Re: [sqlmap-users] new test

Tue, 21 Jan 2014 06:49:21 -0800 

You're not wrong in that it is possible to create such payloads, but you do
realize how absolutely ridiculous and dangerous this is outside of your
test system, right?  You'd like the tool to start destroying whole tables
at a time, in an automated fashion, just to see if there's a SQLi flaw?!  I
can't think of a single use case where this would be even close to a good
idea.  In fact, it's horrifying.


On 21 January 2014 14:43, l.g. <ibozoo...@googlemail.com> wrote:

> Miroslav Stampar <miroslav.stampar@...> writes:
>
> >
> >
> > So you made a "DROP TABLE" payload :))
> > I am not sure if this is a joke or for real?!
> >
> > Kind regards,
> > Miroslav Stampar
> >
>
> I just made a really simple vulnerable test webapplication with a datagrid
> bound to a table and a textbox where the the user types strings to populate
> the table; I verified that if I manually enter c'); DROP TABLE [testTable]
> -
> - into the textbox the table is actually dropped. I think Sqlmap is able to
> detect such a vulnerability with a proper extension of payloads.xml. Am I
> wrong?
>
>
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to