Re: [sqlmap-users] new test
Brought to you by:
inquisb
From: Miroslav S. <mir...@gm...> - 2014-01-21 14:49:38
|
It should be detected as "stacked" in your case (using timing attack - not dropping tables). Which DBMS are we talking here about and which OS is it running on (e.g. MySQL on Linux)? Bye On Tue, Jan 21, 2014 at 3:43 PM, l.g. <ibo...@go...> wrote: > Miroslav Stampar <miroslav.stampar@...> writes: > > > > > > > So you made a "DROP TABLE" payload :)) > > I am not sure if this is a joke or for real?! > > > > Kind regards, > > Miroslav Stampar > > > > I just made a really simple vulnerable test webapplication with a datagrid > bound to a table and a textbox where the the user types strings to populate > the table; I verified that if I manually enter c'); DROP TABLE [testTable] > - > - into the textbox the table is actually dropped. I think Sqlmap is able to > detect such a vulnerability with a proper extension of payloads.xml. Am I > wrong? > > > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |