As the question gives us a link as we go to that website it
shows a id input and a entry is already shown.
So for input in id we try using name, number and number respond with some entry. (1,2,3) So id is number
now we try using sql injection as shown below
1 or 1=1
This respond with each entry in that table but nothing with flag so we have to try something else. As question
already gave us a hint about UNION so let's try this.
But first for union to work the other table must return same number of entry as first table so we first check
with dual table the number of entry first table returns and with four entry is send some response.
1 union select 1,1,1,1 from dual
Now we find the name of tables under this database
1 union select 1,TABLE_NAMES,1,1 from INFORMATION_SCHEMA.TABLES
And this return the name of all the tables with so many names one name is different
"w0w_y0u_f0und_m3" and we try using that as a flag but this is not flag so flag must be inside
it.Now we don't know how many rows are inside that table and what is their names so let's find out.
1 Union SELECT 1,column_name,table_name,1 FROM information_schema.columns
This table has only one column names "f0und_m3" but this isn't a flag either.So the content
inside it has to be flag.
1 union select 1,f0und_m3,1,1 from w0w_y0u_f0und_m3
And you get the flag.