The string you provided is a designed to discover the number of columns in a database table. Breakdown of the Payload
: This is a comment indicator that tells the database to ignore the rest of the original query that follows. {KEYWORD}) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL-- ZkhD
: This part attempts to break out of the existing SQL query structure. The closing parenthesis ) is used to "close" a likely function or subquery in the application's original code. The string you provided is a designed to
: The original table has exactly 5 columns. This confirms a vulnerability and allows the attacker to move to the next step: identifying which columns can display sensitive data. {KEYWORD}) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL-- ZkhD
For more in-depth technical guides, you can visit the Web Security Academy or community forums like Medium .