Authorization Bypass Options

Insecure Direct Object Reference (IDOR / BOLA)

Control someone elses data. Read messages etc.

Role/Permission Check Missing

No authorization? Use it.

Client-Side Controlled Roles

Sometimes you can tamper with the cookie and give the permission yourself from Client Side.

Insecure JWT / Token Validation

Craft JWT as the Admin user.

Path-Based Access Control

• Different URLs for admin vs user, but no role validation.

• Example: /admin/dashboard is just hidden, not protected.

• Code clue: Routing checks only if user is logged in, not if user is admin.

Method Tampering

• Different HTTP methods may bypass checks.

Parameter Pollution

• App checks authorization on first parameter, but executes action on second.

Race Conditions in Access Control

• App checks permission, then executes action separately.

Cross Site Scripting

Deliver malicious JS to the Administrator.

SQL Injection

Retreive Sensitive Data from the database.

Path Traversal / Arbitrary File Read

Read sensitive data from the files on the server.

XXE

Read data.

Type Juggling

Bypass the authentication checks.

Insecure Defaults

Analyze the hardcoded data / comments in the code.

Unsecure Random Function

Generate new password for admin account.