Portswigger - Access Control - Lab #2 Unprotected admin functionality with unpredictable URL скачать в хорошем качестве

Portswigger - Access Control - Lab #2 Unprotected admin functionality with unpredictable URL

Hello Hackers, in this video of Unprotected admin functionality with unpredictable URL you will see how to exploit, discover and find senstive information based on application logic flow to leak for potential attacks from Burp Suite in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 0:45 - Check /robots.txt 1:27 - Map the application 2:04 - Test endpoints 2:35 - Read source code 4:15 - Find a hidden directory 4:40 - Delete user carlos 🔍 About the Lab Lab: Unprotected admin functionality with unpredictable URL Level: Apprentice This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the lab by accessing the admin panel, and using it to delete the user carlos. ✅ What to do ? 1. Review the lab home page's source using Burp Suite or your web browser's developer tools. 2. Observe that it contains some JavaScript that discloses the URL of the admin panel. 3. Load the admin panel and delete carlos. Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋 #WebSecurityAcademy #portswigger #vulnerability