Challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic unless clearly specified in the challenge information below.
The form is vulnerable to SQL injection and there's a flag inside the database waiting for you. Using <b>ONLY</b> union based injection, can you retrieve it?
Finished the challenge? Submit your answer