Simple BAC Bugs on Facebook: A Security Research Insight

By /

Listen to this Post

URLs:

  1. [BAC] Sending message as a page using Job Manager Role (privileges not getting downgraded upon role downgrade)
    https://lnkd.in/g9yfqGGC

  2. [BAC] Bypassing Approval request while adding user as Job Manager of a page
    https://lnkd.in/gwv4fC7Z

Practice Verified Codes and Commands:

1. Checking Privilege Escalation in Linux:

Use the following command to check user privileges and roles in a Linux system: 

id 
sudo -l

This helps identify if a user has elevated privileges that should have been downgraded.

2. Simulating Role Downgrade in Windows:

Use PowerShell to check user roles and permissions:

Get-LocalUser | Select Name, Enabled, Description

This command lists users and their status, helping to verify if roles are correctly downgraded.

3. Testing for BAC Vulnerabilities in Web Applications:

Use `curl` to simulate HTTP requests and test for improper access controls: 

curl -X POST -d "user_id=123&role=admin" http://example.com/update_role

This command tests if a user can escalate privileges by sending a POST request.

4. Automating Security Checks with Python:

Use Python to automate testing for BAC vulnerabilities:

import requests

url = "http://example.com/update_role" 
payload = {"user_id": "123", "role": "admin"} 
response = requests.post(url, data=payload) 
print(response.status_code, response.text)

This script checks if a role update request is improperly handled.

What Undercode Say:

The article highlights the importance of identifying and mitigating simple yet critical security vulnerabilities like Broken Access Control (BAC). These bugs, though seemingly straightforward, can lead to significant security breaches if left unaddressed. The examples from Facebook demonstrate how even large organizations can overlook basic security flaws.

In the realm of cybersecurity, it’s crucial to regularly audit user roles and permissions. For Linux systems, commands like id, sudo -l, and `chmod` are essential for managing access controls. In Windows, PowerShell commands such as `Get-LocalUser` and `Set-LocalUser` help enforce proper role assignments.

For web applications, tools like `curl` and Python scripts can automate the testing of access controls. Additionally, using frameworks like OWASP ZAP or Burp Suite can help identify BAC vulnerabilities during development.

Always ensure that role downgrades are properly implemented and tested. Regularly review and update security policies to prevent privilege escalation. By incorporating these practices, organizations can significantly reduce the risk of security breaches caused by simple oversights.

For further reading on BAC vulnerabilities, refer to the OWASP guide:
https://owasp.org/www-community/Broken_Access_Control

Remember, security is an ongoing process, and even the simplest bugs can have far-reaching consequences. Stay vigilant and proactive in your security efforts.

References:

initially reported by: https://www.linkedin.com/posts/devansh-batham_facebook-bug-sending-message-as-page-activity-7302244833203474432-4jon – Hackers Feeds
Extra Hub:
Undercode AIFeatured Image

Related Posts: