SQL Injection Lab
Learn how insecure database queries can be manipulated.
Login Portal
VULNERABLE
Mission
Your Goal: Log in as admin without knowing the password, OR dump the entire database.
Payloads (Click to copy):
' OR '1'='1
' OR 1=1 --
admin' --
PREPARED STATEMENT
backend_query.sql
1
2
3
4
2
3
4
SELECT * FROM users
WHERE username = '';
WHERE username = '';
Watch how your input is interpreted by the backend.
Database Response 0 Rows
| ID | Username | Password | Role |
|---|---|---|---|
| Waiting for query... | |||