Huh! It looks like we need to log in to get access to the website. There are input fields for the username and password, a login button, and a password recovery link.

We've already spotted two potential attack possibilities: the input fields.