all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

My first Hall Of Fame with a chained Broken Access Control

Add to bookmarks
Feb. 2, 2023, 2:25 p.m. | Naman Jain

InfoSec Write-ups - Medium infosecwriteups.com

This blog is about how I got my first HOF after chaining multiple bugs.

Let’s get started.

What is Broken Access Control

In simple words, BAC means you are able to perform certain actions or fetch certain files which you are not authorized to.

The Bug

Let’s name the program redacted.com. After some enumeration I found a support page i.e. redacted.com/support which has a login feature. I created an account i.e. Attacker1 and started exploring with it.

Later I …

access access control account actions bac blog broken access control bug bounty bug-bounty-writeup bugs control enumeration fame fetch files infosec info-sec-writeups infosec-write-ups login name program simple support what is

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 1 day, 11 hours ago | infosecwriteups.com
architecture basics components continue +14
NTFS Filesystem: Alternate Data Stream (ADS) 1 day, 11 hours ago | infosecwriteups.com
filesystem forensics ntfs security +1
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 1 day, 11 hours ago | infosecwriteups.com
hacker hacking hacking tools linux +1
Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 1 day, 11 hours ago | infosecwriteups.com
artificial intelligence breaking bypass chatgpt +15
XSS Unpacked: What It Is, How It Works, and How to Stop It 1 day, 11 hours ago | infosecwriteups.com
cybersecurity script-injection secure coding web security +1
How I Hack Web Applications (Part 1) 1 day, 11 hours ago | infosecwriteups.com
application security bug bounty ethical hacking infosec +1
Storm Breaker: Unveiling the Power of the Social Engineering Tool 1 day, 11 hours ago | infosecwriteups.com
capabilities continue cybersecurity engineering +12
CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 1 day, 11 hours ago | infosecwriteups.com
bug bounty command command injection critical +13
If You Want To Be A CISO Then Read This First … 1 day, 11 hours ago | infosecwriteups.com
career advice careers ciso cybersecurity +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cloud Security Engineer

@ Pacific Gas and Electric Company | Oakland, CA, US, 94612
View on infosec-jobs.com

Penetration Tester (Level 2)

@ Verve Group | Pune, Mahārāshtra, India
View on infosec-jobs.com

Senior Security Operations Engineer (Azure)

@ Jamf | US Remote
View on infosec-jobs.com

(Junior) Cyber Security Consultant IAM (m/w/d)

@ Atos | Berlin, DE, D-13353
View on infosec-jobs.com
View more jobs