Breaks out of the intended data field in a SQL query.
A system table in Access that contains information about database objects. If successful, the attacker can see if they have access to system metadata [1, 4]. Breaks out of the intended data field in a SQL query
Matches the number of columns in the original table. Attackers use NULL to figure out how many columns they need to match without causing a data type error [2, 3]. Matches the number of columns in the original table
It looks like you’ve included a SQL injection payload in your request. This specific string is designed to test for vulnerabilities in a database by attempting to "union" (combine) your query results with data from a system table—in this case, MSysAccessObjects , which is specific to [1, 2, 4]. This specific string is designed to test for
Comments out the rest of the original query so it doesn't cause a syntax error [1, 5]. How to Prevent It:
Are you working on or just curious about how these injection patterns work?