Unprotected admin functionality
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality
Last updated
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality
Last updated
We can go to the /robots.txt
file to check is any pages are disallowed for web crawler.
As we can see, the /administrator-panel
page is blocked. Let's visit it through the browser.
We can now delete the carlos
user.
We have solved the lab.