A User to Admin: How I Went From Nobody to Owning the Admin Panel
1 min read
Summary
A security researcher has detailed a recent vulnerability they discovered that allowed them to bypass email verification and escalate privileges to gain full control of a target application’s admin panel without touching the original credentials.
The vulnerability was discovered when the researcher was examining a student portal web application, which appeared to have poor security measures in place.
They were able to register a throwaway email address without any verification processes and gain access to the dashboard as a regular user.
Exploring the dashboard further, the researcher found a full list of users, including admin accounts, each with an Edit button next to them.
They were able to change the password for an admin account and gain access to full control of the application without requiring any valid credentials.
The vulnerabilities uncovered highlight the need for robust authentication processes and verifying user inputs.