Horizontal versus vertical privilege escalation
As we saw in the previous section, privilege escalation means gaining privileges that you are not authorized to have. Privilege escalation can be one of two types: horizontal or vertical.
Horizontal privilege escalation
Refer to the preceding diagram; there are four users in total: three normal users and one administrator. The users are shown as per their hierarchy. Now, if Normal User 1 is able to access the data of Normal User 2, it would be referred to as horizontal privilege escalation since both the users are on the same level in the hierarchy.
Vertical privilege escalation
With reference to the preceding diagram, if Normal User 1 is able to access the data and gain the privileges of the Administrator, it would be referred to as vertical privilege escalation. Normal User 1 and the Administrator are both at different levels in the hierarchy.