.png)
9 months ago
94 BOOK THIS SPACE FOR AD
ARTICLE ADThis website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework that supports the X-Original-URL header | Karthikeyan Nagaraj
This website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework that supports the X-Original-URL header.
To solve the lab, access the admin panel and delete the user carlos.
Capture the Request of Admin PanelRemove the word admin from the request add the below header at the bottom of the request and send itX-Original-Url: /adminClick Delete Carlos, Capture the request, remove /admin/delete, add the below header at the End of request and send the request
X-Original-Url: /admin/deleteNow, do the step 2 Again to solve the Lab
A YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Bengali (Bangladesh) · 
English (United States) ·