Full width home advertisement

Post Page Advertisement [Top]

The student described the bug to TechCrunch as a client-side privilege escalation vulnerability, which allowed anyone on the internet to create a new Mobile Guardian user account with an extremely high level of system access using only the tools in their web browser. This was because Mobile Guardian’s servers were allegedly not performing the proper security checks and trusting responses from the user’s browser.

The bug meant that the server could be tricked into accepting the higher level of system access for a user’s account by modifying the network traffic in the browser.

TechCrunch was provided a video — recorded on May 30, the day of disclosure — demonstrating how the bug works. The video shows the user creating a “super admin” account using only the browser’s in-built tools to modify the network traffic containing the user’s role to elevate that account’s access from “admin” to “super admin.”

The video showed the server accepting the modified network request, and when logged in as that newly created “super admin” user account, granted access to a dashboard displaying lists of Mobile Guardian enrolled schools.


https://youtu.be/9v9tWYnXxbs?si=wIOZ78lE3P1ezErp submitted by /u/Desperate_Vanilla808
[link] [comments]


http://dlvr.it/TBspyQ

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib