Live Codebase Breakdown Demo

🪠 Legacy Banking System - Being Dissected Live

12 hunters currently analyzing this codebase

1 function authenticate($username, $password) {
2 $query = "SELECT * FROM users WHERE username = '$username'";
3 $result = mysql_query($query); // SQL Injection vulnerability!
4 if ($result && mysql_num_rows($result) > 0) {
5 $user = mysql_fetch_assoc($result);
6 if ($user['password'] === md5($password)) {
7 $_SESSION['admin'] = $user['is_admin']; // Broken auth!
8 return true;
9 }
10 return error_log("Auth failed"); // Information disclosure

Critical Findings Detected:

  • 🔴 SQL Injection (Line 3) - Severity: CRITICAL
  • 🔴 Weak MD5 Hashing (Line 6) - Severity: HIGH
  • 🔴 Broken Authentication Logic (Line 7) - Severity: CRITICAL
  • 🔴 Information Disclosure via error_log (Line 10) - Severity: MEDIUM

Try It Yourself

Sign up now and start hunting for vulnerabilities in real enterprise codebases. Earn bounties from $500 to $50,000 per verified issue.

Join the Hunt