We received a TrackingId cookie, and editing it produced the full MySQL error:
We used the following payload to leak the first username from the users table and observed that it returned administrator in the error response:
We then replaced username with password and were able to leak the administrator’s password, log in, and successfully solve the lab:
