D1337 VulnBox
Authorized dummy target. Semua credential/secret di app ini palsu dan dikandangin ke lab data.
SQLi
/login, /search?q=, /api/orders?id=
XSS
/search?q=<script>... reflects raw query.
IDOR
/profile?id=1..3 exposes other dummy users.
Traversal
/download?file=../fake_etc/passwd escapes file folder, still inside lab.
SSRF simulator
/api/ssrf?url=http://127.0.0.1:18080/internal/metadata
Debug leak
/admin?debug=1 returns fake config and dummy token.