Privilege Escalation: From being a normal user to admin

Privilege Escalation: Privilege escalation happens when an attacker exploits a bug, design flaw, or configuration error in an application or operating system to gain elevated access to system resources that should normally be unavailable to any unauthorized user.


Hi Infosec Community,

I hope everyone is fine and hitting hard on the applications, I encountered a privilege escalation issue so let’s discuss about it.

I was hunting on a private program and started with subdomain enumeration with Subfinder.

subfinder -d | httpx -o /output_file.txt

After that, I ran Waybackurls on output_file.txt.

cat output_file.txt | waybackurls > /wayback.txt

I was searching for various keywords in the wayback.txt file and finally got something really interesting having the keyword “admin”

Now I signed up for the account on to get an insight of the application and was exploring the application while keeping an eye on the above url which I found in the wayback.txt. I was exploring the features and there was nothing related to admin.

So, out of curiosity, I opened a new tab adjacent to the current tab I was logged into, with a normal user account and pasted the above URL.

After the results displayed on my screen, I analyzed the resultant webpage for a while.

So, after hitting the URL which was redirecting to URL consisting of “admin” keyword and app_id of admin, my normal user account changed to the admin and I was able to access the functionalities which were unauthorized initially.

So, this is how I was able to get access to all the admin functionalities and achieved the higher privileged role on the web application.


  • Explore the application thoroughly
  • Always look for sensitive keywords like admin, api_key, token etc.
  • Look for urls having “admin” keyword in it
  • Be curious, you will definitely land up with a great finding
  • Open higher privileged account requests directly in the new tab adjacent to the tab in which normal user is logged in, sometimes you will get access to functionalities which are not authorized for user.





Social media: @parasarora06 , Penetration Tester | Application Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

IDEX Lists RAVEN Supporting Decentralized AI on Binance Smart Chain

Magda is Hacking Series: Symfonos Write-Up

Cryptocurrency Is the New Password Privacy.

What Makes xHashtag Token ($XTAG) A Utility Token

How Much Does “Forgot Password” Cost You?

“Fake Android Apps: Effect on Cyber Security and How to Spot and Avoid Them.” (From our Forums.)

Internet Browser Management

How to use the Apollo Protocol Dashboard (part 1):

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Paras Arora

Paras Arora

Social media: @parasarora06 , Penetration Tester | Application Security

More from Medium

Zain CTF 2022 Writeups — squirrel Challenge

UTCTF 2021 — RF is Spooky

Root me: Bash — System 1

Basic CSRF