Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Haskell

Go

Groovy

Java

Erlang

Dart

Objective-C

Elixir

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Groovy

Julia

Nix

Racket

Ruby

MATLAB

Clojure

Zig

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇭🇺 Hungary

🇭🇳 Honduras

🇧🇴 Bolivia

🇱🇷 Liberia

🇭🇹 Haiti

🇹🇼 Taiwan

🇩🇯 Djibouti

🇷🇪 Réunion

All Countries Compare Countries

presidentbeef/inject-some-sql

Stars
244
Rank 165,885 (Top 4 %)
Language
Ruby
License
MIT License
Created almost 12 years ago
Updated over 1 year ago

presidentbeef/inject-some-sql

presidentbeef

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Have fun injecting SQL into a Ruby on Rails application!

Inject Some SQL

These are sample Rails applications for demonstrating many ways SQL can be injected in Rails.

Setup

Clone the repo:

git clone https://github.com/presidentbeef/inject-some-sql.git

Pick either Rails 5, Rails 4 or Rails 3. They each have their own subdirectory.

cd inject-some-sql/rails5

In the subdirectory, install dependences and set up the database:

bundle install
rake db:setup db:seed

Run

Typical Rails start:

rails s

Open up localhost:3000 in a browser.

Reset Database

It's easy to mess up a database with SQL injection. The server does attempt to reset the database after each query, but that isn't foolproof.

To completely reset:

rake db:drop db:migrate db:seed

Inject SQL!

The site lists a whole bunch of ActiveRecord queries.

Each query has input for a single parameter (although some queries may actually have more than one). A sample injection is provided. Clicking "Run!" will run the query shown.

Adding/Modifying Queries

All queries are generated from app/models/queries.rb.

Limitations

This is a single player game because the SQL query is stored in a global variable.

License

This code is made available under the MIT license.

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

brat

Brat is a little language for people who don't like to be told what to do.

github-auto-locker

Automatically lock old, closed GitHub issues

kams

Kams is a Ruby MUD server which can be used to create and run online text-based worlds.

the_little_streamer

A little Sinatra application to stream your music

dumb-numb-set

A dumb set for positive integers

brakeman-site

Website for Brakeman

ffi-gdbm

gdbm library using Ruby-FFI, particularly for JRuby

brakeman-jenkins-plugin

A Brakeman plugin for the Hudson/Jenkins continuous integration tool

fll-site

Source for the Fledgling Languages List

worst-forums-ever

Demo code for showing web vulnerabilities

neko_tutorial

A tutorial for using the Neko programming language

dino_jump

Jumping dino game for small humans

brat-gtk

Brat library to use gtk-server

twitter-journal

Use Twitter as a journal frontend

done_log

Dumb daily log keeping

devseccon

personal-site

breakman

Did you mean "brakeman"?

ruby2brat

Convert Ruby source into Brat

rails-security-history

History of security in the Ruby on Rails web framework

melon

Application communication paradigm for MANETs (PhD project)

brat-doc

Simple documentation generation for Brat

jruby-realpath-error

resume

bratpack

Silly web framework for Brat

my_ocean

Some scripts for managing Digital Ocean droplets

sqwee

[OLD AND BUSTED] Sqwee was a simple, single-user, wiki-like web "engine" for quickly creating and editing webpages.

github-reminder

Automatic reminders about GitHub issues that need attention

not-galaga

LÖVE Galaga-type clone

presidentbeef.github.com

advent_of_code_2019

Advent of Code 2019 - Pony

vim-color

Take care of outputting syntax highlighting from Vim

try-brat

A little place to try Brat online

arduino_stuff

Place to keep my sketches

ruby_crypto_examples

Examples of cryptography operations using Ruby's standard library.