SQL Injection - UNION Attack

This product search feature is vulnerable to SQL injection. Your goal is to use a UNION-based SQL injection attack to extract data from a hidden table.

The flag is stored in a secret table somewhere in the database. Use your knowledge of SQL UNION statements to retrieve it.

Learning Objective: Learn how UNION-based SQL injection can be used to extract data from tables that the application doesn't normally expose.