Unprotected admin functionality

This lab features an unprotected admin panel.

I initially discovered the admin panel directory by visiting "/robots.txt," where the following entry was revealed:

User-agent: *
Disallow: /administrator-panel

By directly navigating to the admin panel and subsequently deleting the "carlos" user, the lab can be successfully solved.

PreviousAccess ControlNextUnprotected admin functionality with unpredictable URL

Last updated