Union Query SQL Injection (SQLi)

Febna V M
Published on
04 Jul 2018
SQL Injection

Union Query SQL injection is a type of in-band injection attack that allows an attacker to extract information from the database quickly. This attack utilises the SQL UNION operator. This attack allows the attacker to combine more than one SQL commands into one SQL command. The response generated from the server is returned as HTTP response.


The below code shows when an attacker gets the number of columns by using other injection attacks.

https://example.beaglesecurity.com/report.php?id=23 order by 5--+
https://example.beaglesecurity.com/report.php?id=23 union select 1,2,3,4,5--

The resultant link generates a HTTP response.

Impact and Fixes

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.