For this challenge we are provided with source code and a database file. It’s important to note:

• The SQL query isn’t sanitized. (Obvious injection)
• Only the first line of the result set is returned.
  • This means the OR 1=1 - - will not dump the entire database.

Looking at the database file we see the flag is store in Dr. Evilll’s account entry

We can add this to return the specific database entry we are interested in.

dr_evilll'--