A criminal is targeting a cloud web application. He was able to send a properly formatted SELECT statement through one of the input fields. This returned him data about the database, which he can use to further attack the application. What is the name of this type of attack?