Injecting SQLite database based application

Posted on Posted in Hacker News, Paper

SQL Injection AKA mother of hacking is one of the notorious and well known vulnerability which has caused lots of damage to cyber world. Researchers has published lots of stuff on different-2 exploitation techniques for different-2 SQL servers.

For MSSQL, MySQL and ORACLE database, SQL Injection payloads are in bulk and one can exploit SQL Injection vulnerability in web application if any of these database is used as backend DB.

SQLite is not that much known and hence payloads to exploit SQL Injection vulnerability in web application which is using SQLite as backend is not easy task. One need to study SQLite functionality to build their own payloads.

So in this paper I am going to discuss about 2 techniques of SQL Injection exploitation if database is SQLite.

  1. Union based SQL Injection (numeric as well as string based)
  2. Blind SQL Injection

Quelle: PacketStorm