Unprotected admin functionality with unpredictable URL
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality-with-unpredictable-url
Last updated
https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality-with-unpredictable-url
Last updated
Let's view the page source and find the admin panel's URI.
Now that we know the admin panel's URI, we can visit it through the browser.
Let's delete the carlos
user.
We have solved the lab.