SQL injection is one of the most dangerous and oldest web vulnerabilities. An attacker inserts database commands into form fields or API parameters, hoping your server blindly passes that input to the database — letting them read, modify, or delete your entire database.
Think of it this way
Imagine your API asks users for their name and then runs: 'SELECT * FROM users WHERE name = [what they typed]'. If someone types: `' OR '1'='1`, the query becomes: 'SELECT * FROM users WHERE name = '' OR '1'='1'` — which returns every user in the database. It is like a locksmith asking 'what's your name?' and someone answering 'Open Sesame' in a language the lock actually understands.
An attacker finds API parameters that might be passed directly into database queries — search fields, login inputs, filter parameters. They inject SQL payloads like `' OR 1=1--`, `'; DROP TABLE users;--`, or `' UNION SELECT username, password FROM users--`. If the API is vulnerable, the database executes these commands, potentially returning all data, bypassing authentication, or destroying records.
Scenario 1
A login endpoint that constructs queries with string concatenation accepts username: `admin'--` and any password. The resulting SQL query ignores the password check entirely and logs in as admin.
Scenario 2
An attacker probes a search endpoint with UNION-based injection payloads. Within 20 minutes they extract the entire users table — 200,000 email addresses, hashed passwords, and phone numbers.
Anomira scans incoming request parameters for SQL injection signatures — single quotes, double dashes, UNION keywords, common SQL functions — and fires an alert when these patterns appear, especially in combination with error responses from your server.
See this attack in your live API traffic
Anomira detects sql injection probe automatically — no configuration needed.