Can we perform UNION based SQL injection in order to figure out which column has which kind of datatype irrespective of the DBMS used on backend?
We can UNION columns of different data types in the majority of SQL databases like MySQL, SQLite etc. There are only few DBMS like Microsoft Access and Db2 which don't give Unioned columns output if the columns have different data types.
So can we assume that in the "Lab: SQL injection UNION attack, finding a column containing text", it is using one of these two DBMS on the backend?
Because if we are giving the input: ' UNION SELECT 'a', NULL, NULL (I have crossed-checked 3 columns are returned by the SQL query on the backend) in the category parameter on the filter route i.e. 2/filter?category= then we get an error.
I am looking an answer because when I tried to UNION two columns of different data types via this query: SELECT age FROM Customers UNION SELECT 'a'; on the web application: https://www.programiz.com/sql/online-compiler/ which is an online SQL compiler, it didn't throw any error and outputted the 'a' in the same column which consisted of numerical values from the age column.
