General injection attempts

Suspicious input patterns consistent with injection-like probing across multiple families.

How It Works Recent Real Samples

What This Annotator Watches

This explanation is derived from the live annotator implementation, not hand-waved catalog copy.

Focus

Generic crafted-input probing across multiple injection families
XXE, JNDI, LDAP, NoSQL, SSTI, OGNL, and expression-style payloads
Input that does not fit neatly into one narrower exploit family

Logic

The annotator recognizes broad-spectrum injection payload structures.
Specific families like JNDI or OGNL raise stronger findings than generic operator noise.
It is intentionally broad and is best interpreted alongside more specific annotators when they co-occur.

How To Read It

Use this as the wide-angle injection signal when the request was clearly crafted but not purely SQLi, header injection, or command injection.

Catalog Definition

A broad-spectrum injection signal for suspicious input patterns that do not cleanly map to a specific exploit family. This can include odd metacharacters, encoding tricks, and payload fragments that suggest an attempt to influence parsing or evaluation. Treat this as “generic crafted input” and interpret alongside more specific annotators (SQLi, header injection, command injection) when they co-occur.

10 Most Recent Real Samples

Weekly cached from live annotated access events so the catalog stays fast.

Week

2026W13

Lookback

30 days

Total matched

Latest sample

No cached rows yet

Top rules

No cached rule sample yet

Top requester orgs

No cached organization sample yet

Severity mix

No cached severity mix yet

Method mix

No cached method mix yet

No cached samples yet

This annotator has not had a weekly sample snapshot built yet, or there were no matching annotated rows in the current lookback window.

General injection attempts

What This Annotator Watches

10 Most Recent Real Samples

Confirm Action