Lab: Unprotected admin functionality
This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application.
To solve this challenge we need to delete a user named Carlos ..
Click on { access the lab } to start the challenge ..
Let’s see what’s in { My Account }
Click on the { My Account } button
We see the login page , Let’s try the default credentials …
username : admin
password : admin
But as you can see, it is useless ,
Let’s see what’s in the { robots.txt } …
As you can see we found this ….
Disallow: /administrator-panel
Let’s go down this DIR and see what’s inside
As you can see, this is the { Admin Panel }
You also see that we have the powers to delete users ….
Now we need to delete carlos …
