Can you login to this website?
This is a basic SQL injection. Using the payload
admin' --(because the hint says to sign in as the
adminuser) and anything for the password logs in. After logging in, this is shown:
username: admin' --
SQL query: SELECT * FROM users WHERE name='admin' --' AND password='asd'
Logged in! But can you see the flag, it is in plainsight.
The flag is in the source code.