Easy
Level 2: Excessive Data Exposure
Objective
Login first, then access your profile. The API returns more data than it should. Look for sensitive information in the response.
Login: POST /api/login {"username":"alice","password":"alice123"}
Then: GET /api/profile with the token.
Test Credentials
| alice | : alice123 | (user) |
| bob | : bob456 | (user) |
| admin | : admin789 | (admin) |
API Request
API Response
Waiting for request...
// Response will appear here
FLAG CAPTURED!
Hint: After logging in, call
GET /api/profile with your token. Look at the debug_info field - it contains an API key which is the flag. This is excessive data exposure!