all InfoSec news
Privilege Escalation Using SCIM Provisioning
May 10, 2024, 4:55 a.m. | Ronak Patel
InfoSec Write-ups - Medium infosecwriteups.com
Hi Fellow Hackers!!!
Happy New Year!!!
This Write-Up is about the same program i mentioned in my another article “https://medium.com/@ronak-9889/admin-account-takeover-ab7535fe0fdb”
As mentioned in that write-up this program introduced new feature called “Custom role” which allows admin to create user with custom permissions. One of the permission which could be assigned was “Access to security section”
As seen above Imagine Admin has created user with the custom role which has only “access to security section” admin permission.
As seen …
access control bug bounty cybersecurity information security privilege escalation
More from infosecwriteups.com / InfoSec Write-ups - Medium
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Senior Application Security Engineer
@ Austin Community College | HMO99: Field Office - MO Remote Location, Remote City, MO, 65043 USA
Sr. Information Assurance Security Analyst
@ SMS Data Products Group, Inc. | San Antonio, TX, United States
Product Cybersecurity Test Infrastructure Engineer (Remote)
@ SNC-Lavalin | HCT99: Field Office - CT Remote Location, Remote City, CT, 06101 USA