Real 4 ( yes again ... )

I am close to the solution of this challenge. I know I am in the right place because I can see Ghost in the records, and I have also visited the page to clear the logs. But I dont know the password, because I CAN'T remove Ghost's record… I am confused of this URL: main/xxxxxx/xxxxxxxxxxxx/all.php?(action)=(thing)&&id=(something) I tried a lot of combinations with the words remove, delete and Ghost (3! just kidding) but I failed. I have read lot of forum posts on this topic and the article of system_meltdown ( which helped me a bit ). So it would be good if someone can help me.Thx

i am also on this part. the injection that i am using is this: all.php?remove_one_record=Ghost&&id=records this isnt a spoiler, because it doesnt work.. can someone give one hint that could slightly push me in the right direction?

Ok, now I got it but I don't know how I was supposed to predict that from myself…( i got it from an old forum post, which doesn't contained the answer, I figured it out from a reply on the post )