diff --git a/doc/README.sgml b/doc/README.sgml index fb6b4f053..f60bd9762 100644 --- a/doc/README.sgml +++ b/doc/README.sgml @@ -211,13 +211,13 @@ For each HTTP response, by making a comparison between the HTTP response time with the original request, the tool inference the output of the injected statement character by character. Like for boolean-based technique, the bisection algorithm is applied. -Error-based SQL injection: sqlmap replaces or append to the -affected parameter a database-specific syntatically wrong statement and -parses the HTTP response headers and body in search of DBMS error messages -containing the injected pre-defined chain of characters and the statement -output within. This technique works when the web application has been -configured to disclose back-end database management system error messages -only. +Error-based SQL injection: sqlmap replaces or appends to +the affected parameter a database-specific error message provoking statement +and parses the HTTP response headers and body in search of DBMS error messages +containing the injected pre-defined chain of characters and the subquery +statement output within. This technique works only when the web application +has been configured to disclose back-end database management system error +messages. UNION query SQL injection, also known as inband SQL injection: sqlmap appends to the affected parameter a syntatically valid SQL statement string starting with a UNION ALL SELECT.