cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back to annotator catalog
SQL injection attempts signal illustration
Annotator sqli

SQL injection attempts

Input patterns resemble attempts to manipulate SQL queries via application parameters.

Attack family · SQL injection and database compromise Phase · Exploit delivery Risk · Critical
How It Works Recent Real Samples

What This Annotator Watches

This explanation is derived from the live annotator implementation, not hand-waved catalog copy.
Focus
  • Classic SQL injection payload structures
  • Union, stacked statements, tautologies, time-based probes, and metadata enumeration
  • Boolean logic and SQL punctuation in suspicious parameter context
Logic
  • The annotator escalates for stronger SQLi structures such as UNION SELECT and destructive stacked statements.
  • Weaker comment markers only survive when context supports them.
  • It emits summarized snippets so the operator can see the shape without dumping dangerous raw text.
Attack Family
SQL injection and database compromise
Phase · Exploit delivery Risk · Critical
SQL injection is still one of the most consequential application attack families because the database often contains the real crown jewels: identities, secrets, business records, and control state.
Damage Patterns
  • Successful SQLi can lead to bulk data theft, privilege escalation, admin creation, tampering, and destructive write operations.
  • Even read-only footholds are often enough to fuel extortion, credential replay, and secondary compromise.
Incident Lore
  • A large share of classic web-breach lore is database lore: customer dumps, credential spills, and quietly altered records flowing from injectable inputs.
  • SQLi remains dangerous because one vulnerable parameter can expose an entire data tier, not just one page.
How To Read It
This is the cleanest signal for SQL-shaped exploit probing against application parameters.
Defender Takeaway
When this signal is strong, think data-layer blast radius. The target is not the page. The target is the store beneath it.
Catalog Definition
Flags patterns associated with SQL injection probing, including query-logic fragments and suspicious operator/keyword structures in parameters. This annotator supports defensive reporting and helps explain likely exploit probing. Avoid presenting raw payloads verbatim in public-facing UI; prefer summarizing the affected endpoints and frequency over time.

10 Most Recent Real Samples

Weekly cached from live annotated access events so the catalog stays fast.
Week
2026W17
Lookback
30 days
Total matched
355
Latest sample
Apr 18, 2026 • 13:24
Top rules
sqli:comment_marker · 3 sqli:enum_fields · 2 sqli:union_select · 2
Top requester orgs
Techoff SRV Limited · 5 Bharti Airtel Ltd · 2 WHG Hosting Services Ltd · 1
Severity mix
8 · 3 24 · 2 26 · 2 32 · 2 20 · 1
Method mix
GET · 10
GET 404 24
Apr 18, 2026 • 13:24
/blog/?page=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)),
SQL injection indicator: sqli:tautology
IP 65.181.118.110 Subnet 65.181.118.0/24 Org WHG Hosting Services Ltd Country United States Rule sqli:tautology
GET 404 24
Apr 18, 2026 • 11:27
/index.php/wp-json/learnpress/v1/courses/?c_only_fields=ID%2Cpost_author%2Cpost_date%2Cpost_date_gmt%2Cpost_content%2Cp…
SQL injection indicator: sqli:hex_blob
IP 14.237.40.46 Subnet 14.237.40.0/24 Org Vietnam Posts and Telecommunications Group Country Vietnam Rule sqli:hex_blob
GET 200 26
Apr 16, 2026 • 19:22
/
SQL injection indicator: sqli:enum_fields
IP 106.219.156.244 Subnet 106.219.156.0/24 Org Bharti Airtel Ltd Country India Rule sqli:enum_fields
GET 301 26
Apr 16, 2026 • 19:22
/blog/posting-to-buffer-using-apis-a-step-by-step-guide/
SQL injection indicator: sqli:enum_fields
IP 106.219.156.244 Subnet 106.219.156.0/24 Org Bharti Airtel Ltd Country India Rule sqli:enum_fields
GET 404 20
Apr 16, 2026 • 15:37
/blog/the-power-of-asanas-a-journey-into-the-heart-of-yoga/insert%20image%20url%20here
SQL injection indicator: sqli:keyword_write
IP 116.76.38.229 Subnet 116.76.38.0/24 Org Topway Country China Rule sqli:keyword_write
GET 200 8
Apr 15, 2026 • 10:21
/admin/login/?next=/admin/%3Fn%3Dproduct%26c%3Dproduct_admin%26a%3Ddopara%26app_type%3Dshop%26id%3D1%2520union%2520SELE…
SQL injection indicator: sqli:comment_marker
IP 93.123.109.205 Subnet 93.123.109.0/24 Org Techoff SRV Limited Country Andorra Rule sqli:comment_marker
GET 200 32
Apr 15, 2026 • 10:21
/admin/login/?next=/admin/%3Fn%3Dproduct%26c%3Dproduct_admin%26a%3Ddopara%26app_type%3Dshop%26id%3D1%2520union%2520SELE…
SQL injection indicator: sqli:union_select
IP 93.123.109.205 Subnet 93.123.109.0/24 Org Techoff SRV Limited Country Andorra Rule sqli:union_select
GET 302 8
Apr 15, 2026 • 10:21
/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%…
SQL injection indicator: sqli:comment_marker
IP 93.123.109.205 Subnet 93.123.109.0/24 Org Techoff SRV Limited Country Andorra Rule sqli:comment_marker
GET 302 32
Apr 15, 2026 • 10:21
/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%…
SQL injection indicator: sqli:union_select
IP 93.123.109.205 Subnet 93.123.109.0/24 Org Techoff SRV Limited Country Andorra Rule sqli:union_select
GET 301 8
Apr 15, 2026 • 10:21
/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%…
SQL injection indicator: sqli:comment_marker
IP 93.123.109.205 Subnet 93.123.109.0/24 Org Techoff SRV Limited Country Andorra Rule sqli:comment_marker