Adding instructions for 2nd exercise - information disclosure

Author: benn-mt

Exercises/Exercise-02.md

@@ -0,0 +1,7 @@
+# Information disclosure
+
+1. Complete Exercise-01.md
+2. Using the "api/todotiems/name/<name>" GET endpoint, fetch a previously created todoitem by name. Note that you do not need to enter a full name to get back an item, so if multiple items match the "name" term, they will all be returned.
+
+*What happens if you search for items with just a quote? (')*
+*What does this result tell us about the system?*