PortSwigger Web-Security Write-Up Lab: Unprotected admin functionality

— — — — — — — — — — — — — —- Solving The Lab— — — — — — — — — — — — — — -

Description: The first step is to open the lab that will be accessed via Burp Suite.

Description: Add the text "/robots.txt" to the end of the URL, then press Enter. There you will see a line of hidden text, copy the name of the restricted folder path, which is "/administrator-panel"

Description: Delete the "/robots.txt", then replace it with the hidden folder. The browser will immediately display the admin panel page, which contains a list of web users.

You'll see the username 'carlos' there, then click 'delete'

Description: refresh the web page, an orange banner will appear that says "Congratulations, you solved the lab!"

Thank You!