handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/SQL-injection/3 - Retrieving Data from Other Database Tables.md
2024-08-31 01:07:22 +02:00

19 lines
617 B
Markdown

## Retrieving Data from Other Database Tables
In cases where the results of an SQL query are returned within the application's responses, an
attacker can leverage an SQL injection vulnerability to retrieve data from other tables within the
database. This is done using the UNION keyword, which lets you execute an additional SELECT
query and append the results to the original query.
User Query
```
SELECT name, description FROM products WHERE category = 'Gifts'
```
Attacker Query
```
' UNION SELECT username, password FROM users--
```
Cause the application to return all usernames & passwords