it's just a simple sql injextion

admin 'or'1'='1 -- on the username filed you wil ger the flag

flag: nactf{sQllllllll_1m5qpr8x}