I’ve found the path vulnerable to OWASP Top 10, credentials and login page. Could someone give me a hint?