Unprotected admin functionality with unpredictable URL

https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality-with-unpredictable-url

Let's view the page source and find the admin panel's URI.

Now that we know the admin panel's URI, we can visit it through the browser.

Let's delete the carlos user.

We have solved the lab.