📌 Info

This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.

Goal:

• Obtain the header name.
• Use it to bypass the lab's authentication.
• Access the admin interface and delete the user carlos.

Hint:

• You can log in with the following credentials:

  wiener:peter
  

• oops this information disclosure from server
• it’s told me only available to local host. but i am not a local host so i need to be the local host to show the admin panel
• let’s go to add will make my ip local host and put in the request 😈

ok this header will make me like local host user i will add in the request with endpoint → /admin

X-Custom-IP-Authorization: 127.0.0.1

• here we go i got 200 ok
• now to solve the lab i need to delete carlos user