This specific string is designed to be appended to a vulnerable input field (the {KEYWORD} in your example) to probe the database structure: : Closes the original string literal in the SQL query.
If the original query has 8 columns, the page will likely load normally or show an extra row of empty data. This specific string is designed to be appended
: Attempts to select 8 columns of "null" data. : Appends a new set of results to
: Appends a new set of results to the original query's output. The Goal of the Attack The payload you
If the column count is wrong (e.g., the original query has 7 or 9 columns), the database will return an error.
: This is a SQL comment, which tells the database to ignore the rest of the original, legitimate query that follows. The Goal of the Attack
The payload you provided, ' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- , is a common pattern used in to determine the number of columns returned by an original database query. What this Payload Does