handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/SQL-injection/3 - Retrieving Data from Other Database Tables.md


## Retrieving Data from Other Database Tables

In cases where the results of an SQL query are returned within the application's responses, an
attacker can leverage an SQL injection vulnerability to retrieve data from other tables within the
database. This is done using the UNION keyword, which lets you execute an additional SELECT
query and append the results to the original query.

User Query
```
SELECT name, description FROM products WHERE category = 'Gifts'
```

Attacker Query
```
' UNION SELECT username, password FROM users--
```

Cause the application to return all usernames & passwords
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Retrieving Data from Other Database Tables`

			`In cases where the results of an SQL query are returned within the application's responses, an`
			`attacker can leverage an SQL injection vulnerability to retrieve data from other tables within the`
			`database. This is done using the UNION keyword, which lets you execute an additional SELECT`
			`query and append the results to the original query.`

			`User Query`
			```
			`SELECT name, description FROM products WHERE category = 'Gifts'`
			```

			`Attacker Query`
			```
			`' UNION SELECT username, password FROM users--`
			```

			`Cause the application to return all usernames & passwords`