Lab #2 Unprotected admin functionality with unpredictable URL

In this video, we cover Lab #2 in the Access Control Vulnerabilities module of the Web Security Academy. This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application. To solve the lab, we access the admin panel, and use it to delete the user carlos.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Notes.txt document:

Python script:

Web Security Academy Exercise Link:

Rana's Twitter account:

Complete and Continue