← LibraryTechnique entry
W-SQLI-UNIONCollection
SQL Injection — UNION-Based
Append UNION SELECT to enumerate columns and exfiltrate arbitrary tables.
§ Where this technique fits
W-SQLI-UNION is catalogued under the Collection tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 4 on average.
§ Dossiers chaining this technique
- step 3 / 8
SQLi (UNION) → DB dump → admin login
Discover a UNION-based SQL injection on a search/listing endpoint, enumerate the schema, dump the users table, and authenticate as an admin.
- step 5 / 6
Origin IP bypass → direct attack on backend
Find the real origin IP behind the CDN via CT logs / DNS history / SSL fingerprinting. Connect directly to origin, bypassing WAF + caching + rate-limit; run noisy attacks (SQLi / RCE) that the edge would have blocked.
§ What commonly comes next
- 01Brute Forceseen 1×T1110 · Credential Access
- 02Exfiltration Over C2 Channelseen 1×T1041 · Exfiltration