If the page returns an error (like "The used SELECT statements have a different number of columns"), the attacker will try again with five or seven NULL values until the error disappears. 4. -- (The Comment) In SQL, double-dashes signify the start of a comment.
Here is a detailed breakdown of what each component of this specific string does: 1. {KEYWORD}
: The database executes: SELECT col1, col2, col3, col4, col5, col6 FROM products WHERE name = '' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL--' . If the page returns an error (like "The
: This "comments out" the rest of the original SQL query written by the developers.
: The attacker wants the database to return the results of the original query plus the results of their injected query. Here is a detailed breakdown of what each
: For a UNION to work, the second query must have the exact same number of columns as the first query. 3. SELECT NULL,NULL,NULL,NULL,NULL,NULL
Developers should use Parameterized Queries (Prepared Statements), which treat user input as literal data rather than executable code. : The attacker wants the database to return
Scanners append strings like GoJB so that the security researcher can search the website's logs or the page's source code later to confirm that their input was successfully processed and reflected by the server. Summary of the Attack Flow