Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/qeeqbox/vertical-privilege-escalation

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
https://github.com/qeeqbox/vertical-privilege-escalation

escalation example infosecsimplified metadata privilege qeeqbox vertical visualization vulnerability

Last synced: 10 months ago
JSON representation

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level

Awesome Lists containing this project

README 

          
 



A threat actor may perform unauthorized functions belonging to another user with a higher privilege level.



Clone this current repo recursively

```sh

git clone --recurse-submodules https://github.com/qeeqbox/horizontal-privilege-escalation

```

Run the webapp using Python

```sh

python3 horizontal-privilege-escalation/vulnerable-web-app/webapp.py

```

Open the webapp in your browser 127.0.0.1:5142

 


Login as John (username: john and password: john - The threat actor stole this account)

 


John has access to the tickets only

 


Logout

 


Login as Joe (username: joe and password: joe - The threat actor stole this account)

 


Joe also has access to the tickets and sysinfo

 



## Code

This logic checks if the user is logged in, then it renders sections based on the user's access

```py

@logged_in

def render_home_page(self):

    content = b""

    cookies = SimpleCookie(self.headers.get('Cookie'))

    if "access" in cookies:

        for access in cookies["access"].value.split(","):

            content += getattr(self, f"{access}_section" , None)()

    return BASE_TEMPLATE.replace(b"{{body}}",content)

```