Union Query SQL Injection (SQLi)

OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05

Union Query SQL injection is a type of in-band injection attack that allows an attacker to extract information from the database quickly. This attack utilises the SQL UNION operator. This attack allows the attacker to combine more than one SQL commands into one SQL command. The response generated from the server is returned as HTTP response.


The below code shows when an attacker gets the number of columns by using other injection attacks.

https://example.beaglesecurity.com/report.php?id=23 order by 5--+
https://example.beaglesecurity.com/report.php?id=23 union select 1,2,3,4,5--

The resultant link generates a HTTP response.

Impact and Fixes

Related Articles