exploiting-sql-injection-vulnerabilities

Featured

Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests using manual techniques and automated tools like sqlmap. The tester detects injection points through error-based, union-based, blind boolean, and time-based blind techniques across all major database engines (MySQL, PostgreSQL, MSSQL, Oracle) to demonstrate data extraction, authentication bypass, and potential remote code execution. Activates for requests involving SQL injection testing, SQLi exploitation, database security assessment, or injection vulnerability verification.

API & Backend 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Exploiting SQL Injection Vulnerabilities ## When to Use - Testing web application input parameters for SQL injection vulnerabilities during an authorized penetration test - Validating that parameterized queries and input sanitization are properly implemented across all database interactions - Demonstrating the business impact of a confirmed SQL injection vulnerability by extracting sensitive data - Verifying that WAF rules and input validation controls effectively block SQL injection payloads - Testing stored procedures, dynamic SQL, and ORM bypass scenarios in enterprise applications **Do not use** against databases without written authorization, for extracting or exfiltrating actual customer data beyond what is needed for proof of concept, or against production databases where exploitation could corrupt data integrity. ## Prerequisites - Written authorization specifying the target application and permissible level of exploitation (detection only vs. full exploitation) - Burp Suite Professional configured as an intercepting proxy to capture and modify HTTP requests - sqlmap installed with current version for automated detection and exploitation - Knowledge of the target database engine (MySQL, PostgreSQL, MSSQL, Oracle) or ability to fingerprint it - Test accounts at various privilege levels to test injection in authenticated contexts ## Workflow ### Step 1: Injection Point Discovery Identify parameters that interact with the database: - **Map all input vectors**:...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

PostgreSQL · Database MySQL · Database

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

exploiting-sql-injection-with-sqlmap

Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.

12,642 Updated today
mukul975
API & Backend Solid

webapp-sqlmap

Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in authorized assessments, (2) Exploiting SQL injection flaws to demonstrate impact, (3) Extracting database information for security validation, (4) Bypassing authentication mechanisms through SQL injection, (5) Identifying vulnerable parameters in web requests, (6) Automating database enumeration and data extraction.

335 Updated today
aiskillstore
Testing & QA Featured

sql-injection-testing

Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and validate input sanitization mechanisms.

39,227 Updated today
sickn33
API & Backend Solid

sql-injection-testing

This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.

4,215 Updated today
zebbern
Testing & QA Solid

sql-injection-testing

This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.

27,681 Updated today
davila7