As you might see from the name of the challenge, this challenge requires knowledge of SQL, a language that is used mainly for managing data. However, all this challenge gives you is a website that has a login screen:
There is no description for this problem, and all you are given is that screen. This is where you must know some things about SQL, and more specifically, SQL Injection. Without giving a large, boring description about what SQL Injection is, it essentially is a computer attack in which malicious code is inserted into a database in order to gain access to sensitive information. This is illegal, so do not do it on other websites without the owner’s permission. In this case, I do have the permission of the owner, so it is fine.
All you need to do for SQL Injection is find the field(Username or Password) which is weak to SQL Injection and insert a certain command. To find which field is sensitive to SQL Injection, simply type a ‘ or “ into the field, and if it says there is a problem after clicking ‘Submit’, the field with the ‘ or “ is weak to SQL Injection.
In this case, the password field was weak to SQL Injection, and therefore all you must do to get the flag is type the command: ‘ or 1=1 –+
Anyways, that is all from me for now. I hope you guys at least learned something today, and that you all have a great day!
Code And Why 