Broken Access Control Logic`s
Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.
Types of Broken Access Controls
Content Access Control
Parameter Access Control
GET,POST,PUT,OPTIONS,TRACE, Cookies parameters,Json params Also redireacting leakage.
IDOR,User_ID, Files_ID, GUID
Url-Based Access Control
Tampering the API call by request header
X-original-URL: *unauthorized path*
X-rewrite-URL: *unauthorized path*
Method-based Access Control
Changing methods such as GET, POST, PUT, OPTIONS, TRACE,
Access Control for a multi-step process
Depending on the application logic, every step and redirection as to be validated.
Referrer-Based Access Control
Tampering the referrer header such as:Referrer: Https://hacked.com, also deleting the referrers
What is Authentication?
Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.
What is Authorization?
Authorization is the process where requests to access a particular resource should be granted or denied.
Access Control Types
- Vertical Access Control: (When user is able to view Admin`s Data)
- Horizontal Access Control:(When User A is able to view the User B`s Data)
- Context-Dependent Access Control: (Tampering the order of booking tickets)
Few Tips while on Broken Access Control hunting
- Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or simply using a custom API attack tool.
- Allowing the primary key to be changed to another’s user's record, permitting viewing or editing of someone else’s account.
- Attempts on privilege escalations. ie Acting as a user without being logged in, or acting as an admin when logged in as a user.
- Metadata manipulation, such as replaying or tampering with a JSON Web Token (JWT) access control token
- Concentrate more on CORS misconfiguration, which gives a lead to have an interaction with external domains.
- Forced browsing to authenticated pages as an unauthenticated user
Referrer: Https://hacked.com, also deleting the referrers
Suggestions are most welcomed, Please write a mail to Akash.firstname.lastname@example.org, Also you can follow me here for more updates on Security, Ethical hacking Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/