Schema | SQL Injection MCP Server

SQL Injection MCP Server

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
No arguments

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": false }
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
scan_urlA	Scan a URL for SQL injection vulnerabilities in all detected parameters. Args: target_url: Target URL with query parameters to scan (e.g., http://example.com/page?id=1) method: HTTP method - GET or POST post_data: POST data as key=value pairs separated by & (e.g., username=admin&password=test) injection_types: Comma-separated injection types to test (error_based, time_based, boolean_based, union_based, blind) database_types: Comma-separated database types to test (mysql, mssql, postgresql, oracle, sqlite, generic) headers: Custom headers as key:value pairs separated by \| (e.g., X-Custom:value\|X-API-Key:abc123) cookies: Cookies as key=value pairs separated by ; (e.g., session=abc123;token=xyz) bearer_token: Bearer token for Authorization header proxy_url: Proxy URL for Burp Suite or other proxies (e.g., http://127.0.0.1:8080) verify_ssl: Verify SSL certificates (set to false when using proxy) waf_bypass: WAF bypass technique (none, url_encode, double_url_encode, hex_encode, unicode, case_swap, comment_injection) timeout: Request timeout in seconds delay_threshold: Delay threshold in seconds for time-based detection Returns: Scan results with vulnerabilities found
scan_get_parameterA	Test a specific GET parameter for SQL injection. Args: target_url: Target URL (e.g., http://example.com/page?id=1&name=test) parameter: Specific parameter name to test (e.g., id) injection_types: Comma-separated injection types to test database_types: Comma-separated database types to test headers: Custom headers as key:value pairs separated by \| cookies: Cookies as key=value pairs separated by ; bearer_token: Bearer token for Authorization header proxy_url: Proxy URL (e.g., http://127.0.0.1:8080 for Burp Suite) verify_ssl: Verify SSL certificates waf_bypass: WAF bypass technique Returns: Scan results for the specified parameter
scan_post_parameterA	Test a specific POST parameter for SQL injection. Args: target_url: Target URL post_data: POST body data as key=value pairs separated by & (e.g., username=admin&password=test) parameter: Specific parameter name in POST data to test injection_types: Comma-separated injection types to test database_types: Comma-separated database types to test headers: Custom headers as key:value pairs separated by \| cookies: Cookies as key=value pairs separated by ; bearer_token: Bearer token for Authorization header proxy_url: Proxy URL for Burp Suite or other proxies verify_ssl: Verify SSL certificates waf_bypass: WAF bypass technique Returns: Scan results for the specified POST parameter
test_payloadA	Test a specific SQL injection payload against a target. Args: target_url: Target URL payload: SQL injection payload to test parameter: Parameter to inject the payload into method: HTTP method (GET or POST) post_data: POST data if method is POST headers: Custom headers as key:value pairs separated by \| cookies: Cookies as key=value pairs separated by ; bearer_token: Bearer token for Authorization header proxy_url: Proxy URL for Burp Suite verify_ssl: Verify SSL certificates waf_bypass: WAF bypass technique to apply to payload Returns: Test result with response details
list_payloadsB	List available SQL injection payloads. Args: category: Filter by category (error_based, time_based, boolean_based, union_based, blind) database: Filter by database type (mysql, mssql, postgresql, oracle, sqlite, generic) limit: Maximum number of payloads to return Returns: List of available payloads with descriptions
load_custom_payloads_from_fileA	Load custom SQL injection payloads from a file. Args: file_path: Absolute path to the payload file (one payload per line) injection_type: Injection type for loaded payloads database_type: Database type for loaded payloads name: Name to cache the payloads under for later use Returns: Information about loaded payloads
get_waf_bypass_payloadsC	Get all WAF bypass variants of a payload. Args: payload: Original SQL injection payload Returns: Dictionary of bypass techniques and their encoded payloads
get_scan_resultB	Retrieve a previous scan result by ID. Args: scan_id: Scan ID from a previous scan Returns: Scan result details
scan_urls_batchA	Scan multiple URLs for SQL injection vulnerabilities in batch. Use quick_mode=True (default) for faster scans that won't timeout. Args: urls: Newline-separated list of URLs to scan method: HTTP method - GET or POST injection_types: Comma-separated injection types (default: error_based only in quick_mode) database_types: Comma-separated database types (default: generic,mysql in quick_mode) headers: Custom headers as key:value pairs separated by \| cookies: Cookies as key=value pairs separated by ; bearer_token: Bearer token for Authorization header proxy_url: Proxy URL for Burp Suite or other proxies verify_ssl: Verify SSL certificates waf_bypass: WAF bypass technique concurrency: Number of concurrent scans (1-10, default 3) timeout: Request timeout in seconds per URL (default 5) quick_mode: Use quick scan with fewer payloads (default True, recommended for many URLs) max_urls_per_batch: Max URLs to scan in one call (default 10, use continue_batch for more) Returns: Batch scan results. If more URLs remain, use continue_batch with the batch_id.
continue_batchA	Continue scanning remaining URLs from a previous batch. Use this when scan_urls_batch returns has_more=True. Args: batch_id: Batch ID from a previous scan_urls_batch call Returns: Next batch of scan results
scan_urls_from_fileB	Scan multiple URLs from a file for SQL injection vulnerabilities. Returns results in chunks to avoid timeouts. Use continue_batch to get more results. Args: file_path: Absolute path to file containing URLs (one URL per line) method: HTTP method - GET or POST injection_types: Comma-separated injection types to test database_types: Comma-separated database types to test headers: Custom headers as key:value pairs separated by \| cookies: Cookies as key=value pairs separated by ; bearer_token: Bearer token for Authorization header proxy_url: Proxy URL for Burp Suite or other proxies verify_ssl: Verify SSL certificates waf_bypass: WAF bypass technique concurrency: Number of concurrent scans (1-10, default 3) timeout: Request timeout in seconds per URL (default 5) quick_mode: Use quick scan with fewer payloads (default True) max_urls_per_batch: Max URLs to scan in one call (default 10) Returns: Batch scan results. If more URLs remain, use continue_batch with the batch_id.
get_batch_resultA	Retrieve a previous batch scan result by ID. Args: batch_id: Batch ID from a previous batch scan Returns: Batch scan result details
get_vulnerable_urlsB	Get only the vulnerable URLs from a batch scan. Args: batch_id: Batch ID from a previous batch scan Returns: List of vulnerable URLs with their scan details

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
`get_all_payloads_resource`	Get all available SQL injection payloads.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/vivashu27/SQLinjector_MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server