mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Fixes #2407
parent
8417b46274
commit
49292310d4
4
Usage.md
4
Usage.md
|
@ -630,7 +630,7 @@ Depending on parameter placement (e.g. GET) its value could be URL encoded by de
|
||||||
|
|
||||||
Options: `--csrf-token` and `--csrf-url`
|
Options: `--csrf-token` and `--csrf-url`
|
||||||
|
|
||||||
Lots of sites incorporate anti-CSRF protection in form of tokens, hidden field values that are randomly set during each page response. sqlmap will automatically try to recognize and bypass that kind of protection, but there are options `--csrf-token` and `--csrf-url` that can be used to furter fine tune it. Option `--csrf-token` can be used to set the name of the hidden value that contains the randomized token. This is useful in cases when web sites use non-standard names for such fields. Option `--csrf-url` can be used for retrieval of the token value from arbitrary URL address. This is useful if the vulnerable target URL doesn't contain the necessary token value in the first place, but it is required to extract it from some other location.
|
Lots of sites incorporate anti-CSRF protection in form of tokens, hidden field values that are randomly set during each page response. sqlmap will automatically try to recognize and bypass that kind of protection, but there are options `--csrf-token` and `--csrf-url` that can be used to further fine tune it. Option `--csrf-token` can be used to set the name of the hidden value that contains the randomized token. This is useful in cases when web sites use non-standard names for such fields. Option `--csrf-url` can be used for retrieval of the token value from arbitrary URL address. This is useful if the vulnerable target URL doesn't contain the necessary token value in the first place, but it is required to extract it from some other location.
|
||||||
|
|
||||||
### Force usage of SSL/HTTPS
|
### Force usage of SSL/HTTPS
|
||||||
|
|
||||||
|
@ -1039,7 +1039,7 @@ These options can be used to enumerate the back-end database management system i
|
||||||
|
|
||||||
Switch: `--all`
|
Switch: `--all`
|
||||||
|
|
||||||
This switch can be used in situations where user wants to retrieve everything remotelly accessible by using a single switch. This is not recommended as it will generate large number of requests retrieving both useful and unuseful data.
|
This switch can be used in situations where user wants to retrieve everything remotely accessible by using a single switch. This is not recommended as it will generate large number of requests retrieving both useful and unuseful data.
|
||||||
|
|
||||||
### Banner
|
### Banner
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user