Re: [sqlmap-users] new test

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Miroslav Stampar <miroslav.stampar@...> writes:

> 
> 
> So you made a "DROP TABLE" payload :))
> I am not sure if this is a joke or for real?!
> 
> Kind regards,
> Miroslav Stampar
> 

I just made a really simple vulnerable test webapplication with a datagrid 
bound to a table and a textbox where the the user types strings to populate 
the table; I verified that if I manually enter c'); DROP TABLE [testTable] -
- into the textbox the table is actually dropped. I think Sqlmap is able to 
detect such a vulnerability with a proper extension of payloads.xml. Am I 
wrong?