In today's lab, we'll be using a union-based SQL injection attack in order to retrieve all the usernames and passwords of the users of the application.
The next step is to determine the number of columns that the vulnerable query is using.
The next step is to determine the data type of the columns.
To output the usernames and passwords in the users table, the attacker uses a union query to combine the username and password fields.