pikachu shooting range-Over Permission

Over Permission (Over Permission)
User A's permissions are less than user B's permissions. At this time, user A's permissions are used to operate user B's data. If the operation can be successful, it is called an over-permission operation.

Ultra-privilege vulnerabilities are generally prone to appear in places where permission pages (pages that require login) are added, deleted, modified, and checked.

The reason for the unauthorized access vulnerability is the use of unreasonable permission verification rules in the background. When a user adds, deletes, modifies, or checks the information on the permissions page, the background will verify the current user's permissions to see if they have the permissions to operate, and then give a response. If the verification rules are too simple, unauthorized access vulnerabilities may easily occur.

Preventing unauthorized access vulnerabilities
1. Use the principle of least privilege to empower users;
2. Use reasonable (strict) permission verification rules;
3. Use the background login state as a condition for permission judgment, without using conditions transmitted from the front end.

Horizontal ultra vires

Given three users, let’s try to log in to any one and see.

Modify lucy and change it to kobe

I can see other people’s information, but I’m logged in with my lucy account.

It can be seen that there are ultra-privilege vulnerabilities

vertical override

The reason why it is called vertical privilege escalation means that vertical privilege escalation means that low-privilege users can do some actions of high-privilege users.
Check the prompts. There are two users. Log in to the pikachu low-privilege account.

Enter the super administrator's editing page and find that pikachu also has administrator rights. Try to add a user.

The user was added successfully and the user was found to be created.