SQL Injection Simulator
Overview
A hands-on SQL injection playground built with vanilla JavaScript. Covers authentication bypass, UNION-based extraction, error-based extraction, boolean-based blind, time-based blind, and stacked queries — each with its own scenario, live query visualizer, simulated in-memory database, and a plain-English breakdown of how the attack works and how to prevent it with parameterized queries. Nothing is sent over the network; every query runs against a mock dataset entirely in the browser.
Key Features
- ▸ 6 SQL injection attack classes with dedicated scenarios
- ▸ Live query visualizer highlighting injected input vs. commented-out SQL
- ▸ Simulated in-memory database with real exfiltration/mutation effects
- ▸ Boolean and time-based blind extraction with character-by-character inference
- ▸ Plain-English explanation plus a safe, parameterized-query fix for every attack
- ▸ Zero external dependencies — no real database, no network calls