SQL Injection (SQLi) Scanner

​

Overview

SQLS (SQLSCANNER) is a powerful tool that employs five distinct techniques to identify Full and Blind (Time-based & Out-of-Band) SQL injection vulnerabilities. Powered by SQLMap, it offers comprehensive coverage for detecting CWE-89 issues.

SQL injection is typically classified as a high-severity vulnerability due to its potential for unauthorized data access, modification, or deletion, which can severely impact the target system’s integrity and confidentiality.

​

Usage Examples

You can specify a list of target URLs for SQLS to check for SQL Injection vulnerabilities. Optionally, you may configure any settings you’d like. Afterward, simply click on Scan to launch your scan.

Shortly after your scan has been launched, you will be redirected to the page to view your pending scan.

​

Scanner settings

This scanner accepts the following optional parameters:

​

Scan mode

To help you quickly scan targets with a pre-set configuration, we’ve decided to introduce Scan Modes. The following 3 scan modes are available:

Quick

The Quick Scan Mode provides basic SQL injection detection capabilities, such as Time-based & Error-based SQL injections only. This scan mode is also the fastest scan configuration.

Default

The Default Scan Mode provides SQL injection detection capabilities for the most common SQL injection types, such as Time-based, Boolean-based & Error-based SQL injections.

Advanced

The Advanced Scan Mode provides SQL injection detection capabilities for all SQL injection types, such as Time-based, Boolean-based, Error-based, Union Query-based, Out-of-Band (Blind) & Stacked Query SQL injections SQL injections.

​

Capabilities

SQLS is an powerful SQL Injection (SQLi) scanner equipped with the following capabilities:

​

Limitations

There are currently no limitations reported for SQLS.

​

Best Practices

We recommend you to follow the best practices that we’ve outlined in detail.