Horizontal => Vertical

User ID controlled by request parameter which tends to leak passwords

Login as a user and check for the admin panel

It restricts us, thereby try tampering the user's name as administrator or admin https://<website.com>/myaccount?username=administrator

This will return us a 200 status code and therby if we take a closer look we can see the password has been leaked in the web JS context.

PreviousHorizontal PrivEscNextOS Command Injection

Last updated