Privilege Escalation — Unauthenticated access to Admin Portal (CVE-2020–35745)

Ashish Dhone
3 min readJan 6, 2021

Introduction

This article is a write up on how I found a Privilege Escalation Vulnerability where an attacker can access complete admin portal without authentication which gave me a new CVE-2020–35745.

What is Privilege Escalation?

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the application. This is usually caused by a flaw in the application. The result is that the application performs actions with more privileges than those intended by the developer or system administrator.

Usually, people refer to vertical escalation when it is possible to access resources granted to more privileged accounts (e.g., acquiring administrative privileges for the application), and to horizontal escalation when it is possible to access resources granted to a similarly configured account (e.g., in an online banking application, accessing information related to a different user).

Vulnerability exploitation

I have found this vulnerability in Hospital Management System — 4.0 of PHPGURUKUL.

Hospital Management System is a web application for the hospital which manages doctors and patients. In this project, they use PHP and MySQL database.
The entire project mainly consists of 3 modules, which are

--

--

Ashish Dhone
Ashish Dhone

Written by Ashish Dhone

Top Hacker’s Ranking in World | Best Bug Hunter @Microsoft MVR 2023 & 2024 @Apple 2022 @Google 2021 & 300+ | CRTP | LPT | CPENT | eWPTXv2 | CHFI | CEH | CVEs x4

Responses (2)