Home / Series / Chaos Communication Congress / Aired Order / Season 36 / Episode 45

SELECT code_execution FROM * USING SQLite;

(--Gaining code execution using a malicious SQLite database) SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language. Using our innovative techniques of Query Hijacking and Query Oriented Programming, we proved it is possible to reliably exploit memory corruptions issues in the SQLite engine. We demonstrate these techniques a couple of real-world scenarios: pwning a password stealer backend server, and achieving iOS persistency with higher privileges.

English
  • Originally Aired December 27, 2019
  • Runtime 60 minutes
  • Production Code 10701
  • Created December 27, 2019 by
    Administrator admin
  • Modified December 27, 2019 by
    Administrator admin