root@nikhil:~$ _

SQL Injection Simulator

Web Security Completed

Overview

A hands-on SQL injection playground built with vanilla JavaScript. Covers authentication bypass, UNION-based extraction, error-based extraction, boolean-based blind, time-based blind, and stacked queries — each with its own scenario, live query visualizer, simulated in-memory database, and a plain-English breakdown of how the attack works and how to prevent it with parameterized queries. Nothing is sent over the network; every query runs against a mock dataset entirely in the browser.

Key Features

  • 6 SQL injection attack classes with dedicated scenarios
  • Live query visualizer highlighting injected input vs. commented-out SQL
  • Simulated in-memory database with real exfiltration/mutation effects
  • Boolean and time-based blind extraction with character-by-character inference
  • Plain-English explanation plus a safe, parameterized-query fix for every attack
  • Zero external dependencies — no real database, no network calls