Railsbin – The vulnerable pastebin service!

User:

Title: sadasd

Content:

params[:user] = "') or (SELECT 1 AS one FROM 'orders' WHERE total > 100 AND ''='"
User.exists? ["name = '#{params[:user]}'"]

Edit | Back