Skip to main content
All CollectionsHackEDU Lesson Help
Tips for getting Sandbox Output
Tips for getting Sandbox Output

This article describes how you can use Sandbox Output to debug your code.

Rachel Yonan avatar
Written by Rachel Yonan
Updated this week

Sandbox Output

Sometimes you may need some additional guidance while working through our lessons. In this scenario you can include print statements to produce output in the Sandbox Output panel. We provide this information within the Break/Fix Lessons under the Language Selector > Info:

Keep in mind, you will need to interact with the target application to trigger output and that interaction is determined by the lesson instructions ( for example: login, add post etc.).
โ€‹

For printing debug statements, do not use the browser console for output. This tab will act like your development terminal/console. Also helpful: Why don't I see output during tests?

Supported Language Print Statement Examples

C

int login(char* username, char* password) { 
printf("Username: %s Password: %s" , username, password); 
}

Clojure

(defn login 
  [username password] 
  (printf "username is %s%n" username) 
)

C++

int login(char* username, char* password) { 
std::cout << "Username:" << username << std::endl; 
}

C# / .NET

public static bool Login(string username, string password) {
     Console.WriteLine($"username is {username}"); 
     return false; 
}

Go

import ( 
     "fmt" 
) 
func login(username string, password string) (bool, error) {            
     fmt.Printf("username is %s\n", username) 
     return false, nil 
}

Java

public static boolean login(String username, String password) {
     System.out.format("username is %s%n", username); 
     return false; 
}

Kotlin

fun login(username: String, password: String) { 
     println("username is $username") 
}

Node

exports.login = function(username, password) { 
     console.log(`username is ${username}`); 
}

Perl

sub login { 
     my $username = $_[0]; 
     print "username is $username\n"; 
}

PHP

function login($username, $password) { 
     echo 'username is ' . $username; 
}

Python

def login(username, password): 
     print("username is %s" % username)

Ruby

def self.login(username, password): 
     puts "username is %s" % username

Rust

fn login(username: &str) { 
     println!("username is {username}"); 
}

Scala

def login(username: String, password: String): Boolean = {
     printf("username is %s\n", username) 
     false 
}

TypeScript

exports.login = function(username: string, password: string): void {
     console.log(`username is ${username}`); 
}

SQL Injection Part 1 Example:

  1. First, put a print statement in the code editor. In this case, we are putting a print statement in the login function and having it return the password.

2. Next, go back to the Target Application, open the Sandbox Output at the bottom. Then log in since this is the function your print statement exists in.

3. After you attempt to log in you will see the Sandbox Output will now have output that shows the password that was attempted.

Related Articles
Python String Formatting and SQL Injection Attacks
Using Security Journey with a Learning Management System (LMS)
Did this answer your question?