Forem

Golam_Mostafa
Golam_Mostafa

Posted on • Edited on

1

Horizontal privilege escalation

What is Horizontal Privilege Escalation?

Horizontal privilege escalation is when a user can see another user’s data that they shouldn’t have access to. For example, if you can view your account but change the URL to see someone else’s account, that’s a security problem called Insecure Direct Object Reference (IDOR).

Example of IDOR

Say your account page has this URL:

https://example.com/myaccount?id=123
Enter fullscreen mode Exit fullscreen mode

If someone changes id=123 to a different number, they could accidentally see another user’s account. This happens because the website isn’t protecting users’ data properly.

How Some Sites Try to Prevent It

Websites sometimes use special codes, like long GUIDs instead of numbers, to make guessing harder. But even these codes can show up in other parts of the website, like messages or comments, where they can be misused.

Horizontal privilege escalation exposes private data and shows why websites need strong security controls to protect each user’s information.


Acknowledgment: This document references information from PortSwigger Web Security and ChatGPT.


Image of Datadog

Create and maintain end-to-end frontend tests

Learn best practices on creating frontend tests, testing on-premise apps, integrating tests into your CI/CD pipeline, and using Datadog’s testing tunnel.

Download The Guide

Top comments (0)

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay