Admin access !!

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Admin access !!

Hellow folks! I hope you’re well! In this writeup I’ll tell you how I become low privilege user to an Admin. So without further delay let’s get started.

I was hunting on private program of Bugcrowd. That company was providing Cloud Security, Network Security, etc. (Related to Cyber Security). I started doing recon and I tested 2–3 domains and I found nothing. I moved on another subdomain. That subdomain was type of ecommerce. We can purchase Softwares and so on. I was testing on sign in page functionality. There was validation while creating an account.

JS Validation

So I typed something@example.com and intercept request while click on submit button. I changed example.com to gmail.com and forwarded the request. And I logged In, there was no email verification too.

Then I started playing with Burp History. I got sub.redacted.com/api/users. I send it to repeater click on go and got 401 Unauthorized. I checked other requests and I got that Authorization header is missing.

Something is missing…

I copied Authorization header with value(JWT). And I got

Read more

Explore the site

More from the blog

Latest News