UNION base injection UNION-based attacks allow the tester to easily extract information from the database. Because the UNION operator can only be used if both queries have the exact same structure the attacker must craft a SELECT statement similar to the original query.To do this, a valid table name must be known but it is also necessary to determine the number of columns in the first query and their data type. TABLE NAME ERROR Guessing may be an option to find a table name that exists in the database (a good one in some cases), but let’s consider an approach that will guarantee successful results even if luck is not on your side. The best way to find such information is to use system tables instead of user tables. Even if database systems have different naming convention, the number of popular DBMS is really limited and a valid system table name can be found quickly. Notice that at this step, it is not even necessary to