Skip to content

Injection: SQL Injection

Identifier: sql

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

SQL injection vulnerabilities occur when applications build SQL queries using untrusted user input without proper validation, allowing attackers to inject malicious SQL commands that can read or modify data, shut down the database, or gain system control.

How we test: We inject SQL injection payloads into request parameters and analyze responses to detect if SQL queries are executed. We test for various SQL injection techniques including union-based, error-based, blind, and time-based attacks, and check if user input is properly sanitized before being used in database queries.

Prerequisites:

  • The target must expose at least one request parameter that can be tested.
  • Active testing is skipped for unstable endpoints; passive SQL error detection can still run on observed responses.

Configuration

Example

Example configuration:

---
security_tests:
  sql:
    dedupe_query_params_by_name: true
    skip: false

Reference

dedupe_query_params_by_name

Type : boolean

When true, deduplicate fuzzing by parameter name across URLs. The same query param will be fuzzed only once across all URLs.

skip

Type : boolean

Skip the test if true.