Can it help bypass Web Application Firewalls (WAF)?

Yes, it includes advanced filter bypass techniques such as URL/Hex encoding, whitespace substitution, and keyword case variation to evade security filters.

What are the prerequisites for using this skill?

Users should have written authorization for testing, a target URL, and basic tools like Burp Suite or SQLMap for request manipulation.

Does it support blind SQL injection scenarios?

Absolutely. It contains specific workflows for both Boolean-based and Time-based blind extraction when the application does not return direct error messages.

Which databases does this skill support?

The skill provides specialized techniques and payloads for all major database systems, including MySQL, MSSQL, PostgreSQL, and Oracle.

SQL Injection Security Testing

Name: SQL Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

Seguridad y Pruebas

Performs comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

This skill provides a structured framework for security professionals and developers to conduct deep SQL injection (SQLi) penetration testing. It covers a wide range of attack vectors, including UNION-based, error-based, boolean-blind, and time-blind techniques across major database systems like MySQL, MSSQL, and PostgreSQL. By automating the identification of injectable parameters and providing specialized payloads for authentication bypass and filter evasion, it helps teams validate input sanitization and strengthen application security posture against sophisticated database attacks.

Características Principales

01Authentication bypass payloads and database schema extraction workflows

02Automated identification of injectable URL parameters, form fields, and HTTP headers

03Comprehensive detection for In-band, Blind, and Out-of-band (OOB) SQLi vectors

04Advanced WAF and filter evasion techniques using encoding and keyword variations

050 GitHub stars

06Support for multiple database systems including MySQL, MSSQL, PostgreSQL, and Oracle

Casos de Uso

01Generating proof-of-concept demonstrations for database vulnerability reporting

02Validating the effectiveness of input sanitization mechanisms and WAF rules

03Conducting professional security audits and penetration tests on web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sql-injection-testing

For use in Claude.ai and ChatGPT

Download Skill