you can notice that the api keys of both users are different. After doing all this, we have to give the api key of carlos in the submit solution as you can see in the image.
After doing all this your lab gets solved here you get more labs of Access control vulnerabilities which you can try to solve by yourself.
I hope that now you can understand about Access control vulnerabilities. We have told you here by solving two labs of Access control vulnerabilities.
Here we want to clear you one thing, you get a lot of labs of access control vulnerabilities here, in such a way, it is not possible to solve it and tell everyone.
So you should try to solve all these labs yourself by looking at the solution here, by doing this your skills improve, while doing bug bounty you should always think how you can implement some kind of attack.
In such a case, you should always try again and again, whatever websites run the bounty program, you can perform repeated attacks on them, in such a way that you can implement any way you can report in such a way.
If you have any kind of problem in solving labs of access control vulnerabilities, in such a way, you can ask us in a comment, your full help will be done from our side.
Here we have given you a lot of knowledge in free, in such a way, you must support our website, as well as share our articles, here you can take all kinds of knowledge from facebook hacking to carding.
Sharing is caring