Thanks to visit codestin.com
Credit goes to websec.fr

LevelEleven - User 1 is likely Cap'tain flamg.

This application is used to view the username, with or without the costume, of superheroes, by id.
Also, I was told that super-heroes have enemies

To prevent sql injections, it uses a super-efficient-blacklist-based filter!
No more nasty UNION or JOIN.
Check the source here .