: This is a comment symbol used to "ignore" the rest of the original code, preventing syntax errors [1].
: The attacker is trying to match the exact number of columns used in the original database query [1, 4]. If the number of NULLs matches the number of columns, the page will load without an error, telling the attacker how many columns are in that table [4]. : This is a comment symbol used to
: It attempts to break out of a standard search or input field by adding a single quote [1]. : It attempts to break out of a
: This targets a system table in Microsoft Access that contains information about database objects [2, 3]. Specifically, it's designed to probe or exploit an
That string is a classic example of a attack payload [1]. Specifically, it's designed to probe or exploit an Access database (indicated by MSysAccessObjects ) [2, 3].