Intentionally vulnerable

SQL Injection Demo

Classic vulnerable login that concatenates user input directly into the SQL query.

Normal login: admin / pass123

SQL injection: put ' OR '1'='1 as username and any password.
The query becomes always true, so the login is bypassed.