sql-injection-testing

name: SQL Injection Testing description: This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems. metadata: author: zebbern version: 4.1.0-fractal

SQL Injection Testing

Purpose

Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and validate input sanitization mechanisms. This skill enables systematic detection and exploitation of SQL injection vulnerabilities across in-band, blind, and out-of-band attack vectors to assess application security posture.

Inputs / Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Access

2. Technical Requirements

3. Legal Prerequisites

4. Primary Outputs

5. Evidence Artifacts

6. Phase 1: Detection and Reconnaissance

7. Phase 2: Exploitation Techniques

8. Phase 3: Authentication Bypass

9. Phase 4: Filter Bypass Techniques

10. Detection Test Sequence

11. Database Fingerprinting

12. Information Schema Queries

13. Common Payloads Quick List

14. Operational Boundaries

15. Technical Limitations

16. Legal and Ethical Requirements

17. Example 1: E-commerce Product Page SQLi

18. Example 2: Blind Time-Based Extraction

19. Example 3: Login Bypass

20. No Error Messages Displayed

21. UNION Injection Fails

22. WAF Blocking Requests

23. Payload Not Executing

24. Time-Based Injection Inconsistent