(Note: -- is a comment in SQL. This comments out the rest of the query, specifically the password check. In some databases like MySQL, you may need # or -- - instead.)
This will list columns like username , password , and potentially flag . tryhackme sql injection lab answers
Methodology: Usually, the first flag is hidden in the source code or a comment on the page. View the Page Source (Right-click -> View Page Source) and look for HTML comments (e.g., <!-- Flag: THM{...} --> ). (Note: -- is a comment in SQL