File:36C3 - SELECT code execution FROM USING SQLite; - deutsche Übersetzung - YouTube.webm
Original file (WebM audio/video file, VP9/Opus, length 46 min 46 s, 1,920 × 1,080 pixels, 282 kbps overall, file size: 94.32 MB)
Captions
Captions
Summary
[edit]| Description |
English: https://media.ccc.de/v/36c3-10701-select_code_execution_from_using_sqlite
--Gaining code execution using a malicious SQLite database SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language. Using our innovative techniques of Query Hijacking and Query Oriented Programming, we proved it is possible to reliably exploit memory corruptions issues in the SQLite engine. We demonstrate these techniques a couple of real-world scenarios: pwning a password stealer backend server, and achieving iOS persistency with higher privileges. Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe. How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database… The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system. In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines. OmerGull https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10701.html Uploaded by PantheraLeo1359531. |
| Date | |
| Source | https://www.youtube.com/watch?v=xUZB-97KwAk |
| Author | media.ccc.de |
|
Although this work is freely licensed or in the public domain, the person(s) shown may have rights that legally restrict certain re-uses unless those depicted consent to such uses. In these cases, a model release or other evidence of consent could protect you from infringement claims. Though not obliged to do so, the uploader may be able to help you to obtain such evidence. See our general disclaimer for more information. |
Licensing
[edit].svg){kind=icon}
- You are free:
- to share – to copy, distribute and transmit the work
- to remix – to adapt the work
- Under the following conditions:
- attribution – You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
|
This file, which was originally posted to YouTube: 36C3 - SELECT code_execution FROM * USING SQLite; - deutsche Übersetzung, was reviewed on 12 February 2020 by the automatic software YouTubeReviewBot, which confirmed that this video was available there under the stated Creative Commons license on that date. This file should not be deleted if the license has changed in the meantime. The Creative Commons license is irrevocable.
The bot only checks for the license, human review is still required to check if the video is a derivative work, has freedom of panorama related issues and other copyright problems that might be present in the video. Visit licensing for more information. If you are a license reviewer, you can review this file by manually appending |
|
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 10:58, 29 December 2019 | 46 min 46 s, 1,920 × 1,080 (94.32 MB) | PantheraLeo1359531 (talk | contribs) | Imported media from uploads:4a5a17a6-2a28-11ea-88b7-0242c0a88a0b |
You cannot overwrite this file.
File usage on Commons
The following 2 pages use this file: