Member-only story
500$ Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles
Discover how low-privilege users are able to create feature bundles in Examtegg (an Private Program), bypassing system security, and get paid 500$ in this exploration of an important vulnerability.
Understanding Target and Feature:
Examtegg (Virtual name of Private Program) is a platform that offers various services and features to help companies manage their applications more effectively. Among these features, there’s a critical one called “Feature Bundles.” Feature Bundles allow administrators and authorized personnel to group specific functionalities or components together, making it easier to manage user access to these features. It’s a useful tool for ensuring that the right people have access to the right functionalities within an application.
The Vulnerability: Unauthorized Creation of Feature Bundles
The security hiccup here is that users with low privileges, who shouldn’t be able to create these bundles, can do so. This means that unauthorized users can tinker with configurations they shouldn’t be allowed to, compromising security and risking the stability of the entire system.
Before we move on, if you like my write-ups, please support me by liking…