YPYogesh Peelainexploitnotes.hashnode.dev·8h ago · 5 min readBroncoCTF: Lovely LoginExecutive Summary Lovely Login presents a minimal "Secure Database" login form backed by an Express API at /login. The obvious attack surface — NoSQL operator injection on username/password — turned o00