(from multiple walkthroughs): Username: admin' Password: '=''
Or for MySQL:
But Challenge 5 often requires using /**/ or + or leveraging = comparisons. Known working payload for Challenge 5 (OWASP Security Shepherd) Username: admin' Password: '=' Sql Injection Challenge 5 Security Shepherd