Help me with this SQLi

I’m trying to solve a ctf challenge where i have to sign in as an admin
The login form is vulnerable to sql injection because when I type a single quote ( ’ ) it shows this error :

Traceback (most recent call last):
File “./”, line 145, in do_login
if cur.execute(‘SELECT password FROM admins WHERE username='%s'’ % request.form[‘username’].replace(‘%’, ‘%%’)) == 0:
File “/usr/local/lib/python2.7/site-packages/MySQLdb/”, line 250, in execute
self.errorhandler(self, exc, value)
File “/usr/local/lib/python2.7/site-packages/MySQLdb/”, line 50, in defaulterrorhandler
raise errorvalue
ProgrammingError: (1064, “You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘’‘’’ at line 1”)

The problem is when i try to inject it or type any payload it handles it as a regular input and shows a message " unknown user "

When I type : ’ OR 1='1
It shows a message " invalid password "
Which means that the username is correct and i don’t know how .
Sorry but i’m a beginner
I will appreciate your answers

Take a look here : SQL Injection Authentication Bypass Cheat Sheet – Penetration Testing Lab if the way is to bypass the Auth then that’s what you need.

If it needs manipulating the injection point to dump the data’s or cookie manipulation oh well that’s another story.

@Ahm3dH3sham I was wondering if you found the solution for this sqli. I’m facing pretty much the same problem