< Back





1. Unprotected admin functionality

We're asked to delete the user "carlos" from the website using a known vulnerability where the
/administrator-panel endpoint is unprotected - no authentication is required. We discover that the
/administrator-panel endpoint exists because we visited the /robots.txt file.


Solution