Broken Access Control Logic`s

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.

Types of Broken Access Controls

Content Access Control

Search in: robots.txt,Sitemap.XML, Source Code, javascript code reviews, BruteForcing.

Parameter Access Control

GET,POST,PUT,OPTIONS,TRACE, Cookies parameters,Json params Also redireacting leakage.

IDOR,User_ID, Files_ID, GUID

Url-Based Access Control

Tampering the API call by request header

X-original-URL: *unauthorized path*

X-rewrite-URL: *unauthorized path*

Method-based Access Control

Changing methods such as GET, POST, PUT, OPTIONS, TRACE,

Access Control for a multi-step process

Depending on the application logic, every step and redirection as to be validated.

Referrer-Based Access Control

Tampering the referrer header such as:Referrer: Https://hacked.com, also deleting the referrers

What is Authentication?

Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

What is Authorization?

Authorization is the process where requests to access a particular resource should be granted or denied.

Access Control Types

1. Vertical Access Control: (When user is able to view Admin`s Data)
2. Horizontal Access Control:(When User A is able to view the User B`s Data)
3. Context-Dependent Access Control: (Tampering the order of booking tickets)

Few Tips while on Broken Access Control hunting

• Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or simply using a custom API attack tool.
• Allowing the primary key to be changed to another’s user's record, permitting viewing or editing of someone else’s account.
• Attempts on privilege escalations. ie Acting as a user without being logged in, or acting as an admin when logged in as a user.
• Metadata manipulation, such as replaying or tampering with a JSON Web Token (JWT) access control token
• Concentrate more on CORS misconfiguration, which gives a lead to have an interaction with external domains.
• Forced browsing to authenticated pages as an unauthenticated user

Referrer: Https://hacked.com, also deleting the referrers

Suggestions are most welcomed, Please write a mail to Akash.venky091@gmail.com, Also you can follow me here for more updates on Security, Ethical hacking Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/