Hello everyone, I hope you all are doing great.
I am back with another writeup.
So first let's understand what broken access control is
Broken Access Control
A Broken access control vulnerability is a type of security flaw that allows an unauthorized user access to restricted resources. By exploiting this vulnerability, attackers can circumvent standard security procedures and gain unauthorized access to sensitive information or systems.
Let's Begin
So the website was a school management website where teachers can manage the details of students, make their report, complaints and others information.
So the website has two accounts one for students and one for teachers
And the difference between the accounts is 2 factor authentication. When students login they will login without 2fa.
And when teachers login they are asked give the 2fa code.
We found many bugs inside the website but we will cover those in other blog. Here we will talk about Broken Access Control.
So teachers can access any students files and edit them but students were only able to see their own files and information.
So first I visited a students profile and there we were able to see it's result and marks. And then we copied the link that was https://www.victim.com/student_id/details.
We logged out from the website and login using a student Id.
And visited the link. And it shows the page don't exist.
So after playing with this I got a tip from LinkedIn to .json at the last of the url.
The url was like https://www.victim.com/student_id/details.json.
And after using json after the link we were able to see every students detail in json format.
So with this a student can see each and every students details also he can check the details of every teacher with https://www.victim.com/teacher_id/details.json
So if you ever got upon the same try to add .json after the url.
I hope you enjoy this one and learned something new.
I see you next time 😉
Take care, happy hacking!
Comments