Security / Scenario

The Privilege Escalation Path

A regular user reached an admin function. Trace the request logs and role checks to find exactly where authorization broke.

Difficulty
Boss
Format
Scenario
Points
300
Estimate
20 min

// MISSION BRIEF

Your Mission

A bug bounty report claims a regular user deleted another user's account, an admin-only action. Leadership wants to know: is it real, where's the hole, and how deep does it go?

You have the API route table, the relevant middleware, and the attacker's request log. Trace the authorization failure precisely, this is defensive analysis of your own system.

// FIRST CONTACT

Battle teaser

First artifact

API routes & their guards

What is the PRIMARY vulnerability the attacker exploited?

  1. AXSS in the user profile
  2. BThe /transfer endpoint performs a destructive, high-privilege action but is guarded only by requireLogin, no ownership or admin check (Broken Access Control / broken function-level authorization)
  3. CA weak password on account 9001
  4. DSQL injection in the transfer body
Answers, scoring, hints, and the full battle stay sealed.

// SKILL TAGS

securitybroken-access-controlauthorizationidor