privilege escalation allow the admin to takeover the org by invite the user as owner

Disclosed by
amitkh7888
  • Program Dropbox
  • Disclosed date about 1 year ago
  • Reward $300
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Dropbox

This report demonstrated a privilege escalation in which an attacker that already had the ability to invite users to join a team could replace the team owner. An attacker could exploit this vulnerability by modifying an invitation. A fix for the issue has been released and it was applied for existing users through an automatic update.

Summary by amitkh7888

Amit Khandebharad
《"Master Of Information Technology"》 《"Ceh-Master"》.... 《"Discovered 500+ bugs "》 《"BUGCROWD TOP 1000"》.... 《"ZOHO BugBounty 2nd Place Holder"》《"Bughunter"》....《"Internshala 2021 Hackathon Winner"》

Activity