{"id":1223,"date":"2022-06-22T17:59:03","date_gmt":"2022-06-22T17:59:03","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=1223"},"modified":"2023-04-10T10:13:59","modified_gmt":"2023-04-10T10:13:59","slug":"security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/","title":{"rendered":"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>What is Privilege Escalation Vulnerability ?<\/h2>\n<p><strong>Privilege escalation<\/strong> is a security vulnerability that allows attackers to gain higher user privileges. This can result in unauthorized access and manipulation of sensitive data.<\/p>\n<p>&nbsp;<\/p>\n<h2>The Story<\/h2>\n<p><em><strong>Asem Eleraky<\/strong>, a security researcher also known as <strong>Melotover<\/strong>, has discovered a way to exploit a <strong>Reflected XSS vulnerability<\/strong> to gain<strong> Super Admin privileges<\/strong>. The researcher found the vulnerability while exploring the subdomain of a private program, referred to as example.com. <\/em><\/p>\n<p>Asem attempted to exploit the vulnerability by adding javascript code to the referer parameter of the URL, which had no validation, and successfully found a Reflected XSS vulnerability of P3 severity.<\/p>\n<p>Further exploration led to the discovery of a function that allows the sending of an invitation to add a user as a Super Admin privileged user.<\/p>\n<p>To exploit the function, Asem had to gather important information such as the <em>PID<\/em> of the current user, the <em>X-Example-CSRF<\/em> header with a <em>CSRF value<\/em>, and the JSON format request body containing the email of the user to be invited, as well as the role of the invited user. However, this information was missing, so the researcher had to dig deeper to gather the necessary information..<\/p>\n<p>Asem found that the cookie parameters had useful information like the PID of the user in the USER_ID parameter and the CSRF value in the example-csrf cookie parameter.<\/p>\n<p>With all the necessary information, Asem wrote a <em>javascript payload<\/em> that made the whole process of the exploit possible. The payload was used to send a link to the victim, and when the victim clicked on the link, Asem gained <strong>Super Admin privileges<\/strong> on the victim&#8217;s account.<\/p>\n<p>&nbsp;<\/p>\n<h2>How to Prevent Privilege Escalation Vulnerability?<\/h2>\n<p>To prevent this type of vulnerability, here are some steps that can be taken:<\/p>\n<ol>\n<li>Regularly update and patch software and applications to ensure that known vulnerabilities are addressed.<\/li>\n<li>Implement strong access controls and permissions management, such as least privilege, role-based access control (RBAC), and separation of duties.<\/li>\n<li>Use secure coding practices to avoid common programming errors that can lead to privilege escalation vulnerabilities, such as input validation, output encoding, and proper error handling.<\/li>\n<li>Conduct regular security assessments and penetration testing to identify potential vulnerabilities and address them before they can be exploited by attackers.<\/li>\n<li>Implement network segmentation and isolation to limit the impact of a potential attack.<\/li>\n<li>Monitor system logs and user activity to detect and respond to potential privilege escalation attempts.<\/li>\n<\/ol>\n<p>By following these steps, organizations can help reduce the risk of privilege escalation vulnerabilities and protect their systems and data from unauthorized access and exploitation.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Link to read full write up: <\/strong><em><a href=\"https:\/\/secry.me\/explore\/fvuy\">here<\/a><\/em><\/p>\n<p><strong>Save the PDF <\/strong><a href=\"https:\/\/secry.me\/explore\/pdf-story\/XSS\/How%20I%20leveraged%20XSS%20to%20make%20Privilege%20Escalation%20to%20be%20Super%20Admin!%20_%20by%20Asem%20Eleraky%20_%20Medium.pdf\"><em>here<\/em><\/a><\/p>\n<p>&nbsp;<\/p>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This can result in unauthorized access and manipulation of sensitive data. &nbsp; The Story Asem Eleraky, a security researcher also known as Melotover, has discovered a way to exploit a Reflected XSS vulnerability to gain [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1224,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[136,120],"tags":[122,121,124,123],"class_list":["post-1223","post","type-post","status-publish","format-standard","has-post-thumbnail","category-bug-bounty","category-xss","tag-p2severity","tag-privilegeescalation","tag-superadmin","tag-xss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS | SECRY<\/title>\n<meta name=\"description\" content=\"What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS | SECRY\" \/>\n<meta property=\"og:description\" content=\"What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-22T17:59:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-10T10:13:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/2-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\"},\"headline\":\"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS\",\"datePublished\":\"2022-06-22T17:59:03+00:00\",\"dateModified\":\"2023-04-10T10:13:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/\"},\"wordCount\":455,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/2-1.png\",\"keywords\":[\"p2severity\",\"privilegeescalation\",\"superadmin\",\"xss\"],\"articleSection\":[\"Bug Bounty\",\"XSS\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/\",\"name\":\"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/2-1.png\",\"datePublished\":\"2022-06-22T17:59:03+00:00\",\"dateModified\":\"2023-04-10T10:13:59+00:00\",\"description\":\"What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/2-1.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/2-1.png\",\"width\":1280,\"height\":720,\"caption\":\"turn-xss-to-privilege-escalation\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS | SECRY","description":"What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/","og_locale":"en_US","og_type":"article","og_title":"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS | SECRY","og_description":"What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This","og_url":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2022-06-22T17:59:03+00:00","article_modified_time":"2023-04-10T10:13:59+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/2-1.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f"},"headline":"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS","datePublished":"2022-06-22T17:59:03+00:00","dateModified":"2023-04-10T10:13:59+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/"},"wordCount":455,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2022\/06\/2-1.png","keywords":["p2severity","privilegeescalation","superadmin","xss"],"articleSection":["Bug Bounty","XSS"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/","url":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/","name":"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2022\/06\/2-1.png","datePublished":"2022-06-22T17:59:03+00:00","dateModified":"2023-04-10T10:13:59+00:00","description":"What is Privilege Escalation Vulnerability ? Privilege escalation is a security vulnerability that allows attackers to gain higher user privileges. This","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2022\/06\/2-1.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2022\/06\/2-1.png","width":1280,"height":720,"caption":"turn-xss-to-privilege-escalation"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/security-researcher-share-his-experience-about-privilege-escalation-to-super-admin-by-xss\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Security Researcher Share His Experience About Privilege Escalation to Super Admin by XSS"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=1223"}],"version-history":[{"count":20,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1223\/revisions"}],"predecessor-version":[{"id":2498,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1223\/revisions\/2498"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/1224"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=1223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=1223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=1223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}