Privilege escalation from admin and normal user to super admin
Discription
# Description
Lav_sms provides 5 types of roles. But the issue is admin can escalate to the super admin role for himself as well as for other un-privileged users too even lower than the admin role.
# Proof of Concept
“`
1. POST /users/{id} with custom payload via API Testing tool like postman/Insomnia.
“`
# Steps to reproduce
“`
1. Login as admin.
2. Navigate to Edit Users Panel.
3. Click on Edit user to get their HashId from URL OR get hashid of current user by visiting My Profile.
4. POST request to /users/{hashid} with method, csrf token and an extra field user_type = ‘admin’ or ‘super_admin’
5. The edited user is now admin/superadmin.
“`Read More
References
Back to Main