SQL Injection (SQLi)

Example attack

SQL Injection (SQLi) is a vulnerability where an attacker injects malicious SQL code into your queries, potentially exposing or modifying your database.

Example attack

GET /users?id=1 OR 1=1

Without proper protection, this could return all users or allow the attacker to modify data. How BlackLab helps BlackLab’s SQLi plugin scans incoming requests for patterns like: Suspicious SQL keywords (SELECT, UNION, DROP, etc.) Tautologies (OR 1=1) Comment-based injections (--, #) Example configuration:

BlackLab.configure do |config|
  config.plugins = [
    BlackLab::Plugins::SqliPlugin.new(weight: 3)
  ]
end

SQL Injection is one of the most dangerous attacks. BlackLab blocks malicious SQL patterns before they reach your database.

Introduction Cross-Site Scripting (XSS)

⌘I

Getting started

Plugins

Write your own plugin

Example attack

Getting started

Plugins

Write your own plugin

​Example attack

Example attack