Medium
⭐ 100 pts
Web Security
SQLi
SQL Injection (SQLi)
Manipulate database queries to extract sensitive data or bypass authentication. A classic and devastating web vulnerability.
Hint
Try injecting SQL conditions into the username field. Classic payloads like ' OR 1=1 can trick a poorly written query into always returning true.
Objective
- → Bypass the login panel using a SQL injection payload
- → Retrieve the flag displayed after a successful bypass
- → Submit the flag below to claim your 100 points
Submit Flag
You must be logged in to submit flags and earn points.
VulnerableApp v1.2 — Login
🔒 Admin Portal
// server response
Live Query Preview
SELECT * FROM users
WHERE username = '?'
AND password = '?';
WHERE username = '?'
AND password = '?';