Rating: 4.0

from memory and a partial note.

The web page contained a SQL injection.

There was a condition to pass in order to go into the get results.

if username != 'admin' or password[:5] != 'admin' or password[-5:] != 'admin':

This required username to be "admin"
And it required that the password starts with admin [:5] and finished with admin [-5:]

The classic SQL injection = " klklk' OR '1=1' " will not work and needed to be transformed into "admin' OR '(something TRUE finishing with admin')"
So the final result was