Which term describes a web application vulnerability that allows attackers to escalate privileges?

The correct answer is privilege escalation, which refers to a specific type of vulnerability in web applications where an attacker can gain elevated access to resources that should normally be restricted. This can occur through various means, such as exploiting a flaw in the application’s code, misconfigurations, or using social engineering techniques.

Privilege escalation allows an attacker to perform actions beyond what the application is designed to permit, such as accessing sensitive data, modifying user privileges, or executing administrative commands. It typically arises from issues like inadequate validation of user input or improper access controls, making it essential for developers to implement strong security measures to mitigate these risks.

In contrast, denial of service refers to an attack that aims to make a service unavailable to its intended users, often through overwhelming traffic or exploiting vulnerabilities that crash the system. Exploitation is a broader term that encompasses any action taken to leverage a vulnerability, including but not limited to privilege escalation, making it less specific. Data leakage involves unauthorized access to actual data rather than gaining elevated privileges, focusing instead on the loss or exposure of sensitive information rather than the ability to perform unauthorized actions. This distinction highlights why privilege escalation is the most appropriate term for the scenario where an attacker increases their permission level within a web application.