Lab link.
This lab has an unprotected admin panel.
Solve the lab by deleting the user
carlos.
We visit the robots.txt file. This prevents the specified user agent (in this case all bots) from accessing the URL path /administrator-panel. In other words, the website does not want search engines to crawl the /administrator-panel directory.
Try to go to the /administrator-panel URL and there is a broken access control vulnerability because the necessary access control is not done. We access the URL and delete the carlos user.
