injection-checking
Original:🇺🇸 English
Translated
Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on how attacker-controlled input is consumed.
12installs
Sourceyaklang/hack-skills
Added on
NPX Install
npx skill4agent add yaklang/hack-skills injection-checkingTags
Translated version includes tags in frontmatterSKILL.md Content
View Translation Comparison →Injection Testing Router
这是输入进入危险解释器或执行环境时的分类入口。
它适合在确认“这是注入类问题”之后,继续判断更偏向浏览器上下文、数据库、模板引擎、服务端请求、XML 解析器还是系统命令。
When to Use
- 输入会进入 HTML、JS、SQL、模板、URL 提取器、XML 解析器或 shell
- 你还没决定应该先走 XSS、SQLi、SSRF、XXE、SSTI、CMDi 还是 NoSQL
- 你需要按输入流向选择正确的深度专题 skill
Skill Map
- XSS Cross Site Scripting
- SQLi SQL Injection
- SSRF Server Side Request Forgery
- XXE XML External Entity
- SSTI Server Side Template Injection
- CMDi Command Injection
- NoSQL Injection
- Deserialization Insecure
- JNDI Injection
- Expression Language Injection
- CRLF Injection
- Extra Injection Types (SSI, LDAP, XPath)
- Request Smuggling
- Prototype Pollution
- Type Juggling
- HTTP Parameter Pollution
- XSLT Injection
- CSV Formula Injection
Recommended Flow
- 先识别输入最终落点
- 再选与该解释器最匹配的专题 skill
- 小样本 payload 与 quick triage 已并入各主 skill,不再额外走 payload router
Related Categories
- file-access-vuln