PHP Higher Privilege execution

OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CAPEC-233 CWE-250 WASC-15

A privilege escalation attack comes under network intrusion. This attack targets the programming errors and design flaws in the web application. The attacker exploits this vulnerability to get administrator access to the network. He can then get his hands on its associated data and applications. Privilege escalation attack is used by the attackers to get make administrator level changes and steal very sensitive information to the web applications. There are two types of privilege attacks:-

  1. Vertical level
  2. Horizontal level

In the vertical level privilege attack, the attacker gets himself the administrator access by running kernel level commands. That is, by directly working on the operating system. This access will give him license to run any unauthorised codes.

In the horizontal level privilege attack, the attacker gets control of a user with the same level of access as the attacker and will run unauthorised codes using the host user’s identity. This type of attack leaves no trace on the server’s log.


Using this vulnerability, an attacker can:-

  • manipulate sensitive information
  • leak sensitive information
  • gain administrator access to the web application

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Implement securely privileged functions.

Latest Articles