Click here to Skip to main content
14,603,049 members
Rate this:
Please Sign up or sign in to vote.
See more:
hello

UNION SELECT NULL, NULL,
NULL, NULL, NULL, NULL, NULL FROM INFORMATION_SCHEMA.TABLES

for a small database containing three tables

this instruction is used in sql injection I tried it and it worked
but I didn't really know how it works
can somebody help me
thanks all
Posted
Rate this:
Please Sign up or sign in to vote.

Solution 1

Do you google it? It simply collects null values(row-wise) combining the tables of a database.See more..
http://www.evilsql.com/main/page3.php[^]
   
Comments
Khaldoon Al-Talib 13-Aug-12 11:00am
   
All queries in an SQL statement containing a UNION operator must have an equal number of expressions in their target lists.
what does that mean
Rate this:
Please Sign up or sign in to vote.

Solution 2

Ridoy pointed to a page showing an example of such an attack. But the example could be a little cryotic for someone who does not understand the background.
The hacker starts with adding a " UNION SELECT ALL 1--". When you do a UNION query, both SELECT statements of the query must have the same number of columns.
That is, the hacker expects a query like
SELECT some columns
FROM ATable
WHERE AColumn=

and then the value from the query string is just appended. Hence that would result in
SELECT some columns
FROM ATable
WHERE AColumn=1 UNION SELECT ALL 1--

The query causes the error message you show in your comment to Ridoy's answer when the original query selects more than one column. Then the hacker adds more "columns" to his UNION statement, until no error is shown: then he knowsthe number of columns selected.
You may test your SQL injection skills with a page discussed in the Hall of Shame: Alcatraz ~ the tourist website[^]. They seem to have many columns, so the SQL error attack shown on another page of Evil SQL is more productive.
   
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100