< Back





7. SQL injection attack, querying the database type and version on MySQL and Microsoft

We abuse a SQL injection vulnerability to conduct another UNION attack. This time, we use the UNION
attack to retrieve information about the target operating system. Using the MySQL @@version
function in the string column of one of the database tables, we're able to expose the version of the
operating system.


Solution