Database Query Injection
resolvedAttacker Type
AUTOMATED TOOL
Confidence
89%
Kill Chain
Initial Access
Events
2,340
CRS Score
52
Elapsed
8s
EVENT TIMELINE
high14:00:00
SQL injection attempt on /api/v1/search
info14:00:02
CIE: WAF rule deployed in 2ms
info14:00:30
Vulnerable endpoint patched and redeployed
ATTACK NARRATIVE
An automated SQL injection tool was detected targeting a legacy API endpoint. The Application Agent identified the SQLi pattern within 2ms and activated input sanitization at the WAF layer. All 2,340 injection attempts were blocked. The vulnerable endpoint has been patched.
Affected Assets
api-legacy-v1rds-users-prod
Agent Layers Involved
appdata
PREDICTED NEXT MOVES
01Extract database schema via error-based injection
02Dump user credentials table
03Pivot to internal network via database server
Pre-Blocked Paths
BLOCKEDExtract database schema via error-based injection
BLOCKEDDump user credentials table
BLOCKEDPivot to internal network via database server
COUNTER-ACTIONS EXECUTED
WAF rule activated to block SQLi patterns
14:00:02
Vulnerable endpoint patched
14:00:30
Attacker IP range blocked
14:00:05