The first thing that I did was change the value of the select option to "Admin", which, when submitted, would display to a message saying that I had the right idea, but needed to edit the local script.
Anyway, I played around, and modified it from POST to GET to show the complete url upon submission. It would return to the login and the source would revert back to POST. I then modified the url, changing it from "uname=Guest" to "uname=Admin"-- ", which is, if I'm correct, already a form of SQL injection (or at least similar to it). With the url set like that, I then proceeded to once more change the option value to "Admin" (since the page refreshed), and I was able to complete the challenge.
Since it is just categorized as "Basic," what way of breaking in did the problem want to test?