killchain-compendium/Exploits/Databases/ORM.md

# Object Relational Model (ORM)

Direct user input through the ORM may contain vulnerabilities we can exploit.
There are vulnerabilities similar to raw SQL queries, when not validating and
sanitizing properly.

During static code analysis, check the following vulnerable methods.

The payload is essentially the same as in pure SQL injections.

**Python Django**

```python
extra()
raw ()
```

**Node.js Sequelize**

```javascript
sequelize.query()
```

**PHP Eloquent ORM**

```PHP
whereRaw()
DB::raw()
```

**Ruby on Rails Active Record**

```ruby
where("name = '#{input}'")
```

**Java Spring Hibernate**

```Java
createQuery()
```

## Identify the Framework in Use

Check the website's cookies and HTTP headers. Review the page source and see if
you can find indicators like links and version numbers. Look for error messages
sent as a response to the queries.
sql injections through orm 2024-07-02 21:06:40 +02:00			`# Object Relational Model (ORM)`

			`Direct user input through the ORM may contain vulnerabilities we can exploit.`
			`There are vulnerabilities similar to raw SQL queries, when not validating and`
			`sanitizing properly.`

			`During static code analysis, check the following vulnerable methods.`

			`The payload is essentially the same as in pure SQL injections.`

			`Python Django`

			```python
			`extra()`
			`raw ()`
			```

			`Node.js Sequelize`

			```javascript
			`sequelize.query()`
			```

			`PHP Eloquent ORM`

			```PHP
			`whereRaw()`
			`DB::raw()`
			```

			`Ruby on Rails Active Record`

			```ruby
			`where("name = '#{input}'")`
			```

			`Java Spring Hibernate`

			```Java
			`createQuery()`
			```

			`## Identify the Framework in Use`

			`Check the website's cookies and HTTP headers. Review the page source and see if`
			`you can find indicators like links and version numbers. Look for error messages`
			`sent as a response to the queries.`