Exploit Chain

Exploit Chain is a sequence of multiple vulnerabilities combined to achieve a higher-impact result than any single vulnerability alone. Chaining allows bypassing defenses or escalating from low to critical severity.

Why Chain Exploits?

• Individual vulns may be low severity
• Defenses block direct exploitation
• Full compromise requires multiple steps
• Different vulns provide different capabilities

Common Chain Patterns

# Pattern 1: Info leak → Memory corruption
ASLR bypass via info disclosure
  ↓
ROP/RCE with leaked addresses

# Pattern 2: Auth bypass → Privilege escalation
IDOR to access admin function
  ↓
Admin feature has command injection

# Pattern 3: XSS → CSRF → Account takeover
XSS to steal CSRF token
  ↓
CSRF to change victim's email
  ↓
Password reset to attacker email

Web Application Chain Example

1. SSRF → Access internal metadata service
2. Retrieve cloud credentials from metadata
3. Use credentials to access S3 buckets
4. Find database backups with user data

Low-severity SSRF → Critical data breach

Browser Exploit Chain

1. JavaScript engine vulnerability (RCE in renderer)
2. Sandbox escape vulnerability
3. Kernel privilege escalation
4. Full system compromise from visiting webpage

Impact Escalation

Individual: IDOR (Medium) + CSRF (Medium) + Open Redirect (Low)
Chained: Full account takeover (Critical)

See Also

• Proof of Concept
• Exploit Payload
• Deserialization Gadget Chain