top of page
Writer's pictureNitin Yadav

Exposed Secrets: The Peril of Broken Access Control

Hello everyone, I hope you all are doing great.

I am back with another writeup.


So first let's understand what broken access control is


Broken Access Control

A Broken access control vulnerability is a type of security flaw that allows an unauthorized user access to restricted resources. By exploiting this vulnerability, attackers can circumvent standard security procedures and gain unauthorized access to sensitive information or systems.


A Broken access control vulnerability is a type of security flaw that allows an unauthorized user access to restricted resources.
Broken Access Control

Let's Begin

So the website was a school management website where teachers can manage the details of students, make their report, complaints and others information.


Learn Broken Access Control
Broken Access Control

So the website has two accounts one for students and one for teachers


And the difference between the accounts is 2 factor authentication. When students login they will login without 2fa.

2fa code
MFA

And when teachers login they are asked give the 2fa code.


We found many bugs inside the website but we will cover those in other blog. Here we will talk about Broken Access Control.


So teachers can access any students files and edit them but students were only able to see their own files and information.


So first I visited a students profile and there we were able to see it's result and marks. And then we copied the link that was https://www.victim.com/student_id/details.


We logged out from the website and login using a student Id.

And visited the link. And it shows the page don't exist.

Bypassing Broken Access Control
Bypass

So after playing with this I got a tip from LinkedIn to .json at the last of the url.



And after using json after the link we were able to see every students detail in json format.


So with this a student can see each and every students details also he can check the details of every teacher with https://www.victim.com/teacher_id/details.json


So if you ever got upon the same try to add .json after the url.


I hope you enjoy this one and learned something new.


I see you next time 😉



Take care, happy hacking!

89 views0 comments

Comments


bottom of page