SQL Injection Demo

Difficulty: Hard

Identify a vulnerable pattern, the classic bypass, and the proper defense.

New to SQLi? Read the SQL Injection Tutorial

Context

A legacy login uses string concatenation to build a SQL query. You’ll spot the issue and copy the right answers to capture flags.

Static Demo

This is a safe, read-only example.

Vulnerable Construction

// ❌ string concatenation
const sql = "SELECT id FROM users WHERE username='" + user + "' AND password='" + pass + "';";

Because the code concatenates user and pass, an attacker can inject operators.

Bypass Example

' OR '1'='1

The core tautology is OR 1=1 which forces the condition to always be true.

Capture the Flags

Copy each answer exactly from the demo above (or wrap as CXA{...}). Case-insensitive.

0/3 flags captured

Flag 1 — What’s the core tautology?

Question: Copy the OR … expression shown in the bypass example.

Flag 2 — What bad practice made this possible?

Question: Copy the exact two-word phrase from the “Vulnerable Construction” description.

Flag 3 — What’s the recommended defense?

Question: Copy the exact two-word phrase from the Defender Tip.

Back to Challenges