injection-checking

Original：🇺🇸 English

Translated

Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on how attacker-controlled input is consumed.

3installs

Sourceyaklang/hack-skills

Added on2026-04-09

NPX Install

npx skill4agent add yaklang/hack-skills injection-checking

SKILL.md Content

View Translation Comparison →

Injection Testing Router

这是输入进入危险解释器或执行环境时的分类入口。

它适合在确认“这是注入类问题”之后，继续判断更偏向浏览器上下文、数据库、模板引擎、服务端请求、XML 解析器还是系统命令。

When to Use

输入会进入 HTML、JS、SQL、模板、URL 提取器、XML 解析器或 shell
你还没决定应该先走 XSS、SQLi、SSRF、XXE、SSTI、CMDi 还是 NoSQL
你需要按输入流向选择正确的深度专题 skill

Skill Map

XSS Cross Site Scripting
SQLi SQL Injection
SSRF Server Side Request Forgery
XXE XML External Entity
SSTI Server Side Template Injection
CMDi Command Injection
NoSQL Injection
Deserialization Insecure
JNDI Injection
Expression Language Injection
CRLF Injection
Extra Injection Types (SSI, LDAP, XPath)
Request Smuggling
Prototype Pollution
Type Juggling
HTTP Parameter Pollution
XSLT Injection
CSV Formula Injection

Recommended Flow

先识别输入最终落点
再选与该解释器最匹配的专题 skill
小样本 payload 与 quick triage 已并入各主 skill，不再额外走 payload router

Related Categories

file-access-vuln