How it works...
In this recipe, we first noticed that the employee IDs are given to the client as values in a list and sent to the server as request parameters, so we tried and changed the employee_id parameter to get information from an employee we shouldn't have access to.
After that, we noticed, by checking the Inspector, that all buttons have the same name, action, and their values are the action to be taken when pressed. This can be confirmed by checking the requests in the Network tab of the Developer Tools. So, if we have actions such as SearchStaff, ViewProfile, and ListStaff, maybe DeleteProfile would do the thing the challenge asks for. After we changed the ViewProfile button's value and clicked on it, we verified our assumption ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access