killchain-compendium/Exploits/Databases/ORM.md

Object Relational Model (ORM)

Direct user input through the ORM may contain vulnerabilities we can exploit. There are vulnerabilities similar to raw SQL queries, when not validating and sanitizing properly.

During static code analysis, check the following vulnerable methods.

The payload is essentially the same as in pure SQL injections.

Python Django

extra()
raw ()

Node.js Sequelize

sequelize.query()

PHP Eloquent ORM

whereRaw()
DB::raw()

Ruby on Rails Active Record

where("name = '#{input}'")

Java Spring Hibernate

createQuery()

Identify the Framework in Use

Check the website's cookies and HTTP headers. Review the page source and see if you can find indicators like links and version numbers. Look for error messages sent as a response to the queries.