Skip to content

Injection: SQL Injection (Oracle-Based)

Identifier: sql_injection_oracle_based

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

SQL injection detected using oracle-based techniques. This method detects SQL injection vulnerabilities by comparing responses between different payloads. An oracle-based approach uses error triggers to identify when SQL queries are being executed, then compares the response of a malicious payload with the original response. If the malicious payload produces the same response as the original (while an error trigger produces a different response), it indicates a potential SQL injection vulnerability. This technique is particularly useful when error messages are suppressed or when blind SQL injection is present.

Configuration

Example

Example configuration:

---
security_tests:
  sql_injection_oracle_based:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.