I’ve been stuck on this level, but my most recent attempt was this: >> realname=Sandra Murphy' or 1=1 or ‘a’=‘a
Which doesn’t work, but gives me the error “Error with request” rather than “Invalid details.” Is this a sign that I’m getting closer, or just a different type of error?
With this error you now know the type of vulnerability. I recommend having a look to this page https://www.owasp.org/index.php/Category:Attack. You should find out how to use this vulnerability.
Oh ok. So if you know what it is you’re on the good way. You just have to keep trying until you get it right :) And having “error with request ” just means that you did an injection but it is not correct. When you have “Invalid details” means you wrote something that wasn’t interpreted as a request. So we can say that when you have “error with request” you’re getting closer to the solution.