| Feature / Area | Requirement | Capability Unlocked | Risk | Notes |
|---|---|---|---|---|
| DB Enumeration | Any SQL execution | List tables, schema, triggers, views | ✔ | Central recon: WHERE and WHAT |
| File Enumeration | Knowledge of DB file path | Locate DB, backups, WAL | ✔ | SQLite = file-based |
| ATTACH Abuse | Read access to filesystem | Read arbitrary files | ❌ | Popular SQLite SQLi escalation |
| load_extension() RCE | load_extension pragma enabled | Load .so/.dll → OS command execution | ❌ | Full RCE if extension loading allowed |
| Write Primitives | Writable directory + SQLi | Overwrite DB, drop webshell if path known | ❌ | Rare but possible in misconfigurations |
| Full DB Dump | Basic SELECT | Extract everything | ✔ | SQLite has no permissions separation |
RED TEAM / SQL / SQLITE