Found another site that is vulnerable for SQL Injection and the page is actually allow customer to check the status of repaired items.
First I enter the single quote into the textbox and i was shocked because I actually can see the source code!!!
from the error message that threw out, i able to know the developer are actually using SQLDataReader and the sourcefile location (which I already blur it). The next attack I’m going to do is to start grabbing the information through SQL injection techniques and as I expected I able to retrive it!!!
There you go, I able to retrieve the personal information of customer.