By sending those five NULL values, the attacker was testing the "width" of the database table. If the server responded with an error, they knew the table didn’t have five columns. If the page loaded normally, they’d found the target's dimensions.
To a human eye, the subject line— {KEYWORD}') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL-- UWqq —looked like a glitch, a digital sneeze of brackets and dashes. But to the database, it was a skeleton key. The single quote broke the lock, and the UNION ALL SELECT was an invitation: Don’t just look for the keyword; look for everything. {KEYWORD}') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL-- UWqq
"It's a heartbeat monitor," Marcus whispered, his coffee forgotten. By sending those five NULL values, the attacker
The email arrived at 3:02 AM, a ghost in the machine of the Global Transit Authority’s central server. To a human eye, the subject line— {KEYWORD}')