Broken Access Control Logic`s

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.

Types of Broken Access Controls

Content Access Control

Search in: robots.txt,Sitemap.XML, Source Code, javascript code reviews, BruteForcing.

Parameter Access Control

GET,POST,PUT,OPTIONS,TRACE, Cookies parameters,Json params Also redireacting leakage.

IDOR,User_ID, Files_ID, GUID

Url-Based Access Control

Tampering the API call by request header

X-original-URL: *unauthorized path*

X-rewrite-URL: *unauthorized path*

Method-based Access Control

Changing methods such as GET, POST, PUT, OPTIONS, TRACE,

Access Control for a multi-step process

Depending on the application logic, every step and redirection as to be validated.

Referrer-Based Access Control

Tampering the referrer header such as:Referrer: Https://hacked.com, also deleting the referrers

What is Authentication?

Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

What is Authorization?

Authorization is the process where requests to access a particular resource should be granted or denied.

Access Control Types

  1. Vertical Access Control: (When user is able to view Admin`s Data)
  2. Horizontal Access Control:(When User A is able to view the User B`s Data)
  3. Context-Dependent Access Control: (Tampering the order of booking tickets)

Few Tips while on Broken Access Control hunting

  • Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or simply using a custom API attack tool.
  • Allowing the primary key to be changed to another’s user's record, permitting viewing or editing of someone else’s account.
  • Attempts on privilege escalations. ie Acting as a user without being logged in, or acting as an admin when logged in as a user.
  • Metadata manipulation, such as replaying or tampering with a JSON Web Token (JWT) access control token
  • Concentrate more on CORS misconfiguration, which gives a lead to have an interaction with external domains.
  • Forced browsing to authenticated pages as an unauthenticated user

Referrer: Https://hacked.com, also deleting the referrers

Suggestions are most welcomed, Please write a mail to Akash.venky091@gmail.com, Also you can follow me here for more updates on Security, Ethical hacking Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store