Jeremiah
Reputation: 751
jdbc sqlite support allowmultiquery
I would like to demonstrate SQL injection using Java and sqlite. I'm attempting to execute two queries at the same time with SQL injection. The user is to prematurely end the statement using ;, then add another entry using an insert statement.
Mysql JDBC using allowMultiQueries=true in the connection string.
How can I do this using sqllite?
TIA
Upvotes: 0
Views: 956
Answers (1)
CL.
Reputation: 180162
allowMultiQueries as a MySQL-specific connection parameter.
I do not know of any SQLite JDBC driver that would allow multiple commands in one query. Therefore, this kind of SQL injection attack is not possible. Your best bet would be to construct some query like this:
SELECT * FROM Users WHERE Name = 'admin'--' AND Password = 'whatever'
or this:
SELECT *
FROM Users
WHERE Name = 'admin'
AND Password = 'whatever' or Name='admin'
Upvotes: 2
Related Questions
- android sqlite query with multiple where
- Multiple SQL Statements in Java (with ?allowMultiQueries=true)
- Satisfying SQLite constraint with Java JDBC queries
- JDBC & Microsoft SQL Server / How to set AllowMultipleQueries
- Multi arguments query in sqlite
- Android Sql. Query single coloumn, multiple values
- SQLite Database query for multiple table
- Setting multiple Selections args in SQLite database query
- Multiple where clause in sqlite3 in Android
- SQLiteQueryBuilder multiple selection