Try logging in
Legit users: alice / wonderland, bob / builder123.
Admin password is secret 🤫
⏳ Loading in-browser SQLite (WebAssembly)…
One-click attack payloads:
Result
🛡️ What just happened?
SQL the database actually ran
Parameters sent separately
Rows returned
Full response JSON
📊 Current state of the users table
Watch this after each attack. UNION attacks read rows; ;-stacked attacks change them.