Tubetotext

    SQL Injection - Lab #5 SQL injection UNION attack, retrieving data from other tables

    Union-Based SQL Injection Attack

    In today's lab, we'll be using a union-based SQL injection attack in order to retrieve all the usernames and passwords of the users of the application.

    00:00

    Determining the Number of Columns

    The next step is to determine the number of columns that the vulnerable query is using.

    01:53

    Determining Column Data Type

    The next step is to determine the data type of the columns.

    05:05

    Outputting Username and Password

    To output the usernames and passwords in the users table, the attacker uses a union query to combine the username and password fields.

    07:28