Test123

KHAADGI LABS

Learn SQL Injection • Ethical Hacking Training • Nepal Cybersecurity

Lab 01: SQL Injection

🔓 Vulnerable by Design

🎯 Difficulty: Beginner Friendly

📖 What is SQL Injection?

SQL Injection is a code injection technique that attackers use to manipulate database queries. When a website doesn't properly validate user input, hackers can insert malicious SQL code to bypass security measures.

⚡ Your Mission: This login form is vulnerable to SQL Injection. Your goal is to bypass the authentication and login as an administrator. When you succeed, you'll receive a flag to prove you completed the lab.

💡 How This Works:

The login form uses this vulnerable SQL query:

SELECT * FROM users WHERE username='[YOUR INPUT]' AND password='[YOUR INPUT]'

Your job: Manipulate the username field to make the query always return true, bypassing the password check.

🔐 VULNERABLE LOGIN FORM

👤 Username:

🔒 Password:

💡 Ready to hack! Enter a SQL injection payload in the username field and click "Attempt Login".

💡 Need Help? Click Here for Hints!

🔑 Try these payloads:

' OR '1'='1' --

admin' --

' OR 1=1; --

📝 Explanation: The ' closes the string in the SQL query. OR '1'='1' creates a condition that is always true. -- comments out the rest of the query (including the password check).

🎯 Steps to Solve:

1. In the username field, enter: ' OR '1'='1' --

2. Leave the password field empty (or put anything)

3. Click "Attempt Login"

4. You'll see the flag appear!

🏆 Submit Your Flag to Complete the Lab:

📚 What You'll Learn:

✅ How SQL Injection works in real applications

✅ How to identify vulnerable input fields

✅ Basic SQL injection payloads and their structure

✅ How to bypass authentication using SQL injection

✅ The importance of input validation and parameterized queries

⚔️ KHAADGI CYBERSECURITY LABS — For Educational Purposes Only 🇳🇵

Practice ethical hacking | Never use these techniques on unauthorized systems