Hello,

One type of SQLIA is UNION Query and I still do not completely understand what is the point.

SELECT Name, Address FROM Users WHERE Id=$id by
injecting the following-
Id value: $id=1 UNION ALL SELECT creditCardNumber,1
FROM CreditCarTable.

We will have the following query: -
SELECT Name, Address FROM Users WHERE Id=1
UNION ALL SELECT creditCardNumber, 1 FROM
CreditCarTable

What is the point of uniting the sqlia with another table which values are being kept secret?

Are main point is to be able to login to the admin for example.

Recommended Answers

All 4 Replies

Unions are intended to select the same columns from different tables. You can't select different columns.

Reverend Jim is correct. It may help if you say the relationship out loud; if it's a 'has many' or 'belongs to' relationship (with a foreign key) you'd typically use a join:

  • A person has zero, one or many credit cards
  • A credit card belongs to a person

If it's a 'is very much like a' or a 'is a kind of' relationship, you probably want a set operation, like union, intersect or minus (aka except)

  • A debit card is very much like a credit card (ie. they both have numbers, expiry dates and security numbers)
  • A Visa is a kind of credit card

These aren't hard rules but a useful guideline.

Okay let's say:

SELECT username, password FROM Users WHERE Id=$id by
injecting the following-
Id value: $id=1 UNION ALL SELECT username, passsword
FROM Othertable

We will have the following query: -

SELECT username, password FROM Users WHERE Id=1
UNION ALL SELECT username, password FROM
Othertable

Now what's the point of using UNION Query for the attacker since you don't know what is in Othertable ?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.