Does it support testing for blind SQL injection?

Yes, it includes comprehensive workflows for both boolean-based and time-based blind SQL injection extraction.

Which databases are supported by this skill?

The skill provides techniques and payloads specifically tailored for MySQL, MSSQL, PostgreSQL, and Oracle database systems.

Are there safety guardrails for these testing techniques?

Yes, the skill explicitly warns against destructive queries like DROP or TRUNCATE and emphasizes the need for written authorization before testing.

Can this skill help bypass Web Application Firewalls (WAF)?

It includes several filter bypass techniques, such as URL/Hex encoding, whitespace substitution, and keyword variation to evade detection.

SQL Injection Security Testing

Name: SQL Injection Security Testing
Author: zebbern

byzebbern

•

2,883

安全与测试

Performs comprehensive SQL injection vulnerability assessments to identify security flaws and validate input sanitization in web applications.

关于

This skill empowers developers and security professionals to systematically detect and exploit SQL injection vulnerabilities across a variety of database systems, including MySQL, MSSQL, PostgreSQL, and Oracle. By providing specialized payloads for UNION-based, error-based, and blind injection techniques, it facilitates thorough security audits, authentication bypass testing, and remediation validation. It serves as an essential tool for assessing an application's security posture while adhering to legal and ethical testing standards through guided workflows and guardrails.

主要功能

Practical authentication bypass patterns for security validation
Multi-database support for MySQL, MSSQL, PostgreSQL, and Oracle
Automated information schema extraction and database fingerprinting
Advanced filter bypass strategies using encoding and whitespace manipulation
Comprehensive detection techniques for in-band, blind, and time-based SQLi
2,883 GitHub stars

使用场景

Security penetration testing and vulnerability assessments
Validating web application input sanitization and WAF effectiveness
Educational demonstrations of database exploitation and defense techniques

关于

主要功能

Practical authentication bypass patterns for security validation
Multi-database support for MySQL, MSSQL, PostgreSQL, and Oracle
Automated information schema extraction and database fingerprinting
Advanced filter bypass strategies using encoding and whitespace manipulation
Comprehensive detection techniques for in-band, blind, and time-based SQLi
2,883 GitHub stars

使用场景

Security penetration testing and vulnerability assessments
Validating web application input sanitization and WAF effectiveness
Educational demonstrations of database exploitation and defense techniques