OpenCTI または OpenAEV プラットフォームを 30 日間お試しいただけます。 無料トライアル
XTM Hub by Filigranサインイン

SQLI Enumeration

Endpoint Security Validation
Detection Rule Validation

概要

Find SQLI on your websites

This scenario leverages the Nuclei injector 🧪 to perform SQL Injection (SQLi) assessments against web applications. It is designed to efficiently identify potential SQL injection vulnerabilities using automated enumeration techniques.

🎯 Target Configuration Options

The scenario supports three types of targets:

🧩 Asset / Asset Group When an asset or an asset group is specified, any discovered SQL injection or other vulnerabilities will be automatically associated with the corresponding asset.

✅ This provides better visibility, correlation, and tracking of vulnerabilities within the asset inventory.

✍️ Manual Target A manual target allows users to directly specify a URL without creating an asset beforehand. Example: http://testphp.vulnweb.com/artists.php?artist=2

🔍 The advantage of this approach is that the scan focuses on enumerating SQL injection vulnerabilities on a specific path and parameter. If a vulnerability is detected, it will be reported and surfaced accordingly.

🛠️ Detection Methodology

This scenario is based on Nuclei templates 📄 and currently performs:

⚠️ Error-based SQL Injection enumeration

⏱️ Time-based (blind) SQL Injection enumeration

The templates automatically test input parameters and analyze server responses to detect SQL injection behaviors.

⚙️ Customization & Extensibility

Although the scenario relies on existing Nuclei SQLi templates by default, it is fully customizable 🔧. Users can easily integrate custom Nuclei templates to adapt the assessment to specific applications or advanced testing needs.

🎯 Use Cases

This scenario is ideal for:

🔄 Automated SQLi discovery across managed assets

🎯 Targeted testing of specific URLs and parameters

🧠 Integrating findings into asset-centric vulnerability management workflows

基本情報

Filigran
Sébastien Miguel
2026年7月01日
2.0.12
70+
4

    当社は、XTM Hubの機能を動作させ、その利用状況を把握し、ユーザー体験を向上させるためにクッキーを使用しています。必須のクッキーは常に有効になっています。また、ユーザーの同意を得た上で、機能、パフォーマンス、分析、およびマーケティングを目的としたオプションのクッキーも使用しています。 すべてのクッキーを受け入れる、すべてを拒否する、または許可するオプションのクッキーを選択することができます。「クッキー設定」から、いつでも設定を変更できます。詳細については、当社のクッキーポリシーをご覧ください。