Barcode Scanner Simulator – Online Enter Number & Visualize
Type a UPC or EAN number and see how a laser scanner would identify it, plus check digit validation.
UD5 Toolkit
Educational Sandbox — Understand SQLi attacks & defenses in a safe environment
app_db
Simulated Data
| id | username | password | role | |
|---|---|---|---|---|
| 1 | admin | admin123! | admin@app.com | admin |
| 2 | john_dev | j0hnP@ss | john@app.com | user |
| 3 | alice_w | alice2024 | alice@app.com | user |
| 4 | guest | guest | guest@app.com | guest |
Click blurred passwords to reveal them
| id | name | price | category | stock |
|---|---|---|---|---|
| 1 | MacBook Pro | $1999 | Laptops | 45 |
| 2 | iPhone 15 | $999 | Phones | 120 |
| 3 | AirPods Pro | $249 | Audio | 200 |
| 4 | iPad Air | $599 | Tablets | 78 |
| 5 | Magic Keyboard | $349 | Accessories | 60 |
| id | key_name | secret_value |
|---|---|---|
| 1 | api_key | sk-4f8a2c9e1b... |
| 2 | flag | FLAG{sqli_master_2024} |
Vulnerable query: SELECT * FROM users WHERE username='$input' AND password='$input'
Try these payloads:
Use prepared statements with bound parameters. Never concatenate user input into SQL strings.
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
Whitelist allowed characters. Validate input type, length, and format before processing.
if (!preg_match('/^[a-zA-Z0-9]+$/', $input)) { reject(); }
Run database queries with minimal required privileges. Avoid using admin/root accounts in applications.
Deploy a Web Application Firewall and monitor query logs for suspicious injection patterns.
AND SUBSTRING(password,1,1)='a' — if the page behaves normally, the first character of the password is 'a'. By repeating this process character by character, attackers can reconstruct entire database contents without ever seeing direct output.
$ne, $gt, or $where when user input is not properly sanitized. The principles of injection attacks apply across different query languages — always validate and sanitize user input regardless of the database technology.
Type a UPC or EAN number and see how a laser scanner would identify it, plus check digit validation.
Simulate memory page reference strings with FIFO, LRU, and Optimal algorithms. See page fault count. OS concept demo.
Test a regular expression against malicious inputs to detect catastrophic backtracking and ReDoS vulnerabilities. Educational.
Open many parallel WebSocket connections and send messages. Test your server's concurrency. All from your browser.
Validate a DNSSEC chain by entering DS and RRSIG records. Verify that signatures match. Educational. Local algorithm.
Paste the Permissions‑Policy header and get a human‑readable table of allowed/blocked browser features. Understand how your site is restricted.
Fetch a site’s HSTS header and validate its syntax, max‑age, and subdomain flags. Ensure your site enforce HTTPS.
Keep track of a tennis match: points, games, sets, and deuce. Supports tiebreak. Great for friendly matches. Local.
Roll any number of dice thousands of times and see a live bar chart of the sum distribution. Great for game designers.
Select functional groups to see an approximate IR absorption spectrum. Learn spectroscopy visually. All local.
Build an iframe with different sandbox flags and see live which features are blocked. For secure embedding.
Simulate random mouse moves, clicks, or keystrokes to test idle‑timeout logic. Stops when you move the mouse. Dev test.
Instantly convert plain text into HTML‑safe escaped characters for secure display in web pages. Prevent cross‑site scripting. All processing local.
Set a cron expression and see a calendar of the next 1,000 execution times. Never miss a schedule again.
Adjust ISO, aperture, and shutter speed sliders and see how it affects the exposure of a sample scene. Learn photography basics.
A replica of the famous Flexbox Froggy game: solve alignment puzzles by writing CSS. Progress saved locally. Fun frontend learning.
Select telescope and eyepiece parameters to see the field of view circle on a simulated night sky image.
Watch the planets orbit the Sun in a top‑down 2D view. Adjust speed and zoom. Distances not realistic; beautiful model.
Fold a virtual square paper step by step with crease lines and visual previews. Practice origami basics without wasting real paper. All canvas‑based.
Type any condition and see the result of the ternary operator. Understand truthy/falsy values. Quick learning tool.
Drag to see how a solar eclipse occurs. Visualize the moon's shadow. Educational and interactive.
Enter a URL and get a rough client-side performance simulation: request count, DOM size, and potential speed tips. No real Lighthouse.
Control a lunar module and try to land softly on the moon. Manage fuel and thrust. Classic arcade physics. Canvas.
Strip dangerous HTML tags and attributes (scripts, onclick) to prevent XSS attacks. Safe iframe preview. Local sanitation engine.
Paste email headers or body text to quickly spot phishing signs, suspicious domains, and obfuscated links. Educational and private.
Simulate how images and UI elements appear to users with various types of color blindness. Upload or paste image URL. Promote inclusive design.
Evaluate the strength of your passwords with a visual meter and detailed feedback. Check for length, complexity, and breached passwords. All analysis is client-side.
Flip a virtual coin to make a decision or settle a dispute. Realistic animation and fair random outcome. Simple, fast, and always available.
Simulate rolling dice for board games, RPGs, and decision making. Choose number of dice and faces. Fun, lightweight, and no download required.
Generate ultra-secure, random passwords with configurable length and character sets. Created entirely on your device; never transmitted or stored.