lab.dctm.ir Vulnerable App

• Search (Reflected XSS target)
• Feedback (Stored XSS target)
• Read File (Path Traversal / LFI target)
• Debug Users (view users table)

API endpoints:

• GET /api/products?id=1 (SQL Injection target)
• POST /api/login (SQL Injection target)