sql-injection-stacked
OfficialExploit SQL injection vulnerabilities.
Software Engineering#sql injection#penetration testing#command execution#stacked queries#second-order injection#database exploitation
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers exploit stacked query SQL injection and second-order injection vulnerabilities to gain unauthorized access, manipulate data, and execute commands on target systems.
Core Features & Use Cases
- Stacked Query Exploitation: Execute multiple SQL statements via semicolons for data manipulation, command execution (e.g.,
xp_cmdshell), and file operations across various database systems (MSSQL, PostgreSQL, Oracle). - Second-Order Injection: Exploit vulnerabilities where input is stored and later used unsafely in a different query context.
- Database Support: Provides specific payloads and techniques tailored for MSSQL, PostgreSQL, MySQL, and Oracle.
- Use Case: A penetration tester identifies a SQL injection vulnerability and uses this Skill to execute
xp_cmdshellon an MSSQL server to gain OS-level access, or to write a webshell to the server.
Quick Start
Use the sql-injection-stacked skill to attempt to execute 'whoami' on the target database.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sql-injection-stacked Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#sql-injection-stacked Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.