Access Control - Unprotected Functionality

Another but less reliable way of protecting a sensitive URL is by making it unique. This means making it hard to guess.

An example is as below:

Such a URL can be hard to predict. However, it can be found indirectly through any JavaScript code found inline which constructs the user interface based on the based on the user's role.

An example would be

Here the script adds a administrator link to the users UI in case they are administrators. The downside is the script being visible to all.

The Lab:

Starting with the lab, we are presented with the default homepage

The hint given is to find the JavaScript within the HTML page

Initially when trying to use the inspect element functionality, only information related to the HTML of the page is provided.

In the next step a google search will provide the tool view the source code of the page - view page source.

Upon inspecting the source code, the inline JavaScript is available for all to view.

As well as the admin URL.

A simple matter of copy pasting and appending the admin URL to the main URL

And the Administrator page is accessed

And the respective username is deleted to complete the lab