SQL Injection Testing

SQL Injection Testing - Comprehensive Testing Skills for Database Injection Vulnerabilities

Skills Overview

SQL Injection Testing is a comprehensive skill designed specifically for web application security testing. It provides systematic methods for detecting, exploiting, and validating SQL injection vulnerabilities, covering injection attack techniques for major database systems such as MySQL, MSSQL, PostgreSQL, and Oracle.

Applicable Scenarios

1. Web Application Penetration Testing

In authorized security assessment projects, use this skill to perform comprehensive SQL injection vulnerability scanning on target websites, including testing for multiple injection points such as URL parameters, form inputs, cookie values, and HTTP headers. It helps identify potential database security risks.

2. Vulnerability Validation and PoC Development

When a suspected SQL injection vulnerability is found, use this skill for validation testing: generate proof-of-concept (PoC) code to confirm exploitability and assess the vulnerability’s severity and security risk level.

3. Secure Development and Defense Research

Developers and security researchers can use this skill to understand the principles of SQL injection attacks and bypass techniques, enabling them to design more effective input validation and parameterized query solutions to improve an application’s database security.

Core Features

1. Multi-Dimensional Vulnerability Detection

Provides a complete SQL injection detection workflow, including basic error-based injection testing, UNION-based query injection, boolean-based blind injection, time-based blind injection, and out-of-band (OOB) data exfiltration techniques—tailored to different application environments and discovery needs.

2. Bypass Filtering Techniques

Includes a built-in library of WAF/IPS bypass tips, covering multiple methods such as character encoding bypasses (URL encoding, Unicode, hexadecimal), whitespace substitution, and keyword obfuscation, helping to deal with protections of modern web application firewalls.

3. Database Fingerprinting and Information Extraction

Supports automated database type identification. Provides dedicated injection payloads and information-extraction statements for different database systems (MySQL, MSSQL, PostgreSQL, Oracle), which can be used to obtain sensitive information such as database versions, table structures, and field contents.

Frequently Asked Questions

What prerequisites are needed for SQL injection testing?

To perform SQL injection testing, you must first obtain explicit written authorization and define the testing scope and target parameters. On the technical side, prepare Burp Suite or similar proxy tools for request interception and modification. It is recommended to install SQLMap for automated testing. Testers should have basic knowledge of SQL syntax, understand the HTTP protocol, and be familiar with query structures for different database systems.

How to handle WAF blocking of injection requests?

If a web application firewall blocks common injection payloads, you can try various bypass techniques: use double URL encoding or Unicode encoding to replace special characters, split keywords using inline comments (/**/), obfuscate sensitive terms via case variations, or use hexadecimal strings to represent text content. This skill provides a complete reference library of bypass methods.

How can blind injection vulnerabilities be detected efficiently?

Blind injection is divided into boolean-based blind and time-based blind types. For detection, first use payloads such as AND 1=1 / AND 1=2 to observe response differences and confirm boolean-based blind injection. For time-based blind injection, use database delay functions (e.g., MySQL’s SLEEP(), MSSQL’s WAITFOR DELAY) and observe changes in response time. After confirming the vulnerability, you can extract database content character by character. It is recommended to use automated tools to improve efficiency.