While testing an online help-desk portal, you intercept a base64-encoded session cookie containing {"uid":133,"role":"user","sig":"b7f…"}. You suspect the server does not validate the signature. Which action will best confirm the possibility of vertical privilege escalation due to a broken authorization scheme?
Change the uid to another user's identifier and replay the request to access their support tickets.
Base64-decode the cookie, apply an XOR cipher to the contents, re-encode, and submit it to the server.
Modify the role value to "admin", leave the signature as-is, and resend the request to an admin-only resource.
Delete the session cookie entirely and attempt a forged POST request to test for CSRF vulnerabilities.
Vertical privilege escalation occurs when an attacker obtains higher privileges than originally assigned. If the server fails to verify the integrity signature inside the cookie, changing the role field from "user" to "admin" and replaying the request to an administrator-only endpoint directly tests whether the application authorizes actions solely on client-supplied data. A successful response would confirm the weakness. Simply modifying the uid field tests horizontal, not vertical, privilege escalation. Encrypting the cookie with XOR or deleting it to attempt CSRF do not target the authorization check tied to the role attribute, so they would not validate this specific flaw.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vertical privilege escalation?
Open an interactive chat with Bash
What does the signature inside a session cookie indicate?
Open an interactive chat with Bash
What is base64 encoding and why is it used in cookies?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .