Broken Access Control Logic`s

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.

Types of Broken Access Controls

Content Access Control

Search in: robots.txt,Sitemap.XML, Source Code, javascript code reviews, BruteForcing.

Parameter Access Control

GET,POST,PUT,OPTIONS,TRACE, Cookies parameters,Json params Also redireacting leakage.

IDOR,User_ID, Files_ID, GUID

Url-Based Access Control

Tampering the API call by request header

X-original-URL: *unauthorized path*

X-rewrite-URL: *unauthorized path*

Method-based Access Control

Changing methods such as GET, POST, PUT, OPTIONS, TRACE,

Access Control for a multi-step process

Depending on the application logic, every step and redirection as to be validated.

Referrer-Based Access Control

Tampering the referrer header such as:Referrer: Https://hacked.com, also deleting the referrers

What is Authentication?

Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

What is Authorization?

Authorization is the process where requests to access a particular resource should be granted or denied.

Access Control Types

  1. Vertical Access Control: (When user is able to view Admin`s Data)
  2. Horizontal Access Control:(When User A is able to view the User B`s Data)
  3. Context-Dependent Access Control: (Tampering the order of booking tickets)

Few Tips while on Broken Access Control hunting

  • Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or simply using a custom API attack tool.
  • Allowing the primary key to be changed to another’s user's record, permitting viewing or editing of someone else’s account.
  • Attempts on privilege escalations. ie Acting as a user without being logged in, or acting as an admin when logged in as a user.
  • Metadata manipulation, such as replaying or tampering with a JSON Web Token (JWT) access control token
  • Concentrate more on CORS misconfiguration, which gives a lead to have an interaction with external domains.
  • Forced browsing to authenticated pages as an unauthenticated user

Referrer: Https://hacked.com, also deleting the referrers

Suggestions are most welcomed, Please write a mail to Akash.venky091@gmail.com, Also you can follow me here for more updates on Security, Ethical hacking Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/

--

--

--

A white hat Hacker...!!!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Scope a Network Pentest: Tips from an Expert Pentester

What are the Security Risks of Cloud Computing? | PCH Technologies

{UPDATE} Polizei Tuk Tuk Hack Free Resources Generator

2021 Lossless Games: $10,000 of LSS in prizes — Round 1 Results

Secure code generation tool — Introducing Vanth Security

EPNS Snapshot Voting

Maintaining Session in NTLM Authentication

{UPDATE} Aces Up - Easthaven Solitaire Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash Venky

Akash Venky

A white hat Hacker...!!!

More from Medium

Hacker Interview #2: Alvin “Steiner254”

How i find (CORS) cross-origin resource sharing misconfiguration

Compromise domain with NoPac exploit

Cross Site Scripting (XSS) for Dummies