I was curious about other solutions to Micro-CMS v2 and realised I can speed up extracting the information from the database because we don’t actually need to use SLEEP. The (obvious) insight is that we can get rid of the trailing ' by ending our injected string with #. That means we can reuse the logic from the previous flag where we UNION a password we supply and also include that password as the password parameter.
Update: I’ve realised I don’t necessarily need SLEEP I have been trying my hand at the Hacker101 CTF challenges. On Micro-CMS v2 I had successfully extracted Flag 1 using SQL injection but was struggling with Flag 2 with the hints not really helping me out. In search of further hints I came across this write up. Important to note on this problem is that the server is returning the error messages back to the client and so makes the SQL injection for Flag 1 relatively easy to work out.