How are UNION-based SQLi attacks performed? What are some of the first steps to conduct when performing this attack?

How to exploit directory traversal on a Linux server? What are the techniques to circumvent certain filters? And how does one mitigate this vulnerability?

This post explains two types of SQLi, and suggests briefly how to counteract them.