Scribd Logo
Upload

Welcome to Scribd!

  • Lab 2 - Unprotected Admin Functionality With Unpredictable URL

    Uploaded by

    DODOXD Mekheimer
    124 views2 pages
    The document describes how the student solved a lab by finding an unprotected admin URL on a website. By inspecting the page source and searching for "admin", the student discovered that adding "/admin-jt84km" to the site URL granted access to the admin panel. The student was then able to access and solve the lab by deleting a user named Carlos from the admin page. The lesson highlighted is to not include direct URLs to secure areas like admin panels in JavaScript code.

    Original Description:

    Original Title

    Lab 2- Unprotected admin functionality with unpredictable URL

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes how the student solved a lab by finding an unprotected admin URL on a website. By inspecting the page source and searching for "admin", the student discovered that adding "/admin-jt84km" to the site URL granted access to the admin panel. The student was then able to access and solve the lab by deleting a user named Carlos from the admin page. The lesson highlighted is to not include direct URLs to secure areas like admin panels in JavaScript code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    124 views2 pages

    Lab 2 - Unprotected Admin Functionality With Unpredictable URL

    Uploaded by

    DODOXD Mekheimer
    The document describes how the student solved a lab by finding an unprotected admin URL on a website. By inspecting the page source and searching for "admin", the student discovered that adding "/admin-jt84km" to the site URL granted access to the admin panel. The student was then able to access and solve the lab by deleting a user named Carlos from the admin page. The lesson highlighted is to not include direct URLs to secure areas like admin panels in JavaScript code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Lab 2 - Unprotected admin functionality with unpredictable URL

    Ahmed Khaled Saad Ali ID:1809799

    Lab Progress & Screenshots:


    While we search in the “inspect” of the page and search for ‘admin’ text, we find
    out that in order to access admin page we just add ‘/admin-jt84km’ to ‘href’
    which is the site’s URL.

    We add it to the URL above.


    Admin panel page is accessed, deleting Carlos and lab is solved.

    Lessons:
    1) With minimal HTML & JavaScript knowledge we knew about the vulnerability.
    2) Don’t include in your Javascript the direct URL for any user that should be
    secured: admin, manager,..etc.

    You might also like