???? The full privilege escalation case study: https://members.bugbountyexplained.com/bypassing-admin-checks-and-more-privilege-escalation-case-study/
???? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw

This video is the part of case study of 162 disclosed privilege escalation bug bounty reports.

Mention Shopify video: https://youtu.be/ZFst3-r-9Lg

???? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Timestamps:

00:00 Intro
00:18 Reading data
03:09 Creating or modifying resources
05:51 Permanently escalating permissions within the organisation
08:16 Deleting resources
12:06 The attacker keeps old privileges
14:54 Joining another organisation
16:51 Paywall bypasses
17:36 Bypassing victim’s confirmation
18:50 Overpermissive OAuth app

Add comment

Your email address will not be published. Required fields are marked *