• Stars
    star
    244
  • Rank 165,885 (Top 4 %)
  • Language
    Ruby
  • License
    MIT License
  • Created almost 12 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Have fun injecting SQL into a Ruby on Rails application!

Inject Some SQL

These are sample Rails applications for demonstrating many ways SQL can be injected in Rails.

Setup

Clone the repo:

git clone https://github.com/presidentbeef/inject-some-sql.git

Pick either Rails 5, Rails 4 or Rails 3. They each have their own subdirectory.

cd inject-some-sql/rails5

In the subdirectory, install dependences and set up the database:

bundle install
rake db:setup db:seed

Run

Typical Rails start:

rails s

Open up localhost:3000 in a browser.

Reset Database

It's easy to mess up a database with SQL injection. The server does attempt to reset the database after each query, but that isn't foolproof.

To completely reset:

rake db:drop db:migrate db:seed

Inject SQL!

The site lists a whole bunch of ActiveRecord queries.

Each query has input for a single parameter (although some queries may actually have more than one). A sample injection is provided. Clicking "Run!" will run the query shown.

Adding/Modifying Queries

All queries are generated from app/models/queries.rb.

Limitations

  • This is a single player game because the SQL query is stored in a global variable.

License

This code is made available under the MIT license.

More Repositories

1

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications
Ruby
6,729
star
2

brat

Brat is a little language for people who don't like to be told what to do.
C
88
star
3

github-auto-locker

Automatically lock old, closed GitHub issues
Ruby
29
star
4

kams

Kams is a Ruby MUD server which can be used to create and run online text-based worlds.
Ruby
16
star
5

the_little_streamer

A little Sinatra application to stream your music
Ruby
14
star
6

dumb-numb-set

A dumb set for positive integers
Ruby
8
star
7

brakeman-site

Website for Brakeman
JavaScript
6
star
8

ffi-gdbm

gdbm library using Ruby-FFI, particularly for JRuby
Ruby
6
star
9

brakeman-jenkins-plugin

A Brakeman plugin for the Hudson/Jenkins continuous integration tool
Java
6
star
10

fll-site

Source for the Fledgling Languages List
HTML
5
star
11

worst-forums-ever

Demo code for showing web vulnerabilities
Ruby
4
star
12

neko_tutorial

A tutorial for using the Neko programming language
3
star
13

dino_jump

Jumping dino game for small humans
Ruby
3
star
14

brat-gtk

Brat library to use gtk-server
Lua
2
star
15

twitter-journal

Use Twitter as a journal frontend
Ruby
2
star
16

done_log

Dumb daily log keeping
Ruby
2
star
17

devseccon

Ruby
2
star
18

personal-site

CSS
2
star
19

breakman

Did you mean "brakeman"?
Ruby
2
star
20

ruby2brat

Convert Ruby source into Brat
Ruby
2
star
21

rails-security-history

History of security in the Ruby on Rails web framework
Ruby
2
star
22

melon

Application communication paradigm for MANETs (PhD project)
Ruby
2
star
23

brat-doc

Simple documentation generation for Brat
2
star
24

jruby-realpath-error

Ruby
1
star
25

resume

My resume
1
star
26

bratpack

Silly web framework for Brat
1
star
27

my_ocean

Some scripts for managing Digital Ocean droplets
Ruby
1
star
28

sqwee

[OLD AND BUSTED] Sqwee was a simple, single-user, wiki-like web "engine" for quickly creating and editing webpages.
C
1
star
29

github-reminder

Automatic reminders about GitHub issues that need attention
Ruby
1
star
30

not-galaga

LΓ–VE Galaga-type clone
Lua
1
star
31

presidentbeef.github.com

Blog
HTML
1
star
32

advent_of_code_2019

Advent of Code 2019 - Pony
Pony
1
star
33

vim-color

Take care of outputting syntax highlighting from Vim
Ruby
1
star
34

try-brat

A little place to try Brat online
CSS
1
star
35

arduino_stuff

Place to keep my sketches
Arduino
1
star
36

ruby_crypto_examples

Examples of cryptography operations using Ruby's standard library.
Ruby
1
star