I’m confused because by reading the comments I get the feeling that its seems to be pretty obvious.
First I also was sure its a blind SQLi an I enumerated 3 tables in 2 DB’s but ended up with an MD5 hash (still running hashcat, but dont have faith^^).
Then I interpreted the hint “Try to read files you know to find a location you can write to” that it has to be about a remote shell.
But now I read that “bypassing the login” is a great tip. And now I’m much more confused xD.
I’ll keep trying - maybe my info will save other users some time