A cybersecurity forensic investigator analyzes log files to investigate an SQL Injection attack. While going through the Apache across.log, they come across a GET request from the IP 10.0.0.19 containing an encoded query string:
GET /sqli/examplel.php?name=root' UniON SeLeCT 1,table_name,3,4,5 From information_schema.tables where Table_Schema=DatabasE() limit 1,2---
What is the intention behind the attacker’s query?
The intention behind the attacker's query is to retrieve the names of the tables in the database. The SQL injection attack uses the UNION SELECT statement to combine the results of the original query with the results of a new query that selects table names from the information_schema.tables where the table schema matches the current database. This allows the attacker to gain information about the structure of the database, specifically the names of its tables.
4th query: GET /sqli/example1.php?name=root' UniON SeLeCT 1,table_name,3,4,5 From Information_schema.tables where Table_Schema=DatabasE() limit 1,2--- The attacker attempted to obtain the table names from the database