🍽️ QuickBite
Menu Login Sign Up

🍽️ QuickBite

Fresh food, fast delivery. Order from your favorite local restaurants.

View Menu Login

🔓 Security Testing Demo

This restaurant ordering platform contains 18+ security vulnerabilities for pen testing.

VulnerabilityEndpointOWASP Category
SQL Injection (login bypass)/loginA03:2021 Injection
SQL Injection (menu search)/menu/searchA03:2021 Injection
Stored XSS/reviewsA03:2021 Injection
Reflected XSS/menu/searchA03:2021 Injection
IDOR (view any order)/order/<id>A01:2021 Broken Access
PCI Data Exposure/api/customersA02:2021 Crypto Failures
CSRF on Refunds/order/<id>/refundA01:2021 Broken Access
Command Injection/tools/receiptA03:2021 Injection
Path Traversal/invoicesA01:2021 Broken Access
Broken Access Control/managerA01:2021 Broken Access
Unauthenticated API/api/customersA07:2021 Auth Failures
Gift Card Enumeration/gift-cards/checkA04:2021 Insecure Design
Hardcoded Secretssource codeA02:2021 Crypto Failures
Debug Info Leak/debugA05:2021 Misconfig
Open Redirect/redirect?url=A01:2021 Broken Access

Default accounts: manager/manager123  |  alice/password  |  bob/123456