Goal:
Check if sensitive routes like /admin are exposed to unauthenticated users.
Steps:
Open your Kali Linux terminal.
Run:
1curl https://www.drishya.fun/admin
If you see any of the following in the response:
HTML content
React components
Admin panel layout or elements
…it means the route might be publicly exposed.
Risk:
Route is likely protected only by client-side logic (e.g., Clerk in the browser), but not server-side.
Attackers or bots can bypass the UI and fetch content directly.
Recommendation:
Always enforce authentication on the server (not just in the frontend).