webProeasy

Lab 291 — HireFlow — Broken Authorization in Premium Feature Endpoints

hackadvisor

Task: Recruitment platform with Free/Professional/Enterprise tiers, premium features locked in UI. Solution: Discovered API endpoints in settings page, directly called premium endpoints bypassing client-side restrictions to access confidential reports containing the flag.

$ ls tags/ techniques/

api honeypot broken_access_control subscription_bypass tier_bypass

api_endpoint_enumerationdirect_api_accesssubscription_tier_bypassdecoy_flag_recognition

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 139 — HireFlow — XXE via XML Application Intake— hackadvisor
[web][Pro]Lab 300 — PlanForge — Broken Authentication via Hidden Trial Activation— hackadvisor
[web][Pro]Lab 198 — PayrollSync — Broken Auth via GraphQL Introspection— hackadvisor
[web][Pro]Lab 303 — DevGateway — Broken Access Control in Admin API— hackadvisor
[web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor