Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible. Such resources exist at commonly known paths, for example log files being accessible on the path /logs/. The goal of this attack is to gain access to sensitive resources like source code, password files, or even admin pages, that shouldn't be accessible.


Can you find the admin login page on the site below?