Does it provide remediation advice?

Yes, the skill includes guidance on remediation, such as implementing parameterized queries and proper input validation to prevent future vulnerabilities.

Does this skill support blind SQL injection?

Yes, it includes specialized methods for both boolean-based and time-based blind injection for scenarios where database error messages are suppressed.

What database systems does this skill support?

It provides comprehensive techniques and payloads for major systems including MySQL, Microsoft SQL Server (MSSQL), PostgreSQL, and Oracle.

Is this skill meant for automated or manual testing?

It is designed to facilitate a hybrid approach, providing manual payloads and systematic logic that can be used alongside automated tools like SQLMap.

Can it help with WAF or filter evasion?

Absolutely. The skill includes techniques for character encoding, whitespace substitution, and keyword variation to bypass Web Application Firewalls and blacklists.

SQL Injection Security Testing

Name: SQL Injection Security Testing
Author: boisenoise

byboisenoise

セキュリティとテスト

Conducts comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

概要

This skill empowers security professionals and developers to perform deep-dive SQL injection audits across various database systems including MySQL, MSSQL, PostgreSQL, and Oracle. It provides systematic workflows for detecting injectable parameters, executing complex exploitation techniques—such as UNION-based, time-blind, and out-of-band extraction—and bypassing common security filters or authentication mechanisms to validate application resilience and input sanitization effectiveness.

主な機能

Sophisticated WAF and filter evasion techniques using encoding and comments
0 GitHub stars
Advanced exploitation payloads including UNION-based and error-based extraction
Authentication bypass strategies for testing login form security
Multi-vector detection for in-band, blind, and out-of-band injection flaws
Database fingerprinting for MySQL, MSSQL, PostgreSQL, and Oracle

ユースケース

Validating the effectiveness of input sanitization and parameterized queries
Executing authorized penetration tests to discover critical database vulnerabilities
Generating proof-of-concept exploits for security reporting and remediation

概要

主な機能

Sophisticated WAF and filter evasion techniques using encoding and comments
0 GitHub stars
Advanced exploitation payloads including UNION-based and error-based extraction
Authentication bypass strategies for testing login form security
Multi-vector detection for in-band, blind, and out-of-band injection flaws
Database fingerprinting for MySQL, MSSQL, PostgreSQL, and Oracle

ユースケース

Validating the effectiveness of input sanitization and parameterized queries
Executing authorized penetration tests to discover critical database vulnerabilities
Generating proof-of-concept exploits for security reporting and remediation