Unprotected admin functionality with unpredictable URL

This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application.

In this lab, you will find the admin panel in the source code from the developer's notes in JavaScript.

In the URL, enter admin-05pwtx. The website's admin page is accessible to anyone due to the lack of security measures.

To obtain a flag, delete the user Carlos.

PreviousLab: Unprotected admin functionalityNextUser role controlled by request parameter

Last updated