< Back





6. SQL injection UNION attack, retrieving multiple values in a single column

We don't have enough columns in this SQL injection UNION attack to expose the username and password
in separate columns. We use string concatenation to retrieve the data in a single column. We start
by determining how many columns are in the vulnerable target table, 'Gifts'. After discovery, we
determine which columns accept string input. Finally, we use the string column and concatenate the
username and password columns for the user table into one column in our UNION attack. After
exposing the username and password for the administrator, we can log in as the administrator.


Solution