Skip to content

Injection: SQL Injection (Oracle-Based)¶

Identifier: sql_injection_oracle_based

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

SQL injection vulnerabilities can be detected using oracle-based techniques that compare responses between different payloads to identify when SQL queries are executed.

How we test: We inject SQL injection payloads using oracle-based techniques that compare responses between malicious payloads and error triggers. We analyze response differences to detect if SQL queries are executed, which is particularly effective when error messages are suppressed or blind SQL injection is present.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  sql_injection_oracle_based:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.