That is “done by escalating privileges to become an internal user of the system”. An attacker can log on to a system with administrative privileges to enable access to the system without using a valid user name and password. In this case, the attacker gains unauthorized access to sensitive information and performs information disclosure, compromises data integrity, and performs authentication bypass. In addition, an attacker can exploit vulnerabilities in the application to gain access to inside information.
Other forms of SQL injection attacks that can be performed to gain access to insider information include the Blind and Second-Order Injection to perform reconnaissance, modify the database contents, gather sensitive information, and collect authentication credentials. It is also important to perform SQL injection errors so that if a website returns error messages in response to the SQL injection attack, it is flagged as a vulnerable site and can be attacked.