BugForge - Daily - Tanuki (Repeat)
BugForge - Daily - Tanuki (Repeat)
Daily - Tanuki (Repeat)
This is a repeat of the daily challenge from December 30th, 2025.
Vulnerability Overview
A Mass Assignment vulnerability exists in the user registration flow where the application trusts client-supplied input and allows sensitive attributes such as user_role to be set directly by the user. By manipulating the registration request and changing the role from user to admin, an attacker can create an account with elevated privileges. The absence of server-side allowlisting and role enforcement results in a complete breakdown of authorization controls and unrestricted access to administrative functionality.
Key Issues:
- The
user_roleparameter is included in the client-side registration payload and passed directly to the backend - No server-side allowlist or enforcement restricts which fields may be modified during account creation
- Sensitive attributes such as roles are not assigned exclusively on the backend
Vulnerabilities Covered
- Mass Assignment / Privilege Escalation
Classification
- OWASP Top 10: A01:2021 - Broken Access Control
- Vulnerability Type: Mass Assignment / Privilege Escalation
- Attack Surface: User registration API
- CWE: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
This post is licensed under CC BY 4.0 by the author.