mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
minor corrections to the definition and minor typos
This commit is contained in:
parent
cfc1f2b70b
commit
699cb89711
|
@ -211,13 +211,13 @@ For each HTTP response, by making a comparison between the HTTP response
|
||||||
time with the original request, the tool inference the output of
|
time with the original request, the tool inference the output of
|
||||||
the injected statement character by character. Like for boolean-based
|
the injected statement character by character. Like for boolean-based
|
||||||
technique, the bisection algorithm is applied.
|
technique, the bisection algorithm is applied.
|
||||||
<item><bf>Error-based SQL injection</bf>: sqlmap replaces or append to the
|
<item><bf>Error-based SQL injection</bf>: sqlmap replaces or appends to
|
||||||
affected parameter a database-specific syntatically wrong statement and
|
the affected parameter a database-specific error message provoking statement
|
||||||
parses the HTTP response headers and body in search of DBMS error messages
|
and parses the HTTP response headers and body in search of DBMS error messages
|
||||||
containing the injected pre-defined chain of characters and the statement
|
containing the injected pre-defined chain of characters and the subquery
|
||||||
output within. This technique works when the web application has been
|
statement output within. This technique works only when the web application
|
||||||
configured to disclose back-end database management system error messages
|
has been configured to disclose back-end database management system error
|
||||||
only.
|
messages.
|
||||||
<item><bf>UNION query SQL injection</bf>, also known as <bf>inband SQL
|
<item><bf>UNION query SQL injection</bf>, also known as <bf>inband SQL
|
||||||
injection</bf>: sqlmap appends to the affected parameter a syntatically
|
injection</bf>: sqlmap appends to the affected parameter a syntatically
|
||||||
valid SQL statement string starting with a <tt>UNION ALL SELECT</tt>.
|
valid SQL statement string starting with a <tt>UNION ALL SELECT</tt>.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user