Note: This demo simulates vulnerable behavior by naive string matching without sanitization.
Note: Comments are displayed without sanitization, allowing script execution.
Note: No account lockout and a hardcoded weak password are used for demonstration.