Authorization Bypass Options

Insecure Direct Object Reference (IDOR / BOLA)

Control someone elses data. Read messages etc.

Role/Permission Check Missing

No authorization? Use it.

Client-Side Controlled Roles

Sometimes you can tamper with the cookie and give the permission yourself from Client Side.

Insecure JWT / Token Validation

Craft JWT as the Admin user.

Path-Based Access Control

Different URLs for admin vs user, but no role validation.
Example: /admin/dashboard is just hidden, not protected.
Code clue: Routing checks only if user is logged in, not if user is admin.

Method Tampering

Different HTTP methods may bypass checks.

Parameter Pollution

App checks authorization on first parameter, but executes action on second.

Race Conditions in Access Control

App checks permission, then executes action separately.

Cross Site Scripting

Deliver malicious JS to the Administrator.

SQL Injection

Retreive Sensitive Data from the database.

Path Traversal / Arbitrary File Read

Read sensitive data from the files on the server.

XXE

Read data.

Type Juggling

Bypass the authentication checks.

Insecure Defaults

Analyze the hardcoded data / comments in the code.

Unsecure Random Function

Generate new password for admin account.

PreviousOSWE Syllabus Table NextRCE Options

Last updated 5 months ago

hashtagInsecure Direct Object Reference (IDOR / BOLA)

hashtagRole/Permission Check Missing

hashtagClient-Side Controlled Roles

hashtagInsecure JWT / Token Validation

hashtagPath-Based Access Control

hashtagMethod Tampering

hashtagParameter Pollution

hashtagRace Conditions in Access Control

hashtagCross Site Scripting

hashtagSQL Injection

hashtagPath Traversal / Arbitrary File Read

hashtagXXE

hashtagType Juggling

hashtagInsecure Defaults

hashtagUnsecure Random Function