N Northwind Books
Path: /products  ·  Reads a ?id= query string. Good for: rules matching on the query (injection-style patterns).

Catalogue

Browse the shelves

This page reads the id query parameter and echoes it below — so you can experiment with rules that inspect http.request.uri.query. Try the links, or craft your own ?id=....

Current selection: none

Piranesi

Susanna Clarke · $16
View id 101 →

Stoner

John Williams · $13
View id 102 →

The Left Hand of Darkness

Ursula K. Le Guin · $14
View id 103 →

A real product page would look this id up in a database — which is where SQL injection lives. You can simulate a suspicious request with something like /products/?id=1' OR '1'='1 and write a rule that matches odd query patterns. (Nothing runs here; it's just for triggering and observing rules.)