From a5459ae4470fe5ca9a2b5b7cef2e73b8287015f0 Mon Sep 17 00:00:00 2001
From: gurkenhabicht <info@intheopen.org>
Date: Tue, 2 Jul 2024 21:06:40 +0200
Subject: [PATCH] sql injections through orm

---
 Exploits/Databases/ORM.md | 49 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 Exploits/Databases/ORM.md

diff --git a/Exploits/Databases/ORM.md b/Exploits/Databases/ORM.md
new file mode 100644
index 0000000..0938742
--- /dev/null
+++ b/Exploits/Databases/ORM.md
@@ -0,0 +1,49 @@
+# Object Relational Model (ORM)
+
+Direct user input through the ORM may contain vulnerabilities we can exploit.
+There are vulnerabilities similar to raw SQL queries, when not validating and
+sanitizing properly.
+
+During static code analysis, check the following vulnerable methods.
+
+The payload is essentially the same as in pure SQL injections.
+
+**Python Django**
+
+```python
+extra()
+raw ()
+```
+
+**Node.js Sequelize**
+
+```javascript
+sequelize.query()
+```
+
+**PHP Eloquent ORM**
+
+```PHP
+whereRaw()
+DB::raw()
+```
+
+**Ruby on Rails Active Record**
+
+```ruby
+where("name = '#{input}'")
+```
+
+**Java Spring Hibernate**
+
+```Java
+createQuery()
+```
+
+## Identify the Framework in Use
+
+Check the website's cookies and HTTP headers. Review the page source and see if
+you can find indicators like links and version numbers. Look for error messages
+sent as a response to the queries.
+
+