webPromedium
Lab 7 — TeamForge - Privilege Escalation via Invitation Flow
hackadvisor
Task: Team collaboration platform with RBAC (Owner/Admin/Member) and invitation system. Solution: IDOR on /org/{id}/team leaked user emails across organizations, then weak passwords ({username}123) allowed login as Owner to access admin dashboard.
$ ls tags/ techniques/
idor_exploitationbroken_access_controlcredential_guessingpassword_pattern_attack
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]TeamForge — Privilege Escalation via IDOR and Weak Passwords— hackadvisor_kubstu
- [web][Pro]TeamForge — IDOR to Owner Account Takeover via Weak Passwords— hackadvisor
- [web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor
- [web][Pro]Lab 294 — TeamForge — GraphQL Self-Escalation via UpdateMembership— hackadvisor
- [web][Pro]Lab 27 — AdReach — CSRF + IDOR Account Takeover via Profile Update— hackadvisor