Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/ruby
- require 'active_record'
- ActiveRecord::Base.establish_connection(
- adapter: 'postgresql',
- database: 'pgservice_development',
- username: 'webuser',
- password: 'qwer',
- host: 'localhost',
- port: 5432
- )
- class User < ActiveRecord::Base
- end
- param = ARGV[0]
- sanitizedParam = ActiveRecord::Base::sanitize(ARGV[0])
- sanitizedQuery = "Sanitized Query: select * from login where userid=#{sanitizedParam}"
- query = "Normal query: select * from login where userid='#{param}'"
- puts sanitizedQuery
- puts query
- #Sample usage: ruby testSanitizer.rb "' or 1=1--"
- # => The above query returns first row of the table if not sanitized. By using ActiveRecord::Base.sanitize, this problem is prevented.
Add Comment
Please, Sign In to add comment