Overview
Union-Based SQL Injection focuses on a vulnerable search function where query results are returned in the application response.
This lab covers a SQL injection scenario where the application displays database-backed search results. When result columns are visible, UNION-based testing can reveal how injected SELECT output may be combined with the application's original query output.
Security Impact
Union-based SQL injection can expose data from tables that were never meant to be shown through the affected feature. Depending on database privileges, this may include user records, internal identifiers, password hashes, or business-sensitive data.
Vulnerability Scope
Search pages, product listings, reporting views, and directory pages are natural places for this issue because they already display database query results in the response.
Lab Focus
The lab centers on recognizing visible query output, understanding why column shape matters, and connecting UNION-based risk to least-privilege database access and safe query construction.
Related Labs
Related trainings
