Privilege Escalation

Overview

Description

Privilege Escalation means getting privileges to access something you should not accessible. This is the most common vulnerability found in web applications.

Types of Privilege Escalation:

1. Horizontal Privilege Escalation
  • In access control hierarchy, if you are escalating the same level privileges, then it is called as Horizontal Privilege Escalation.
  • For example, one user can access the secret data of another user.
  • CSRF is an example of Horizontal Privilege Escalation.
2. Verticle Privilege Escalation
  • In access control hierarchy, if you are escalating higher-level privileges, then it is called as Verticle Privilege Escalation.
  • For example, one user can use administrative data.
  • It has a comparatively higher impact than Horizaontle Privilege Escalation.

Example

considers a scenario. website https://site.com has User Dashboard and Admin Dashboard

Based on the role(user or admin), there are different functionalities provided.

Actions, a user can perform are listed on User Dashboard, (https://site.com/dashboard) are as below,

https://site.com/view_profile
https://site.com/edit_profile
https://site.com/change_password

Actions, an admin can perform are listed on Admin Dashboard, (https://site.com/admin/dashboard) are as below,

https://site.com/admin/view_profile?id=<USER_ID>
https://site.com/admin/edit_profile?id=<USER_ID>
https://site.com/admin/change_password?id=<USER_ID>

A normal user will not know the end-points in the admin dashboard.

If this website has not implemented access control appropriately, it is vulnerable to Privilege Escalation, and if some normal user gets those end-point details, he can send a request as,

https://site.com/admin/view_profile?id=<USER_ID> and he will be able to view a profile, edit profile, change the password of any other user.

This is an example of Verticle Privilege Escalation.

Impact

  • The impact of this vulnerability depends on what actions the attacker can perform by escalating privileges. In general, it has a high impact.
  • It can leak sensitive data of users, customers.
  • It may lead to account takeover.
  • If It is Verticle Privilege Escalation then will be very high impact as a user can perform administrative action like delete all users, access all database, etc.

Prevention

  • Follow the principle of least privileges.
  • If the resource is only for internal use, deny public access to it.
  • Deny access by default to all resource, only give intended access to each resource.
  • Keep the system updated.
  • Close unnecessary open ports. Stop unused services.