TRAINING ENVIRONMENT
This application contains intentional security vulnerabilities for educational purposes. Do not use sensitive data.
SQL Injection
Login form concatenated raw input. Try bypassing authentication.
XSS (Stored/Reflected)
Input is not sanitized. Try triggering alerts in search or order details.
IDOR
Order IDs are predictable and not verified against the current user.