1) Create two test users with different passwords where one name is a
subset of the other (such as test/test, test2/snarfblat). The subset
user is the "attacker"
for the testsite.
3) You are now logged in as test2 using user test's password