
Now get a load of QOP
DEF CON At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution.
In a technical summary provided to The Register ahead of their presentation, Check Point's Omer Gull sets out how he and his colleague Omri Herscovici developed techniques referred to as Query Hijacking and Query Oriented Programming, in order to execute malicious code on a system.
Query Oriented Programming is similar in a way to return oriented programming in that it relies on assembling malicious code from blocks of CPU instructions in a program's RAM.
The difference is that QOP is done with SQL queries.
SQLite is built into all sorts of things, from web browsers to embedded devices to Android, Windows, iOS, various BSDs, and commercial software.