Script | Pentest: explorando vulnerabilidades em aplicações web

Não aparece a tag script quando inspeciono.

<html><head>
        <link href="/resources/labheader/css/academyLabHeader.css" rel="stylesheet">
        <link href="/resources/css/labsEcommerce.css" rel="stylesheet">
        <title>Unprotected admin functionality with unpredictable URL</title>
    </head>
    <body>
            <script src="/resources/labheader/js/labHeader.js"></script>
            <div id="academyLabHeader">
    <section class="academyLabBanner">
        <div class="container">
            <div class="logo"></div>
                <div class="title-container">
                    <h2>Unprotected admin functionality with unpredictable URL</h2>
                    <a class="link-back" href="https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality-with-unpredictable-url">
                        Back to lab description 
                        <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 28 30" enable-background="new 0 0 28 30" xml:space="preserve" title="back-arrow">
                            <g>
                                <polygon points="1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15"></polygon>
                                <polygon points="14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15"></polygon>
                            </g>
                        </svg>
                    </a>
                </div>
                <div class="widgetcontainer-lab-status is-notsolved">
                    <span>LAB</span>
                    <p>Not solved</p>
                    <span class="lab-status-icon"></span>
                </div>
            </div>
        </section></div>


        <div theme="ecommerce">
            <section class="maincontainer">
                <div class="container">
                    <header class="navigation-header">
                        <section class="top-links">
                            <a href="/">Home</a><p>|</p>
                            <script>
var isAdmin = false;
if (isAdmin) {
   var topLinksTag = document.getElementsByClassName("top-links")[0];
   var adminPanelTag = document.createElement('a');
   adminPanelTag.setAttribute('href', '/admin-iunocw');
   adminPanelTag.innerText = 'Admin panel';
   topLinksTag.append(adminPanelTag);
   var pTag = document.createElement('p');
   pTag.innerText = '|';
   topLinksTag.appendChild(pTag);
}
</script>
                            <a href="/my-account">My account</a><p>|</p>
                        </section>
                    </header>
                    <header class="notification-header">
                    </header>
                    <section class="ecoms-pageheader">
                        <img src="/resources/images/shop.svg">
                    </section>
                    <section class="container-list-tiles">
                        <div>
                            <img src="/image/productcatalog/products/36.jpg">
                            <h3>Caution Sign</h3>
                            <img src="/resources/images/rating5.png">
                            $71.59
                            <a class="button" href="/product?productId=1">View details</a>
                        </div>
                        <div>
                            <img src="/image/productcatalog/products/74.jpg">
                            <h3>Packaway Carport</h3>
                            <img src="/resources/images/rating4.png">
                            $95.28
                            <a class="button" href="/product?productId=2">View details</a>
                        </div>
                        <div>
                            <img src="/image/productcatalog/products/72.jpg">
                            <h3>Baby Minding Shoes</h3>
                            <img src="/resources/images/rating4.png">
                            $20.77
                            <a class="button" href="/product?productId=3">View details</a>
                        </div>
                        <div>
                            <img src="/image/productcatalog/products/56.jpg">
                            <h3>More Than Just Birdsong</h3>
                            <img src="/resources/images/rating2.png">
                            $24.70
                            <a class="button" href="/product?productId=4">View details</a>
                        </div>
                        <div>
                            <img src="/image/productcatalog/products/5.jpg">

Olá Carlos, tudo bem?

A tag vem logo após o <a href="/">Home</a><p>|</p>

Aqui no exemplo que você enviou, é possível ver a página de administração em:

<script>
var isAdmin = false;
if (isAdmin) {
   var topLinksTag = document.getElementsByClassName("top-links")[0];
   var adminPanelTag = document.createElement('a');
   adminPanelTag.setAttribute('href', '/admin-iunocw');
   adminPanelTag.innerText = 'Admin panel';
   topLinksTag.append(adminPanelTag);
   var pTag = document.createElement('p');
   pTag.innerText = '|';
   topLinksTag.appendChild(pTag);
}
</script>

Que no caso seria /admin-iunocw

Mas como a página varia para cada laboratório aberto, caso você já tenha fechado esse, recomendo que ao abrir novamente, inspecione a página novamente pois provavelmente a página estará com uma nomenclatura diferente.

Espero que tenha ajudado e, qualquer coisa, estamos à disposição!

Abraços e bons estudos 😄

Caso este post tenha lhe ajudado, por favor, marcar como solucionado ✓. Bons Estudos!

PRORROGAMOS O DESCONTO!