Spelunking the internals
Now that you are able to recover any data, try to explore the database.
There is an hidden table containing a flag, can you find where it is ?
Goal: recover the flag from the hidden table.
First you need to know which SQL backend the server is using.
You can use some database specific function or error message to guess it.
Here the backend is Sqlite. Where is the database schema stored ?
UNION can be used to get data from any table.
First get the table name using:
' UNION SELECT sql FROM sqlite_master --
Then extract the flag:
' UNION SELECT flag FROM `H!dd3n_t4bl3` --
sqlite_master contains all the schema information of the open database. This is similar to the information_schema table from mysql.