https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality
We can go to the /robots.txt file to check is any pages are disallowed for web crawler.
/robots.txt
As we can see, the /administrator-panel page is blocked. Let's visit it through the browser.
/administrator-panel
We can now delete the carlos user.
carlos
We have solved the lab.
Last updated 2 years ago
