Reputation: 6855
SQLite - hex value to char or string
I'm writing a tool to exploit SQL Injections. I'm trying to add support to SQLite now and I'm facing a problem: if I need to insert a string but quotes are escaped in Mysql I can use 0x65..., or in Postgres CHR(65)||.... But in SQLite I can't find any way of doing this without using quotes.
Can anyone help me?
Thanks in advance
Upvotes: 2
Views: 3002
Answers (2)
Reputation: 4629
I don't believe there's a general solution. You may be able to assemble your string using parlor tricks if it contains the right characters. E.g., substr(quote(hex(0)),1,1) will return "'", upper(substr(typeof(cast(0 as text)),3,1)) will return "X", etc. I doubt you can get the whole alphabet this way, but it might be enough for whatever injection you're planning.
Upvotes: 2
Reputation: 15982
I don't know of an equivalent, however you can check the documentation to see if there is anything you can use:
http://www.sqlite.org/lang_corefunc.html
http://www.sqlite.org/lang_aggfunc.html
Upvotes: 0
Related Questions
- Opposite of HEX() in SQLite?
- Rearranging HEX string in SQL
- In SQLITE, How can I convert a hex value stored as a varchar in an integer column to it's integer equivilent?
- Which characters must be escaped to obtain a legal SQLite string literal?
- Concatenate Numbers in sqlite as text with a dash character
- Convert SQLite Blob to Hex to string
- Convert hex to text using SQLite
- Extracting data from hex string
- Encoding string in order to Insert SQLite
- How to insert a string in SQLite database without conversion?