Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

security.test_sqli

Test web applications for SQL injection vulnerabilities by analyzing target URLs and parameters to identify security weaknesses.

Instructions

Test for SQL injection vulnerabilities

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
urlYesTarget URL
paramNoParameter name to testid

Implementation Reference

  • src/tools/security.ts:138-263 (handler)
    The handler function that implements the 'security.test_sqli' tool. It first checks for sqlmap and uses it if available, otherwise falls back to manual SQLi payload testing with error and time-based detection. Saves findings and test results to database.
    async ({ url, param = 'id' }: any): Promise<ToolResult> => { try { // Try sqlmap first if available const sqlmapExists = await runCommand('which', ['sqlmap']).then(() => true).catch(() => false); if (sqlmapExists) { try { const result = await runCommand('sqlmap', [ '-u', url, '-p', param, '--batch', '--risk=1', '--level=1', '--timeout=10', ], 60000); const vulnerable = result.stdout.includes('is vulnerable') || result.stdout.includes('injection'); if (vulnerable) { await saveFinding({ target: url, type: 'SQL Injection', severity: 'critical', description: `SQL injection vulnerability detected in parameter: ${param}`, payload: `sqlmap -u ${url} -p ${param}`, response: result.stdout.substring(0, 1000), timestamp: new Date(), score: 10, }); } return formatToolResult(true, { tool: 'sqlmap', vulnerable, output: result.stdout, }); } catch (e) { // Fall through to manual testing } } // Manual testing fallback const payloads = [ "' OR '1'='1", "' AND SLEEP(5)-- ", "1' UNION SELECT NULL--", "admin'--", ]; const results: SecurityTestResult[] = []; const startTime = Date.now(); for (const payload of payloads) { try { const testStart = Date.now(); const response = await axios.get(url, { params: { [param]: payload }, timeout: 20000, validateStatus: () => true, }); const testDuration = Date.now() - testStart; const body = typeof response.data === 'string' ? response.data : JSON.stringify(response.data); const errorIndicators = [ 'sql syntax', 'mysql', 'postgresql', 'ora-', 'sqlite', 'database error', ]; const hasError = errorIndicators.some((indicator) => body.toLowerCase().includes(indicator) ); const isTimeBased = payload.includes('SLEEP') && testDuration > 4000; const result: SecurityTestResult = { payload, response: { status: response.status, duration: testDuration, hasError, isTimeBased, }, }; if (hasError || isTimeBased) { result.vulnerability = 'SQL Injection'; result.severity = 'critical'; await saveFinding({ target: url, type: 'SQL Injection', severity: 'critical', description: `Potential SQL injection - error indicators or time-based delay detected`, payload, response: body.substring(0, 1000), timestamp: new Date(), score: 10, }); } results.push(result); } catch (error: any) { results.push({ payload, error: error.message, }); } } const sqliScore = results.some((r: any) => r.vulnerable) ? 9 : 4; await saveTestResult(url, 'sqli_test', true, { results }, undefined, sqliScore, param, JSON.stringify(results)); return formatToolResult(true, { results, summary: { totalTests: payloads.length, potentialVulns: results.filter((r) => r.vulnerability).length, }, }); } catch (error: any) { await saveTestResult(url, 'sqli_test', false, null, error.message, 0, param, undefined); return formatToolResult(false, null, error.message); } }
  • src/tools/security.ts:127-137 (schema)
    The input schema definition for the 'security.test_sqli' tool, specifying required 'url' and optional 'param'.
    { description: 'Test for SQL injection vulnerabilities', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Target URL' }, param: { type: 'string', description: 'Parameter name to test', default: 'id' }, }, required: ['url'], }, },
  • src/tools/security.ts:126-264 (registration)
    The registration of the 'security.test_sqli' tool using server.tool() within registerSecurityTools.
    'security.test_sqli', { description: 'Test for SQL injection vulnerabilities', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Target URL' }, param: { type: 'string', description: 'Parameter name to test', default: 'id' }, }, required: ['url'], }, }, async ({ url, param = 'id' }: any): Promise<ToolResult> => { try { // Try sqlmap first if available const sqlmapExists = await runCommand('which', ['sqlmap']).then(() => true).catch(() => false); if (sqlmapExists) { try { const result = await runCommand('sqlmap', [ '-u', url, '-p', param, '--batch', '--risk=1', '--level=1', '--timeout=10', ], 60000); const vulnerable = result.stdout.includes('is vulnerable') || result.stdout.includes('injection'); if (vulnerable) { await saveFinding({ target: url, type: 'SQL Injection', severity: 'critical', description: `SQL injection vulnerability detected in parameter: ${param}`, payload: `sqlmap -u ${url} -p ${param}`, response: result.stdout.substring(0, 1000), timestamp: new Date(), score: 10, }); } return formatToolResult(true, { tool: 'sqlmap', vulnerable, output: result.stdout, }); } catch (e) { // Fall through to manual testing } } // Manual testing fallback const payloads = [ "' OR '1'='1", "' AND SLEEP(5)-- ", "1' UNION SELECT NULL--", "admin'--", ]; const results: SecurityTestResult[] = []; const startTime = Date.now(); for (const payload of payloads) { try { const testStart = Date.now(); const response = await axios.get(url, { params: { [param]: payload }, timeout: 20000, validateStatus: () => true, }); const testDuration = Date.now() - testStart; const body = typeof response.data === 'string' ? response.data : JSON.stringify(response.data); const errorIndicators = [ 'sql syntax', 'mysql', 'postgresql', 'ora-', 'sqlite', 'database error', ]; const hasError = errorIndicators.some((indicator) => body.toLowerCase().includes(indicator) ); const isTimeBased = payload.includes('SLEEP') && testDuration > 4000; const result: SecurityTestResult = { payload, response: { status: response.status, duration: testDuration, hasError, isTimeBased, }, }; if (hasError || isTimeBased) { result.vulnerability = 'SQL Injection'; result.severity = 'critical'; await saveFinding({ target: url, type: 'SQL Injection', severity: 'critical', description: `Potential SQL injection - error indicators or time-based delay detected`, payload, response: body.substring(0, 1000), timestamp: new Date(), score: 10, }); } results.push(result); } catch (error: any) { results.push({ payload, error: error.message, }); } } const sqliScore = results.some((r: any) => r.vulnerable) ? 9 : 4; await saveTestResult(url, 'sqli_test', true, { results }, undefined, sqliScore, param, JSON.stringify(results)); return formatToolResult(true, { results, summary: { totalTests: payloads.length, potentialVulns: results.filter((r) => r.vulnerability).length, }, }); } catch (error: any) { await saveTestResult(url, 'sqli_test', false, null, error.message, 0, param, undefined); return formatToolResult(false, null, error.message); } } );

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server