Skip to content

Module 02 — SQL Injection Testing

Icon: 💾 Database   |   Colour: Red

Overview

Tests URL parameters, form fields, HTTP headers, and API endpoints for SQL injection vulnerabilities using multiple detection techniques.

How It Works

  1. Error-based injection — sends approximately 30 payloads and checks for database error signatures in responses.
  2. Boolean-blind injection — sends true/false pairs and compares response differences.
  3. Time-based blind injection — sends delay payloads (e.g. SLEEP(3)) and checks for response delays ≥ 2.5 seconds.
  4. Header-based injection — tests common HTTP headers (e.g. User-Agent, Referer, X-Forwarded-For).
  5. API endpoint testing — injects payloads into JSON request bodies sent to discovered API routes.

Expected Findings

Finding Severity
Error-based SQL Injection Critical
Time-based Blind SQL Injection Critical
Header SQL Injection Critical
API SQL Injection Critical
Possible Blind SQL Injection High