databases are deleted when owasp zap is run

[jakerm]

hi. i'd like to ask why my most of my databases are deleted, along with most tables in phpmyadmin db when i run owasp zap.

whether its automated scan or active scan.

p.s.: i only turn on apache and mysql when i'm not connected to internet.

win 10 32bit

zap 2.8.0

xampp-win32-7.3.2-0-VC15-installer.exe

xampp-portable-win32-7.3.2-0-VC15.zip

[kingthorin+owaspzap]

Well from phpmyadmin there’s functionality that drops tables/DBs. Then you run a tool against it that meant to exercise web app functionality.......

[jakerm]

i still don't get it how the databases gets deleted after running zap

[Peter Hauschulz]

As kingthorin said, phpmyadmin has a function used to delete database entries, tables, etc. 

When you run an active scan against it, you will see in the relevant tab that ZAP is sending a huge number of requests (both legitimate and manipulated) to find and test for vulnerabilities in your webapp (including phpmyadmin). Especially after proxying or spidering, it is most likely sending a few dozen variations of the droptable requests to your webapp.