Sitemap

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Member-only story

500$ Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles

3 min readNov 19, 2023

Discover how low-privilege users are able to create feature bundles in Examtegg (an Private Program), bypassing system security, and get paid 500$ in this exploration of an important vulnerability.

Understanding Target and Feature:

Examtegg (Virtual name of Private Program) is a platform that offers various services and features to help companies manage their applications more effectively. Among these features, there’s a critical one called “Feature Bundles.” Feature Bundles allow administrators and authorized personnel to group specific functionalities or components together, making it easier to manage user access to these features. It’s a useful tool for ensuring that the right people have access to the right functionalities within an application.

The Vulnerability: Unauthorized Creation of Feature Bundles

The security hiccup here is that users with low privileges, who shouldn’t be able to create these bundles, can do so. This means that unauthorized users can tinker with configurations they shouldn’t be allowed to, compromising security and risking the stability of the entire system.

Before we move on, if you like my write-ups, please support me by liking…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web
Already have an account? Sign in

InfoSec Write-ups

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Abhi Sharma

Written by Abhi Sharma

Cybersecurity Consultant | Pentester | Bug Bounty Hunter | ContentWriter 🔗 Connect with me on https://twitter.com/a13h1_ and https://www.linkedin.com/in/a13h1/

Responses (3)

To respond to this story,
get the free Medium app.

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Osm bro 🍁any poc ?[H1]

1

Bro, did you mean you used the admins post request body with the low privileged users bearer token?

1

Thank you Abhi, for putting this article together. I added it to the Time-Poor Cybersecurity Professional's Guide: Edition IX as well. Well done. :)

1