The UNION operator is widely used in SQL Injection to attach a malicious SQL query to the original query that the web application is supposed to conduct. The result of the injected query will be combined with the original query's result. This allows the attacker to get values from other tables' columns.
SQL Injection attacks can result in the theft, modification, or even loss of sensitive data such as personally identifying information, usernames, and passwords once they have been exploited. Privileges can be elevated at the application, database, or operating system level.
In-band SQLi (Classic), inferential SQLi (Blind), and out-of-band SQLi are the three types of SQL injections. SQL injections are classified according to the methods they utilise to access backend data and the amount of harm they can cause.
Cyber Forensics Masterclass with Hands on learning