all InfoSec news
My first Hall Of Fame with a chained Broken Access Control
InfoSec Write-ups - Medium infosecwriteups.com
This blog is about how I got my first HOF after chaining multiple bugs.
Let’s get started.
What is Broken Access Control
In simple words, BAC means you are able to perform certain actions or fetch certain files which you are not authorized to.The Bug
Let’s name the program redacted.com. After some enumeration I found a support page i.e. redacted.com/support which has a login feature. I created an account i.e. Attacker1 and started exploring with it.
Later I …
access access control account actions bac blog broken access control bug bounty bug-bounty-writeup bugs control enumeration fame fetch files infosec info-sec-writeups infosec-write-ups login name program simple support what is