Have fun injecting SQL into a Ruby on Rails application!
The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
These are sample Rails applications for demonstrating many ways SQL can be injected in Rails.
Clone the repo:
git clone https://github.com/presidentbeef/inject-some-sql.git
Pick either Rails 5, Rails 4 or Rails 3. They each have their own subdirectory.
In the subdirectory, install dependences and set up the database:
bundle install rake db:setup db:seed
Typical Rails start:
Open up localhost:3000 in a browser.
It's easy to mess up a database with SQL injection. The server does attempt to reset the database after each query, but that isn't foolproof.
To completely reset:
rake db:drop db:migrate db:seed
The site lists a whole bunch of ActiveRecord queries.
Each query has input for a single parameter (although some queries may actually have more than one). A sample injection is provided. Clicking "Run!" will run the query shown.
All queries are generated from
This code is made available under the MIT license.