> On Dec 18, 2018, at 2:13 PM, Richard Hipp <d...@sqlite.org> wrote: > > I am not aware of any other applications that deliberately run SQL > from anonymous sources
In applications that use SQLite databases as a file format, couldn’t a malicious document be created that uses a trigger to run SQL that triggers an exploit when the document/database is edited? In other words: 1. Mallory creates or obtains some innocuous document. 2. Mallory uses something like the ’sqlite3’ tool to open the database and execute a CREATE TRIGGER statement whose trigger SQL exploits a vulnerability to do something nasty like remote code execution. 3. Mallory passes the document to Alice. 4. Alice opens the document and makes a change that causes SQLite to update a table in a way that activates the trigger. 5. The malicious SQL runs in the application process on Alice’s computer and does its business. —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
