User Profile API
Security Notice: This API has intentionally vulnerable CORS configuration
for security research purposes.
Endpoints
POST /api/auth/login - Login with email/passwordGET /api/profile - Get current user profile (requires auth)GET /api/users - List all users (public)
Test Credentials
- Admin: admin@vulnerable.local / AdminPass123!
- User: user@example.com / user123