SQLite is one in every of per chance the most deployed device within the arena. Nonetheless, from a security perspective, it has ultimate been examined throughout the slender lens of WebSQL and browser exploitation. We deem that right here is engrossing the tip of the iceberg.
In our prolonged race examine, we experimented with the exploitation of memory corruption problems internal SQLite with out relying on any ambiance as opposed to the SQL language. The utilization of our innovative techniques of Inquire Hijacking and Inquire Oriented Programming, we proved it is feasible to reliably exploit memory corruptions problems within the SQLite engine. We instruct these techniques just a few staunch-world eventualities: pwning a password stealer backend server, and reaching iOS persistency with better privileges.
Each person is conscious of that databases are the crown jewels from a hacker’s point of gaze, but what whilst you are going to also use a database as the hacking tool itself? We came across that merely querying a malicious SQLite database – can lead to Far away Code Execution. We aged undocumented SQLite3 habits and memory corruption vulnerabilities to take serve of the assumption that querying a database is gain.
How? We created a rogue SQLite database that exploits the device aged to starting up it.Exploring ultimate just a number of the possibilities this gifts we’ll pwn password stealer backends whereas they parse credentials recordsdata and build iOS persistency by changing its Contacts database…
The panorama is never at all times the truth is-ending (Hint: Did someone train Home windows 10 0-day?). That is amazingly unpleasant since SQLite3 is now almost built-in to any standard device.
In our talk we moreover discuss the SQLite internals and our original plot for abusing them. We needed to assemble our have confidence ROP chain technique the use of nothing but SQL CREATE statements. We aged JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It be a original world of the use of the acquainted Structured Inquire Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption problems in database engines.
These recordsdata comprise loads of languages.
This Talk changed into once translated into loads of languages. The recordsdata on hand
for download comprise all languages as separate audio-tracks. Most
desktop video players can mean it is most likely you’ll per chance per chance own between them.
Please learn about for “audio tracks” in your desktop video participant.