PortSwigger Lab: Unprotected admin functionality

Solve the lab by deleting the user carlos.

This is an easy lab.

Step 1: Access the lab

Step 2: Append your URL to /robots.txt you probably see a disallow: /administrator-panel

Step 3: Insert the /administrator-panel into your URL the page will redirect to a admin page where you can remove user accounts.

Step 4: Delete carlos account

Step 5: That's it lab solved.

Follow fore more wirteups!