BOOK THIS SPACE FOR AD
ARTICLE ADHello Jai Sia Ram Dosto,
Here is my first blog.
I have found the Privilege Escalation during pen-testing.
Sometime we have to focus on our target.
I got 1 application Example.com for pen-testing. There was two users admin and supervisor. Both users have almost same functionality. So i started to go through the application, done with the recon part.
Unfortunately i didn’t find anything after few hours of using tools and research. I got to know that admin user has a different endpoint named with /adminpanel and there was a functionality that only admin has access of it.
Then i Logged into the application with the supervisor user and changed the endpoint to /adminpanel. Guess what i got the admin panel and there was a functionality only admin can get access. I was able to do all the functionality admin have on admin endpoint.
Hope you find this write-up helpful.