Spot the Bug

Click on the vulnerable line. Learn why it's dangerous.

Score 0/0
Puzzle 01/5JavaScriptEasyCWE-89

Find the SQL injection

Click on the line that introduces the vulnerability

app.js
1app.post('/login', async (req, res) => {
2 const { username, password } = req.body;
3 const query = `SELECT * FROM users WHERE username = '${username}'`;
4 const user = await db.query(query);
5 if (user && user.password === password) {
6 res.json({ token: jwt.sign({ id: user.id }, JWT_SECRET) });
7 }
8});