This Write-Up is about the same program i mentioned in my another article “https://medium.com/@ronak-9889/admin-account-takeover-ab7535fe0fdb” As mentioned in that write-up this program introduced…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

The article discusses how privilege escalation can be achieved using SCIM provisioning. It mentions the introduction of a new feature called 'Custom role' and explains how it allows admins to create users with custom permissions. By exploiting this feature, a user with limited access to the security section can enable SCIM provisioning and create a user with admin privileges at the identity provider, resulting in full access to the target system.

Privilege Escalation Using SCIM Provisioning

Build a SCIM provisioning integration overview