Frank finds that an attacker has used a vulnerability in a web application that his company runs and has then used that exploit to obtain root privileges on the web server. Which of the following types of attacks has he found?

A privilege escalation attack can occur horizontally, where attackers obtain similar levels of privilege but for other users, or vertically where they obtain more advanced rights. In this case, Frank has discovered a vertical privilege escalation attack that has allowed the attacker to obtain administrative rights. Cross-site scripting and SQL injection are both common types of web application attacks, and a race condition occurs when data can be changed between when it is checked and when it is used.