presidentbeef/inject-some-sql

Stars
244
Rank 165,885 (Top 4 %)
Language
Ruby
License
MIT License
Created almost 12 years ago
Updated over 1 year ago

presidentbeef/inject-some-sql

presidentbeef

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Have fun injecting SQL into a Ruby on Rails application!

Inject Some SQL

These are sample Rails applications for demonstrating many ways SQL can be injected in Rails.

Setup

Clone the repo:

git clone https://github.com/presidentbeef/inject-some-sql.git

Pick either Rails 5, Rails 4 or Rails 3. They each have their own subdirectory.

cd inject-some-sql/rails5

In the subdirectory, install dependences and set up the database:

bundle install
rake db:setup db:seed

Run

Typical Rails start:

rails s

Open up localhost:3000 in a browser.

Reset Database

It's easy to mess up a database with SQL injection. The server does attempt to reset the database after each query, but that isn't foolproof.

To completely reset:

rake db:drop db:migrate db:seed

Inject SQL!

The site lists a whole bunch of ActiveRecord queries.

Each query has input for a single parameter (although some queries may actually have more than one). A sample injection is provided. Clicking "Run!" will run the query shown.

Adding/Modifying Queries

All queries are generated from app/models/queries.rb.

Limitations

This is a single player game because the SQL query is stored in a global variable.

License

This code is made available under the MIT license.

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

brat

Brat is a little language for people who don't like to be told what to do.

github-auto-locker

Automatically lock old, closed GitHub issues

kams

Kams is a Ruby MUD server which can be used to create and run online text-based worlds.

the_little_streamer

A little Sinatra application to stream your music

dumb-numb-set

A dumb set for positive integers

brakeman-site

Website for Brakeman

ffi-gdbm

gdbm library using Ruby-FFI, particularly for JRuby

brakeman-jenkins-plugin

A Brakeman plugin for the Hudson/Jenkins continuous integration tool

fll-site

Source for the Fledgling Languages List

worst-forums-ever

Demo code for showing web vulnerabilities

neko_tutorial

A tutorial for using the Neko programming language

dino_jump

Jumping dino game for small humans

brat-gtk

Brat library to use gtk-server

twitter-journal

Use Twitter as a journal frontend

done_log

Dumb daily log keeping

devseccon

personal-site

breakman

Did you mean "brakeman"?

ruby2brat

Convert Ruby source into Brat

rails-security-history

History of security in the Ruby on Rails web framework

melon

Application communication paradigm for MANETs (PhD project)

brat-doc

Simple documentation generation for Brat

jruby-realpath-error

resume

bratpack

Silly web framework for Brat

my_ocean

Some scripts for managing Digital Ocean droplets

sqwee

[OLD AND BUSTED] Sqwee was a simple, single-user, wiki-like web "engine" for quickly creating and editing webpages.

github-reminder

Automatic reminders about GitHub issues that need attention

not-galaga

LÖVE Galaga-type clone

presidentbeef.github.com

advent_of_code_2019

Advent of Code 2019 - Pony

vim-color

Take care of outputting syntax highlighting from Vim

try-brat

A little place to try Brat online

arduino_stuff

Place to keep my sketches

ruby_crypto_examples

Examples of cryptography operations using Ruby's standard library.