Normal user can set himself or any other user to admin role

# Description
Improper access to an API endpoint`AddUserToRole` can allow a regular user to escalate his privileges to be an admin

# Infected code
[Authorize(Roles = Roles.User)]
public async Task AddUserToRole([FromQuery] string username, string role)
var results = await _auth.AddUserToRoleAsync(username, role);
if (!results.IsSuccess)
return BadRequest(results);
return Ok(results);
As seen it just allows a user role to access this endpoint and no proper checks for what role can be added So it can be an admin role
# Proof of Concept
curl -X ‘POST’
-H ‘accept: */*’
-H ‘Authorization: ‘
-d ”
“`Read More

Back to Main

Subscribe for the latest news:
%d bloggers like this: