injection
Original:🇺🇸 English
Translated
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
9installs
Added on
NPX Install
npx skill4agent add transilienceai/communitytools injectionTags
Translated version includes tags in frontmatterSKILL.md Content
View Translation Comparison →Injection
Test for injection vulnerabilities across all input vectors. Covers SQL, NoSQL, Command, SSTI, XXE, and LDAP injection.
Techniques
| Type | Key Vectors |
|---|---|
| SQL Injection | In-band (union, error), Blind (boolean, time), Out-of-band |
| NoSQL Injection | Operator injection, JavaScript injection, aggregation pipeline |
| Command Injection | OS command separators, blind techniques, out-of-band |
| SSTI | Template engine detection, sandbox escape, RCE chains |
| XXE | Entity expansion, SSRF via XXE, blind XXE, parameter entities |
| LDAP/XPath | Filter manipulation, authentication bypass |
Workflow
- Identify injection points (parameters, headers, cookies, JSON fields)
- Detect injection type with minimal probes
- Exploit with context-appropriate payloads
- Escalate (data extraction, RCE, file read)
- Capture evidence and write PoC
Reference
- - SQL injection techniques
reference/sql-injection*.md - - NoSQL injection techniques
reference/nosql-injection*.md - - OS command injection
reference/os-command-injection*.md - - Server-side template injection
reference/ssti*.md - - XML external entity injection
reference/xxe*.md