handbook/tools/3.Web-Hacking/3.Business-Logic/Access-Control-Vulnerabilities/Notes/3.Horizontal-Privilege-Escalation.md


## Horizontal Privilege Escalation

- Modify the "id" parameter to access a different account:
https://insecure-website.com/myaccount?id=123

- This attack can be used to go from horizontal to vertical by taking over a privileged account
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Horizontal Privilege Escalation`

			`- Modify the "id" parameter to access a different account:`
			`https://insecure-website.com/myaccount?id=123`

			`- This attack can be used to go from horizontal to vertical by taking over a privileged account`