sql injection issue

[nikostzr]

To begin with I want to thank you for your work on developing this vulnerable django application. It is really helpful for me. However, I have spent a lot of time trying to make the sql injection via file upload to work without any success. I have used the recommended 1.8.3 version of Django and a series of Python 3,4+ version without any success. It accepts the file upload but it returns nothing with the filename testPic',(select password from auth_user where username='admin'),8);-- What is more, I tried to get the password by executing directly sql, but I have found no way to crack the MD5 password in this format [for example: md5$c77N8n6nJPb1$3b35343aac5e46740f6e673521aa53dc]. It appears not recognizable by every tool that I know of. I suppose it is $md5(salt)$md5(pass), isn't it? Any help will be very much appreciated. Thank you in advance!