Lab link.
This lab has an unprotected admin panel.
Solve the lab by deleting the user
carlos
.
We visit the robots.txt file. This prevents the specified user agent (in this case all bots) from accessing the URL path /administrator-panel. In other words, the website does not want search engines to crawl the /administrator-panel directory.
Try to go to the /administrator-panel URL and there is a broken access control vulnerability because the necessary access control is not done. We access the URL and delete the carlos user.
Hello, I am Aleyna Doğan. I work as a Sr. Cyber Threat Intelligence Analyst. In my blog, we write blog posts that my friends and I want to share. Have a good read.