Security / Scenario
The Privilege Escalation Path
A regular user reached an admin function. Trace the request logs and role checks to find exactly where authorization broke.
- Difficulty
- Boss
- Format
- Scenario
- Points
- 300
- Estimate
- 20 min
// MISSION BRIEF
Your Mission
A bug bounty report claims a regular user deleted another user's account, an admin-only action. Leadership wants to know: is it real, where's the hole, and how deep does it go?
You have the API route table, the relevant middleware, and the attacker's request log. Trace the authorization failure precisely, this is defensive analysis of your own system.
// FIRST CONTACT
Battle teaser
First artifact
API routes & their guards
What is the PRIMARY vulnerability the attacker exploited?
- AXSS in the user profile
- BThe /transfer endpoint performs a destructive, high-privilege action but is guarded only by requireLogin, no ownership or admin check (Broken Access Control / broken function-level authorization)
- CA weak password on account 9001
- DSQL injection in the transfer body
Answers, scoring, hints, and the full battle stay sealed.
// SKILL TAGS
securitybroken-access-controlauthorizationidor