You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -4,8 +4,7 @@ A common type of vulnerability is an _Authentication Bypass_, where an attacker
This level challenges you to explore one such scenario.
This specific scenario arises because, again, of a gap between what the developer expects (that the URL parameters set by the application will only be set by the application itself) and the reality (that attackers can craft HTTP requests to their hearts content).
The goal here is not only to let you experience how such vulnerabilites might arise, but to familiarize you with _databases_: places where web applications stored structured data.
As you'll see in this level, data is stored into and read from these databases using a language called the _Structured Query Language_, or SQL (often pronounced like "sequel") for short.
This level assumes a passing familiarity with SQL, which you can develop in the [SQL Playground](/fundamentals/sql-playground).
SQL will become incredibly relevant later, but for now, it is an incidental part of the challenge.
Anyways, go and bypass this authentication to log in as the `admin` user and get the flag!
