At first we are presented with a simple webpage containing 2 inputs - login and password.
But upon inspecting the source code, we can see a hidden input - called debug. After changing its value to 1 and logging in, in addition to the login failed message we can see whole SQL query.
Let’s construct a simple SQL injection in order to get into the webpage. Firstly, we have to add some value into the password variable, then add ' character to close the previous quotation mark an finally SQL statement that will trick the query OR 1=1;. Last step is to comment out left characters from the original query.