trinetra.
cyber defense — learn
tutorials · lab 04 · sql injection login bypass
04 / 10 · DEFEND
03step · do it for real

A real login form. The flag in the first account. Your turn.

You've seen the sneaky text and the rewritten question. Now launch your own private copy of acme-bank.local and break the login yourself. The flashcards on the right teach you the words; the quiz checks the moves stick under pressure.

Sandbox · ready to launch

Spawn sqli-login-bypass

You'll get your own private copy of acme-bank.local — a login form with the safeguard left out, sitting on a real database. Send the sneaky text, watch the question change in the server log, grab the admin account, submit the flag. It shuts down after 60 minutes of sitting idle.

beginner 200 xp ~25 min PHP 8 · MySQL 8 · 256 MB · cap-drop ALL
1Type a quote mark that slips you out of the text box
2Check the rewritten question now matches everyone
3Read the admin account and submit the flag
Warm-up · 12 flashcards & 10 questions
Question
click to reveal · ← → keys to browse
Answer
click again to flip back
01 / 12