Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V11 - Business Logic

Horizontal Privilege Escalation

POC

  • Login as UserA
  • Using the IDOR vulnerability found, impersonate to User B who has the same privileges as UserA Note: Since this is a business logic vulnerability, the PoC is generalized

Impact

Medium-High

Likelihood

High