Final answer:
SQL injection is a type of attack that can compromise data-driven applications, but it should only be practiced in a legal and ethical context on designated test sites. Performing an SQL injection to extract sensitive information about a system's operating system or other configurations is illegal. Cybersecurity professionals must understand these attacks to defend against them, not to exploit vulnerabilities.
Step-by-step explanation:
SQL injection is a code injection technique that might be used to attack data-driven applications, whereby malicious SQL statements are inserted into an entry field for execution (e.g., to dump the database contents to the attacker). However, it's essential to note that attempting or performing SQL injections on websites that you do not have explicit permission to test is illegal and unethical. For educational purposes, certain websites exist where one can legally practice SQL injection skills. It is vital in the field of cybersecurity to learn about these attacks to understand how to prevent them.
When working with SQL injection, the operating system, database, and technology stack information, like PHP values, can sometimes be retrieved through SQL injection, depending on the vulnerability and configuration of the application.
However, in a real-world scenario, you would not attack a website to gather this information. Instead, you should use legitimate means such as asking for the information directly, using discovery tools, or reviewing documentation. Learning SQL injections and their defenses is a crucial skill set in cybersecurity, aimed at testing and securing applications, not exploiting them.