Information

I have built a website to publish blogs. You can find it over at https://hackxpert.com/pentest-Howard/ and I want to iron out the security flaws before we go live. The functionality is as follows:

• Access control to who can edit, delete and create posts
• Ability to create a post
• Ability to delete a post
• Ability to edit a post
• Only admin can view and create users
• No editing of users is included - out of scope
• Posts can belong to categories

In scope

• The domain you will be assigned after emailing this document

Out of scope

• OSINT
• Port scanning
• Brute forcing

Credentials

The following users are available but feel free to create more:

• admin/test
  • Can do everything
• editor/test
  • Can only edit
• moderator/test
  • Can only delete