One of the most famous vulnerabilities is SQL injections. This is where you can try to escape the query that the code is making against the database and ammend the query or even add in your own query.
For example a typical SQL login command might be:
SELECT * FROM Users WHERE Username="$username" AND Password="$password"
so saying
" OR 1=1 #rest as comment
in the password field might escape the password check
and have it so that the query is always true (1=1).
The final bit is to use a comment so that the rest
of the command is ignored.
Perform a SQL injection in order to login without knowing the password for the user "testuser".
If you're stuck, check out THIS LINK. This challenge is using a MySQL database.
SQL command executed: No SQL command executed
Note: I have some restrictions in place so that certain methods. I want people to learn how to test for SQL injection vulnerabilities, not take down my website!