This lab has an admin panel at /admin. It's only accessible to logged-in users with a roleid of 2.
Solve the lab by accessing the admin panel and using it to delete the user carlos.
You can log in to your own account using the following credentials: wiener:peter
First I logged in with wiener:peter
and update email to → [email protected]
intercept the request and and send it to repeater
i notice that in response → roleid=1
so i will add this value to my request
rolied=2 and try to send it and make the Method GET and endpoint → /admin
here we go we got 200 ok
search about carlos in response to get the endpoint deleted carlos
let’s Go to the endpoint and to delete the carlos user
Congrats You solved the lab 🎉
