Web Security Trainer

Learn Web Security Interactively

Select a scenario, craft your payload, and see the impact of your attack in a safe, simulated environment.

Authentication Bypass
This scenario simulates a login form where the SQL query is built by concatenating user input directly. Your goal is to log in as any user without knowing their password. For testing, you can use these valid credentials: (alice, password), (bob, password). Note that the password will always be 'password' for a valid login simulation. Here are some example payloads to try: `admin' --` or `' OR 1=1 --`

Vulnerable Query Structure:SELECT id, username, role FROM users WHERE username = '[username]' AND password_hash = HASH('[password]')

Need a hint?

Awaiting Simulation
Enter your payload and run the simulation to see the results here.