Lab 1-Unprotected Admin Functionality
Ahmed Khaled Saad Ali ID:1809799
Screenshots:
Clicked “My Account”
Edited GET Request & Forwarding
It opens another GET Request we will replace it with “/administrator-panel” as
well and forward it
We obtained admin panel and we delete carlos
Lessons:
1. Don’t include sensitive data/info in GET/POST/PULL requests