Easy way to do it without decoding the output. Check link.

Original writeup (https://blog.sohamsen.me/posts/overriding-js-sql-injection/).