Skip to main content

Documentation Index

Fetch the complete documentation index at: https://blacklab.windmotion.io/llms.txt

Use this file to discover all available pages before exploring further.

SQL Injection (SQLi) is a vulnerability where an attacker injects malicious SQL code into your queries, potentially exposing or modifying your database.

Example attack

GET /users?id=1 OR 1=1
Without proper protection, this could return all users or allow the attacker to modify data. How BlackLab helps BlackLab’s SQLi plugin scans incoming requests for patterns like: Suspicious SQL keywords (SELECT, UNION, DROP, etc.) Tautologies (OR 1=1) Comment-based injections (--, #) Example configuration: 

BlackLab.configure do |config|
  config.plugins = [
    BlackLab::Plugins::SqliPlugin.new(weight: 3)
  ]
end
SQL Injection is one of the most dangerous attacks. BlackLab blocks malicious SQL patterns before they reach your database.