SQL Injection Crafting

This lab challenges you to construct and execute a simple SQL injection attack to bypass a login form.

Your Mission: Craft an Injection

Your goal is to log in without knowing the password. The server is vulnerable to SQL injection because it constructs its database query insecurely.

The server's query logic looks like this:
"SELECT * FROM users WHERE user = '" + username + "' AND pass = '" + password + "'"

Insecure Login Form

Attempt to bypass this login form.