From 7aab4a3e695e857b266a82105a9cc66e85df505f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 21 Dec 2015 01:21:04 +0100 Subject: [PATCH] Updated Usage (markdown) --- Usage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Usage.md b/Usage.md index c5b1064ac..4f6789c71 100644 --- a/Usage.md +++ b/Usage.md @@ -878,7 +878,7 @@ If user is controlling a machine registered as a DNS domain server (e.g. domain Option: `--second-order` -Second-order SQL injection attack is an attack where result(s) of an injected payload in one vulnerable page is shown (reflected) at the other. Usually that's happening because of database storage of user provided input at the original vulnerable page. +Second-order SQL injection attack is an attack where result(s) of an injected payload in one vulnerable page is shown (reflected) at the other (e.g. frame). Usually that's happening because of database storage of user provided input at the original vulnerable page. You can manually tell sqlmap to test for this type of SQL injection by using option `--second-order` with the URL address of the web page where results are being shown.