Lab: Unprotected admin functionality with unpredictable URL
This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application.
Solve the lab by accessing the admin panel, and using it to delete the user carlos.
Click on { access the lab } to start the challenge ..
Let’s see what’s in { My Account }
Click on the { My Account } button
We see the login page , Let’s try the default credentials …
username : admin
password : admin
I searched robots.txt but didn’t find anything useful ..
