Unprotected admin functionality
https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/access-control-apprentice/access-control/lab-unprotected-admin-functionality
Description
This lab has an unprotected admin panel.
Solve the lab by deleting the user carlos.
Solution
The idea is access to the admin panel, trying some path there're not results, then we can try to see the robots.txt file: https://0acf00c003d580aedfc3cb23003400e9.web-security-academy.net/robots.txt
here was inserted the admin panel page to disallow it on google searches.
Then go there: https://0acf00c003d580aedfc3cb23003400e9.web-security-academy.net/administrator-panel
and eliminate user Carlos clicking to Delete
Last updated