Sometimes when hacking internet of sh1t devices, one obtains a sqlite injection primitive. This may be quite useful on its own, but sometimes, one might desire to create files using the sqli. When google searching for a way to do so the following example will be found on pretty much every web page on the subject i.e. https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/SQLite%20Injection/#attach-database
This is cool and good, but it has problems. For example, if you want to create a shell script instead of a php, asp, jsp, or something else with fancy code delimiters it falls flat. Check this out:
This sucks for 2 reasons. First, because it doesn’t work for shell scripts. Second, because it uses too many bytes to setup. When hacking internet of sh1t devices it’s common to have tight constraints on things like the payload size. Now what I’m about to share is by no means ground breaking, but THIS should be the defacto choice for file creation with sqlite injection.
ATTACH DATABASE '/tmp/pwn.sh' AS a;
CREATE VIEW a."`echo hacked you! > /tmp/win.txt; id >> /tmp/win.txt`" as select 1;
One more thing to keep in mind. Neither of these techniques can be used to overwrite existing files unless they are actually sqlite databases themselves. There’s one exception of course, and that is blank files. If there are existing, but empty, files on the filesystem you can still attach and write to them.
I want to credit my buddy @FabiusArtrel for showing this to me while we were doing some offensive research together.