Detecting SQL Injection Attacks

SQL Injection (SQLi) remains one of the most common web vulnerabilities. Fortunately, many of these attacks leave clear footprints in your server logs.

Common Patterns to Look For

When analyzing your logs, keep an eye out for these classic SQLi characters:

1. ' OR 1=1 - The most basic authentication bypass.
2. UNION SELECT - Used to extract data from other tables.
3. information_schema - A tell-tale sign of database structure probing.

How LogAnalizer Helps

Using LogAnalizer, you can easily filter for these patterns across millions of log entries. Our built-in security analysis automatically flags entries containing:

• SQL keywords in URL parameters.
• Unusual characters like -- or /*.
• Blind SQL injection attempts using SLEEP() or WAITFOR.

Example Log Entry

log 127.0.0.1 - - [18/Dec/2024:10:00:01 +0000] "GET /products.php?id=1' UNION SELECT NULL,username,password FROM users-- HTTP/1.1" 200 1234

LogAnalizer will highlight the UNION SELECT and users-- part, making it obvious that a probe is occurring.