SQL Injection — Offensive Testing Methodology

Quick Workflow

1. Map all input vectors that reach the database (URL params, POST body, cookies, headers, API filters, WebSocket messages)
2. Insert probe payloads to detect classic SQLi; fall back to inferential (boolean/time-based) if no visible error
3. Identify database type and enumerate schema
4. Exploit to extract data, escalate privileges, or achieve RCE where in scope
5. Document findings and suggest remediation

Detection

Basic Probes — All Input Vectors