An intentionally vulnerable note-sharing application for a mini pentest demo.
- Leaked Internal Documentations containing Credentials (Discovered via Directory Busting)
- No Account Lockout (Brute-force Login to User with Weak Password)
- Notes Function vulnerable to XSS
- Session Hijacking via Extracting Session Token (Insecure Cookie Settings)
- Code Execution Vulnerability in Check Log Function