Explore the world of SQLite exploitation in this 47-minute conference talk from the 36th Chaos Communication Congress. Delve into innovative techniques like Query Hijacking and Query Oriented Programming to achieve code execution using malicious SQLite databases. Learn how to exploit memory corruption vulnerabilities within the SQLite engine using only SQL language, without relying on external environments. Discover real-world attack scenarios, including compromising password stealer backend servers and achieving iOS persistence with elevated privileges. Gain insights into SQLite internals, novel ROP chain techniques using SQL CREATE statements, and the use of JOIN statements for Heap Spray. Understand the potential security implications of SQLite's widespread deployment and the importance of treating database queries with caution. Follow along as the speakers demonstrate their findings, discuss SQLite internals, and explore the foundations for leveraging memory corruption issues in database engines. Read more