Scans payload and/or URI for SQL injection attacks
Table 1. Supported parameters
| Parameter |
Required |
Data type |
Details |
| filterOn |
No |
object |
Specify what parts to apply filter on |
| injectionRules |
Yes |
array |
List of case-insensitive filters to apply. All items must be unique.
DefaultInjectionTypes: likeMatch, escapeSequence, keywordInjection, mssqlCommands,
metacharacters, oracleBufferOverflow, commands, mischaracterizations and
andOrAttack |
| message |
Yes |
string |
Specify what message to apply filter on |
Table 2. Options for filterOn
| Parameter |
Required |
Data type |
Details |
| body |
No |
enum (of string) |
Apply filter to body |
| uri |
No |
enum (of string) |
Apply filter to url-decoded URI |
| bodyAndUri |
No |
enum (of string) |
Apply filter to body and url-decoded URI |