Union-based SQL injection is a technique that uses the UNION SQL operator to combine the results of the original query with the results of one or more additional queries. This allows attackers to:

Retrieve data from different database tables

Extend the result set returned to the web application

Exploit the application if both queries return the same number and type of columns

According to CEH v13:

UNION SELECT can be used to enumerate tables, extract user credentials, or display sensitive data.

It requires knowledge of the structure of the original query.

Incorrect Options:

A. Error-based injection extracts data from database error messages.

B. Boolean-based blind SQLi returns true/false results to infer data.

C. Blind SQLi (generic) relies on no visible output and uses inference techniques.

Reference – CEH v13 Official Courseware:

Module 14: Hacking Web Applications

Section: “Types of SQL Injection Attacks”

Subsection: “Union-Based SQL Injection”

=