sql-injection-testing

This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.

Stars444

Forks137

UpdatedFebruary 11, 2026 at 08:53

name	SQL Injection Testing
description	This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
metadata	{"author":"zebbern","version":"4.1.0-fractal"}

SQL Injection Testing

Purpose

Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and validate input sanitization mechanisms. This skill enables systematic detection and exploitation of SQL injection vulnerabilities across in-band, blind, and out-of-band attack vectors to assess application security posture.

Inputs / Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Access

2. Technical Requirements

3. Legal Prerequisites

4. Primary Outputs

14. Operational Boundaries

15. Technical Limitations

21. UNION Injection Fails

22. WAF Blocking Requests

23. Payload Not Executing

24. Time-Based Injection Inconsistent

name	SQL Injection Testing
description	This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
metadata	{"author":"zebbern","version":"4.1.0-fractal"}

sql-injection-testing

SQL Injection Testing

Purpose

Inputs / Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Access

2. Technical Requirements

3. Legal Prerequisites

4. Primary Outputs

5. Evidence Artifacts

6. Phase 1: Detection and Reconnaissance

7. Phase 2: Exploitation Techniques

8. Phase 3: Authentication Bypass

9. Phase 4: Filter Bypass Techniques

10. Detection Test Sequence

11. Database Fingerprinting

12. Information Schema Queries

13. Common Payloads Quick List

14. Operational Boundaries

15. Technical Limitations

16. Legal and Ethical Requirements

17. Example 1: E-commerce Product Page SQLi

18. Example 2: Blind Time-Based Extraction

19. Example 3: Login Bypass

20. No Error Messages Displayed

21. UNION Injection Fails

22. WAF Blocking Requests

23. Payload Not Executing

24. Time-Based Injection Inconsistent

More from this repository

SQL Injection Testing

Purpose

Inputs / Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Access

2. Technical Requirements

3. Legal Prerequisites

4. Primary Outputs

5. Evidence Artifacts

6. Phase 1: Detection and Reconnaissance

7. Phase 2: Exploitation Techniques

8. Phase 3: Authentication Bypass

9. Phase 4: Filter Bypass Techniques

10. Detection Test Sequence

11. Database Fingerprinting

12. Information Schema Queries

13. Common Payloads Quick List

14. Operational Boundaries

15. Technical Limitations

16. Legal and Ethical Requirements

17. Example 1: E-commerce Product Page SQLi

18. Example 2: Blind Time-Based Extraction

19. Example 3: Login Bypass

20. No Error Messages Displayed

21. UNION Injection Fails

22. WAF Blocking Requests

23. Payload Not Executing

24. Time-Based Injection Inconsistent

More from this repository