What databases does this SQL Injection skill support?

The skill provides comprehensive support and specific syntax for MySQL, MSSQL, PostgreSQL, and Oracle database systems.

Is this skill safe to use on live production databases?

The skill includes operational guardrails that advise against destructive queries like DROP or DELETE and recommends limiting data extraction to proof-of-concept quantities.

What types of SQL injection vectors are covered?

It covers in-band (UNION-based and Error-based), inferential (Boolean-based and Time-based blind), and out-of-band (OOB) extraction techniques.

Can this skill help bypass Web Application Firewalls (WAF)?

Yes, it includes advanced bypass techniques such as URL/Hex encoding, inline comment injection, and whitespace substitution to evade WAF filters.

Does it provide remediation advice?

Yes, the skill generates primary outputs that include remediation recommendations and secure code examples to help developers patch identified vulnerabilities.

SQL Injection Testing

Name: SQL Injection Testing
Author: claudiodearaujo

byclaudiodearaujo

セキュリティとテスト

Performs comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws.

概要

This skill empowers security researchers and developers to systematically detect and validate SQL injection vulnerabilities across multiple database systems including MySQL, MSSQL, PostgreSQL, and Oracle. It provides a structured workflow covering initial reconnaissance, exploitation techniques like UNION-based and time-based blind injection, and advanced filter bypass methods. By automating the generation of test payloads and providing remediation guidance, it helps ensure web applications are resilient against unauthorized database access and data exfiltration while adhering to strict legal and ethical guardrails.

主な機能

0 GitHub stars
Multi-database support for MySQL, MSSQL, PostgreSQL, and Oracle fingerprinting.
Sophisticated filter evasion strategies including encoding and whitespace manipulation.
Advanced exploitation techniques for schema extraction and authentication bypass.
Systematic detection using boolean-based, error-based, and time-based testing sequences.
Automated generation of proof-of-concept payloads and remediation code examples.

ユースケース

Validating the effectiveness of input sanitization and Web Application Firewall (WAF) configurations.
Generating detailed security reports with evidence artifacts for vulnerability disclosure.
Conducting authorized penetration testing on web application database layers.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sql-injection-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要