If an application is vulnerable to SQL injection then attackers might be able to retrieve data from different tables in the backend database. One of the main target would be a table that stores the details application users including their usernames and password. During this video we see a scenario where an attacker exploit a sql injection to extract username and password of application users form database.
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their applications.
Web Security Academy | Lab: SQL injection UNION attack, retrieving data from other tables.
portswigger.net/web-security/...
Twitter: / tracethecode