Lab: Unprotected admin functionality

APPRENTICE

This lab has an unprotected admin panel.

Solve the lab by deleting the user carlos.

Go to the lab and view robots.txt by appending /robots.txt to the lab URL.

Note that the disallow line identifies the path to the admin panel.

In the URL bar replace /robots.txt with /administrator-panel to load the admin panel.

Delete carlos.

Want to track your progress and have a more personalized learning experience? (It's free!)

SQL injection XSS CSRF Clickjacking CORS XXE SSRF Request smuggling Command injection Directory traversal Access control WebSockets