This application contains intentional vulnerabilities for testing the Rift scanner.
Reflected XSS - User input echoed back
Stored XSS - Comments stored in memory
Test: <script>alert('xss')</script>
View Config
View Secrets
View Debug Log
Available files: config.yaml, secrets.env, debug.log, users.json, backup.sql
Search Users - Vulnerable to SQLi
Test: ' OR '1'='1
View User 1
View User 2
View User 3
Escalate privileges by modifying user IDs
Login Page
Credentials: admin / admin123 or user1 / password123
Debug Info Endpoint - Exposes system info
Config Endpoint - Leaks configuration
Dashboard (login required)
Password reset without verification: /reset?user_id=1