From 13bec54bcdf202cd1d389003e6a7078512ddbca7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 15 Sep 2016 17:35:34 +0200 Subject: [PATCH] Updated Usage (markdown) --- Usage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Usage.md b/Usage.md index 8ac4d3a15..61e628c40 100644 --- a/Usage.md +++ b/Usage.md @@ -726,7 +726,7 @@ For instance, to skip testing for HTTP header `User-Agent` and HTTP header `Refe #### URI injection point -There are special cases when injection point is within the URI itself. sqlmap does not perform any automatic test against URI paths, unless manually pointed to. You have to specify these injection points in the command line by appending an asterisk (`*`) after each URI point that you want sqlmap to test for and exploit a SQL injection. +There are special cases when injection point is within the URI itself. sqlmap does not perform any automatic test against URI paths, unless manually pointed to. You have to specify these injection points in the command line by appending an asterisk (`*`) (Note: Havij style `%INJECT HERE%` is also supported) after each URI point that you want sqlmap to test for and exploit a SQL injection. This is particularly useful when, for instance, Apache web server's [mod_rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) module is in use or other similar technologies. @@ -738,7 +738,7 @@ $ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/" #### Arbitrary injection point -Similar to URI injection point, asterisk (`*`) can also be used to point to the arbitrary injection point inside GET, POST or HTTP headers. Injection point can be specified by marking it inside the GET parameter value(s) provided with option `-u`, POST parameter value(s) provided with option `--data`, HTTP header value(s) provided with options `-H`, `--headers`, `--user-agent`, `--referer` and/or `--cookie`, or at generic place inside HTTP request loaded from file with option `-r`. +Similar to URI injection point, asterisk (`*`) (Note: Havij style `%INJECT HERE%` is also supported) can also be used to point to the arbitrary injection point inside GET, POST or HTTP headers. Injection point can be specified by marking it inside the GET parameter value(s) provided with option `-u`, POST parameter value(s) provided with option `--data`, HTTP header value(s) provided with options `-H`, `--headers`, `--user-agent`, `--referer` and/or `--cookie`, or at generic place inside HTTP request loaded from file with option `-r`. An example of valid command line would be: