Privilege Escalation

Normal User’s Profile
Decode value of ‘param’
Replace value of ‘SelectroleName’ parameter to high privileged user
Encode value of ‘param’
Super Admin’s Profile
Decode value of ‘param’
Replace value of ‘userid’ parameter to high privileged user
Encode value of ‘param’

This exploit was possible because the application does not implemented proper mapping of the user to the corresponding accessibility privilege.

Solution

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store