cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back to annotator catalog
SQL injection attempts signal illustration
Annotator sqli

SQL injection attempts

Input patterns resemble attempts to manipulate SQL queries via application parameters.

How It Works Recent Real Samples

What This Annotator Watches

This explanation is derived from the live annotator implementation, not hand-waved catalog copy.
Focus
  • Classic SQL injection payload structures
  • Union, stacked statements, tautologies, time-based probes, and metadata enumeration
  • Boolean logic and SQL punctuation in suspicious parameter context
Logic
  • The annotator escalates for stronger SQLi structures such as UNION SELECT and destructive stacked statements.
  • Weaker comment markers only survive when context supports them.
  • It emits summarized snippets so the operator can see the shape without dumping dangerous raw text.
How To Read It
This is the cleanest signal for SQL-shaped exploit probing against application parameters.
Catalog Definition
Flags patterns associated with SQL injection probing, including query-logic fragments and suspicious operator/keyword structures in parameters. This annotator supports defensive reporting and helps explain likely exploit probing. Avoid presenting raw payloads verbatim in public-facing UI; prefer summarizing the affected endpoints and frequency over time.

10 Most Recent Real Samples

Weekly cached from live annotated access events so the catalog stays fast.
Week
2026W14
Lookback
30 days
Total matched
207
Latest sample
Mar 30, 2026 • 00:26
Top rules
sqli:enum_fields · 4 sqli:if_case · 2 sqli:time_based · 2
Top requester orgs
Everywhere Wireless, LLC · 2 Telecom Personal Bs · 2 Vox Telecom (Pty) Ltd · 2
Severity mix
26 · 4 18 · 2 30 · 2 8 · 2
Method mix
GET · 10
GET 200 26
Mar 30, 2026 • 00:26
/
SQL injection indicator: sqli:enum_fields
IP 204.14.36.23 Subnet 204.14.36.0/24 Org Everywhere Wireless, LLC Country United States Rule sqli:enum_fields
GET 301 26
Mar 30, 2026 • 00:26
/blog/posting-to-buffer-using-apis-a-step-by-step-guide/
SQL injection indicator: sqli:enum_fields
IP 204.14.36.23 Subnet 204.14.36.0/24 Org Everywhere Wireless, LLC Country United States Rule sqli:enum_fields
GET 404 18
Mar 29, 2026 • 04:14
/0'XOR(if(now()%3Dsysdate(),sleep(8*1),0))XOR'Z
SQL injection indicator: sqli:if_case
IP 181.94.227.143 Subnet 181.94.227.0/24 Org Telecom Personal Bs Country Paraguay Rule sqli:if_case
GET 404 30
Mar 29, 2026 • 04:14
/0'XOR(if(now()%3Dsysdate(),sleep(8*1),0))XOR'Z
SQL injection indicator: sqli:time_based
IP 181.94.227.143 Subnet 181.94.227.0/24 Org Telecom Personal Bs Country Paraguay Rule sqli:time_based
GET 301 18
Mar 29, 2026 • 04:14
/0'XOR(if(now()=sysdate(),sleep(8*1),0))XOR'Z
SQL injection indicator: sqli:if_case
IP 113.180.131.105 Subnet 113.180.131.0/24 Country Vietnam Rule sqli:if_case
GET 301 30
Mar 29, 2026 • 04:14
/0'XOR(if(now()=sysdate(),sleep(8*1),0))XOR'Z
SQL injection indicator: sqli:time_based
IP 113.180.131.105 Subnet 113.180.131.0/24 Country Vietnam Rule sqli:time_based
GET 301 8
Mar 29, 2026 • 02:30
/logmap_db/ip/193.84.71.190/annotations/?page=2%5D-%28SEleCT%2F%2A%2A%2F0%2F%2A%2A%2FwHErE%2F%2A%2A%2F2061%3D2061%2F%2A…
SQL injection indicator: sqli:comment_marker
IP 14.163.152.182 Subnet 14.163.152.0/24 Org VietNam Post and Telecom Corporation Country Vietnam Rule sqli:comment_marker
GET 301 8
Mar 29, 2026 • 02:30
/logmap_db/ip/193.84.71.190/annotations/?page=2%5D-%28SEleCT%2F%2A%2A%2F0%2F%2A%2A%2FwHErE%2F%2A%2A%2F2061%3D2061%2F%2A…
SQL injection indicator: sqli:comment_marker
IP 113.190.83.211 Subnet 113.190.83.0/24 Org Vietnam Posts and Telecommunications Group Country Vietnam Rule sqli:comment_marker
GET 200 26
Mar 28, 2026 • 19:55
/
SQL injection indicator: sqli:enum_fields
IP 41.193.225.189 Subnet 41.193.225.0/24 Org Vox Telecom (Pty) Ltd Country South Africa Rule sqli:enum_fields
GET 301 26
Mar 28, 2026 • 19:55
/blog/posting-to-buffer-using-apis-a-step-by-step-guide/
SQL injection indicator: sqli:enum_fields
IP 41.193.225.189 Subnet 41.193.225.0/24 Org Vox Telecom (Pty) Ltd Country South Africa Rule sqli:enum_fields