✅Create 2 accounts, logout, login the first account and try requests with the second GUID.
✅search for other endpoints or web services that might leak other UIDs)
#bugbountytips 1/6
GET /view?pg=termandservices
GET /view?pg=../../../../../etc/passwd%00
✅GET /admin/viewtransactions - ACCESS DENIED
GET /ADMIN/viewtransactions - ACCESS GRANTED
2/6
GET /patientDocuments/1235.pdf
✅Many times the pages functions are not access controlled, which means we can change the parameters
POST /admin/viewTransactions.ashx?admin=true&from=08032017&to=08032018
(ex: change the price parameter)
3/6
✅If we are searching for broken access control we need to become a power user (the more we use more chances we have to discover vulns)
4/6
✅More common parameters in functions: doc, key, email, group, profile, edit.
✅Create a function matrix to understand what an admin or an user should be able to do or not
5/6
✅Extensions we can use in Burpto explore this type of vulns - Auth Matrix, Authz, Autorize, AutoRepeater
6/6