Friday, 2 May 2014

SQLite information leak

Hi, I like SQLite database.
Why? because it made my day :)

Here is good example: Mail.RU wallet application.
It with SQLite database onboard:




HackappPro can do 3 tricks with an SQLite database:

  1. Identify it in App,
  2. Represent it as SQL dump,
  3. Extract pice of deleted data (if vacuum operation has not been performed).

Let's try an app:




Aha! Test account and two active corporate accounts! You could try to find a password here, but this leak has been reported and already patched.

This SQLite checker is only implemented in HackappPro engine, to get a free trial contact me at info@hackapp.com.

And don't forget to vacuum your database ;)




2 comments:


  1. Great Article I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because it becomes more and more interesting from the starting lines until the end. So Thank you for sharing a COOL Meaningful stuff with us Keep it up..!


    Datawarehousing Training in Chennai

    ReplyDelete


  2. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write.
    Thanks for sharing !
    tanki online 2 | 2048 game online

    ReplyDelete