Owning SQLlite.

SQLlitemanager is a webapplication similar to PHPMyAdmin, and it's insecure. Among a standalone version, it is also bundled with the WAMP server package for Windows. The WAMP package contains multiple distro's like Apache and PHP for developing locally. Sure enough I couldn't resist. I got this peculiar neurosis to attack everything, and especially when it sits on my own PC. SQLlitemanager listens on 127.0.0.1 with predictable paths and without any tokens. And so it is vulnerable to CSRF and XSS through it. It is possible to automagically upload databases, drop them or cause other mayhem. Anything at your command. I made a simple pOc that fetches remote Javascript because I get bored easily writing impressive pOc's.

It is possible to trigger it remotely without any user interaction. You can also detect it remotely by fetching the logo, to see if someone has it installed. So annoying isn't it? :) *sigh* Yeah, I shouldn't whine when running a Windows box should I? ;)