Query Injection Attacks
T12 · RAG & Knowledge Base Manipulation →RAG retrieval pipelines include traditional software components — SQL databases for metadata, HTTP clients for web retrieval, file system access for document loading, template engines for query construction — each with its own injection surface. User queries that pass through to these backend systems without sanitization enable classic injection attacks: SQL injection on metadata stores, SSRF through URL-based retrieval, path traversal on file-based document stores, and template injection in query construction pipelines. The assumption violated is that the RAG system's query processing is secure because the LLM layer handles natural language — but the retrieval infrastructure is traditional software with traditional vulnerabilities.
- Input validation on all query parameters before passing to backend systems
- WAF rules for SQL, NoSQL, SSRF, SSTI, and command injection patterns in query inputs
- Monitor backend system logs for injection indicators (SQL errors, unexpected file access)
- Observable signal: query inputs containing SQL syntax, template delimiters, or shell metacharacters
Query injection provides initial access that enables all other T12 techniques. SQL injection enables T12-AT-001 (Vector Poisoning) by gaining write access.