https://youtu.be/ClEuCydkdsU

Find cookie changes visitor value by 35 -> find param used for sql query -> run sqlmap -> dump users with easy to crack hashes -> dirb the website for login page -> get flag