{"skill":{"slug":"bookforge-sql-injection-detection-and-exploitation","displayName":"Sql Injection Detection And Exploitation","summary":"Perform a complete SQL injection assessment chain — from initial detection through full data extraction — against web applications. Use this skill whenever:...","tags":{"appsec":"1.0.0","blind-sqli":"1.0.0","bookforge":"1.0.0","boolean-based":"1.0.0","cwe-564":"1.0.0","cwe-89":"1.0.0","cwe-943":"1.0.0","database-fingerprinting":"1.0.0","filter-bypass":"1.0.0","latest":"1.0.0","ldap-injection":"1.0.0","nosql-injection":"1.0.0","os-command-execution":"1.0.0","owasp":"1.0.0","parameterized-queries":"1.0.0","penetration-testing":"1.0.0","second-order-injection":"1.0.0","sql-injection":"1.0.0","sqli":"1.0.0","time-based":"1.0.0","union-based":"1.0.0","xpath-injection":"1.0.0"},"stats":{"comments":0,"downloads":28,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777463017420,"updatedAt":1777464408111},"latestVersion":{"version":"1.0.0","createdAt":1777463017420,"changelog":"Initial release providing a comprehensive, manual SQL injection assessment workflow\n\n- Covers complete SQL injection testing: detection, fingerprinting, exploitation (UNION-based, blind), filter bypass, and privilege escalation paths.\n- Applies to web applications using relational databases (MS-SQL, MySQL, Oracle, PostgreSQL), with notes on related injection types (NoSQL, XPath, LDAP).\n- Supports both black-box (HTTP traffic review) and white-box (source code/ORM/stored procedure) testing scenarios.\n- Includes mapping to OWASP, CWE categories, and provides detailed discovery tasks and process documentation.\n- Audience: penetration testers, appsec engineers, and security-minded developers with intermediate knowledge.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"quochungto","userId":"s176b6gfk8djgcz320d83ta4e184bx1v","displayName":"Hung Quoc To","image":"https://avatars.githubusercontent.com/u/88069966?v=4"},"moderation":null}