Portswigger: Unprotected admin functionality with unpredictable URL Writeup

Lab link.

This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application.

Solve the lab by accessing the admin panel, and using it to delete the user carlos.

Look at the source code of the site, you can go with Ctrl+U.

var isAdmin = false;
if (isAdmin) {
    var topLinksTag = document.getElementsByClassName("top-links")[0];
    var adminPanelTag = document.createElement('a');
    adminPanelTag.setAttribute('href', '/admin-tek0ci');
    adminPanelTag.innerText = 'Admin panel';
    topLinksTag.append(adminPanelTag);
    var pTag = document.createElement('p');
    pTag.innerText = '|';
    topLinksTag.appendChild(pTag);
}

This JavaScript code is used to check if a user is an administrator (admin) and add an “Admin panel” link for users who are administrators. We can access the /admin-tek0ci URL without logging in as any user. Broken access control vulnerability exists.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir