SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, documented http://research.checkpoint.com/select-code_execution-from-using-sqlite, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language.
QOP is our approach in implementing common pwning primitives using nothing but SQL queries. We want to share with the community in the hope of encouraging researchers to pursue the endless possibilities of database engines exploitation.
- The code is meant to be used for educational purposes only
- We are not encouraging any illegal activtiy
- The code is provided “as is” without any support