injection

Skill

Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.

Files46
  • @skills/injection/SKILL.md
  • @skills/injection/reference/INDEX.md
  • @skills/injection/reference/injection-principles.md
  • @skills/injection/reference/ldap-injection-quickstart.md
  • @skills/injection/reference/nosql-injection-advanced.md
  • @skills/injection/reference/nosql-injection-cheat-sheet.md
  • @skills/injection/reference/nosql-injection-quickstart.md
  • @skills/injection/reference/nosql-injection-resources.md
  • @skills/injection/reference/os-command-injection-cheat-sheet.md
  • @skills/injection/reference/os-command-injection-quickstart.md
  • @skills/injection/reference/scenarios/code-injection/bash-symbolic-only-bypass.md
  • @skills/injection/reference/scenarios/code-injection/php-preg-replace-e-modifier.md
  • @skills/injection/reference/scenarios/code-injection/python-eval-format-string.md
  • @skills/injection/reference/scenarios/nosql/cassandra-cql.md
  • @skills/injection/reference/scenarios/nosql/elasticsearch-script-injection.md
  • @skills/injection/reference/scenarios/nosql/mongo-aggregation-pipeline.md
  • @skills/injection/reference/scenarios/nosql/mongo-operator-injection.md
  • @skills/injection/reference/scenarios/nosql/mongo-syntax-injection.md
  • @skills/injection/reference/scenarios/nosql/mongo-type-confusion.md
  • @skills/injection/reference/scenarios/nosql/mongo-where-jsinjection.md
  • @skills/injection/reference/scenarios/nosql/redis-ssrf-gopher.md
  • @skills/injection/reference/scenarios/sql/auth-bypass.md
  • @skills/injection/reference/scenarios/sql/boolean-blind.md
  • @skills/injection/reference/scenarios/sql/error-based.md
  • @skills/injection/reference/scenarios/sql/header-injection.md
  • @skills/injection/reference/scenarios/sql/out-of-band.md
  • @skills/injection/reference/scenarios/sql/per-dbms-mssql.md
  • @skills/injection/reference/scenarios/sql/per-dbms-mysql.md
  • @skills/injection/reference/scenarios/sql/per-dbms-oracle.md
  • @skills/injection/reference/scenarios/sql/per-dbms-postgres.md
  • @skills/injection/reference/scenarios/sql/second-order.md
  • @skills/injection/reference/scenarios/sql/stacked-queries.md
  • @skills/injection/reference/scenarios/sql/time-based-blind.md
  • @skills/injection/reference/scenarios/sql/union-based.md
  • @skills/injection/reference/scenarios/sql/waf-bypass.md
  • @skills/injection/reference/scenarios/sql/where-clause-filter-bypass.md
  • @skills/injection/reference/scenarios/ssti/double-render-quote-free-bypass.md
  • @skills/injection/reference/sql-injection-advanced.md
  • @skills/injection/reference/sql-injection-quickstart.md
  • @skills/injection/reference/ssti-advanced.md
  • @skills/injection/reference/ssti-cheat-sheet.md
  • @skills/injection/reference/ssti-quickstart.md
  • @skills/injection/reference/ssti-resources.md
  • @skills/injection/reference/xpath-injection-quickstart.md
  • @skills/injection/reference/xxe-cheat-sheet.md
  • @skills/injection/reference/xxe-quickstart.md

Injection

Test for injection vulnerabilities across all input vectors. Covers SQL, NoSQL, Command, SSTI, XXE, and LDAP injection.

Techniques

TypeKey Vectors
SQL InjectionIn-band (union, error), Blind (boolean, time), Out-of-band
NoSQL InjectionOperator injection, JavaScript injection, aggregation pipeline
Command InjectionOS command separators, blind techniques, out-of-band
SSTITemplate engine detection, sandbox escape, RCE chains
XXEEntity expansion, SSRF via XXE, blind XXE, parameter entities
LDAP/XPathFilter manipulation, authentication bypass

Workflow

  1. Identify injection points (parameters, headers, cookies, JSON fields)
  2. Detect injection type with minimal probes
  3. Exploit with context-appropriate payloads
  4. Escalate (data extraction, RCE, file read)
  5. Capture evidence and write PoC

Reference

  • reference/sql-injection*.md - SQL injection techniques
  • reference/nosql-injection*.md - NoSQL injection techniques
  • reference/os-command-injection*.md - OS command injection
  • reference/ssti*.md - Server-side template injection
  • reference/xxe*.md - XML external entity injection
  • reference/ldap-injection-quickstart.md - LDAP filter injection: detection, auth bypass, blind boolean extraction via (description=PREFIX*) chaining
  • reference/xpath-injection-quickstart.md - XPath injection (CWE-643): lxml/Java/Node sinks, ' or '1'='1' or 'a'='b boolean oracle, blind char-by-char extraction recipe
injection — Kortix Marketplace | Kortix