Unprotected admin functionality
https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/access-control-apprentice/access-control/lab-unprotected-admin-functionality
Last updated
https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/access-control-apprentice/access-control/lab-unprotected-admin-functionality
Last updated
This lab has an unprotected admin panel.
Solve the lab by deleting the user carlos.
The idea is access to the admin panel, trying some path there're not results, then we can try to see the robots.txt file: https://0acf00c003d580aedfc3cb23003400e9.web-security-academy.net/robots.txt
here was inserted the admin panel page to disallow it on google searches.
Then go there: https://0acf00c003d580aedfc3cb23003400e9.web-security-academy.net/administrator-panel
and eliminate user Carlos clicking to Delete
