KosasiDemo

Vulnerabilities on this page (educational) 1. SQL Injection — try username: admin'-- (bypasses password check)
2. SQL Injection — try username: ' OR '1'='1'-- (logs in as first user)
3. Reflected XSS — try username: <script>alert(1)</script>
4. No CSRF token — form can be silently submitted from another origin
5. Session Fixation — session ID not regenerated after login
6. Verbose DB errors — malformed input reveals query & schema