Access control of an application authorizes users to access specific resources based on their user type. In web applications, access control is dependent on the following:
Authentication: confirms that the user is who they say they are
Session management: identifies the http requests being made by the user
Access control ensures that authenticated user is allowed to carry out the actions in the requests they are making.
Vertical Privilege Escalation:
A privilege escalation in which a user can gain access to control or resources which should normally not be of access to him/her is known as vertical privilege escalation. At the most basic, vertical privilege escalation takes place when applications do not enforce protection to sensitive functionality
Lab:
The aim of this lab is to access the admin panel as a normal user and delete the account of another user.
In the description of the lab, a couple of hints are provided
The first hint: a basic way to access the administrative panel is to identify the URL used to access it.
And second:
A website has a text file called robots.txt which contains a list of pages of the website, including the administrative URL
In the beginning, we are greeting with the default products page
From here, we can attempt to look for the admin page by testing with the word "admin"
However this will only lead to a 404 error
Instead if we try to access the robots.txt file, the text file comes into view, which provides a view of the admin page URL.
Now when the admin page URL is accessed, the users stored in the page comes into view, along with the delete button.
Once the respective user is deleted, the lab is solved as is displayed