ORM Injection

Jr Web Application Pentesting > Injection Attacks > ORM Injection

Task 1

Introduction

1. I am ready to start the room.

No answer needed

Task 2

Undestanding ORM

1. What is the default ORM for Ruby on Rails applications?

Active Record

2. Which of the following is NOT a feature of ORM?

a) Reducing boilerplate code
b) Increasing productivity
c) Increase attack surface due to direct interface with the database
d) Ensuring consistency

c

Task 3

How ORM works

1. What is the method used in our Laravel code snippet to define the structure of the users table?

up()

2. What is the file name usually used to store database credentials in Laravel?

.env

Task 4

Identify ORM Injection

1. What is the path in the DOCUMENT_ROOT variable?

C:\Users\Administrator\Downloads\orminjection\public

2. What is the ORM library for the Spring framework? (The one mentioned in this task)

Hibernate

3. Once you have reviewed the cookies to identify the ORM, what is the cookie’s name that is responsible for maintaining the session in the attached application?

laravel_session

Task 5

ORM Injection - Weak Implementation

1. What email is associated with the name Jane Doe?

jane@thm.com

2. What is the name of the vulnerable Eloquent method that is used in this task?

whereRaw()

3. What is the flag value after submitting the payload in the secure input field?

THM{SECURED_001}

Task 6

ORM Injection - Vulnerable Implementation

1. What is the total number of rows in the users table?

5

2. What is the password for the email john@thm.com?

THM{101}

Task 7

Best Practices

1. Is it a good practice to write raw SQL queries in ORM? (yea/nay)

nay

2. Which side should input validation be carried out? Write the correct option only.

a) Client
b) Server
c) Both Server and Client
d) None

c

Task 8

Conclusion

1. I have successfully completed the room.

No answer needed