cybernetic
← library

Test SQL injection exploits

offensive-sqliskillsetup L22,144
SnailSploit/Claude-Red
What it does

Exploit SQL injection in login and data APIs

Best for

Bug bounty exploitation of SQL injection on login and export endpoints

Inputs
  • · target_endpoint (login, search, export)
  • · sqli_payload (union, boolean blind, time blind)
Outputs
  • · data_exfiltrated (user table, admin accounts)
  • · rce_via_xp_cmdshell (if SQL Server)
Requires
  • · HTTP client (curl, Burp)
  • · sqlmap or manual payloads
  • · SQLi cheat sheets
Preconditions

SQL injection endpoint confirmed, database type identified, permission to test

Failure modes
  • · WAF blocks common payloads
  • · Blind SQLi requires OOB (out-of-band) channel
  • · Rate limiting blocks fuzz attempts
  • · Prepared statements silently present
Trust signals
  • · UNION-based, boolean blind, time blind, and error-based payloads documented
  • · Example data exfiltration queries
  • · Covers both MySQL and SQL Server variants