Is it safe to use this skill for production testing?

The skill includes operational guardrails to avoid destructive queries like DROP or DELETE; however, it should only be used on targets where you have explicit, written authorization.

What database systems does this skill support?

The skill provides comprehensive techniques and syntax specific to MySQL, MSSQL, PostgreSQL, and Oracle database systems.

What deliverables does this skill produce?

It generates vulnerability reports with severity ratings, database schema extractions, PoC demonstrations, and specific remediation recommendations.

Does this skill support blind SQL injection testing?

Absolutely. It covers both Boolean-based and Time-based blind extraction methods for scenarios where the application does not return direct database errors.

Can this skill help bypass Web Application Firewalls (WAF)?

Yes, it includes specialized filter bypass techniques such as character encoding, whitespace substitution, and keyword variation to evade detection.

SQL Injection Security Testing

Name: SQL Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

Security & Testing

Conducts comprehensive SQL injection vulnerability assessments to identify and remediate database security flaws.

About

This skill empowers security researchers and developers to systematically detect and analyze SQL injection vulnerabilities across various database systems including MySQL, PostgreSQL, MSSQL, and Oracle. It provides a structured framework for the entire penetration testing lifecycle, from initial reconnaissance and logic testing to advanced exploitation techniques like UNION-based, error-based, and blind time-based injections. By simulating real-world attack vectors and providing remediation code examples, it helps teams validate input sanitization and strengthen application security posture against one of the most critical web vulnerabilities.

Key Features

Comprehensive detection workflows for Boolean, Time-based, and Error-based SQLi
Structured reporting with severity ratings and remediation code examples
Advanced exploitation patterns including UNION-based and Out-of-Band extraction
0 GitHub stars
Filter bypass techniques for evading WAFs using encoding and comment injection
Multi-database support for MySQL, MSSQL, PostgreSQL, and Oracle syntax

Use Cases

Validating the effectiveness of database input sanitization and parameterized queries
Performing authorized penetration testing and security audits on web applications
Generating proof-of-concept demonstrations for authentication bypass vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sql-injection-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub