From 606debe55c2a8c9c112059ab4a35d68d1a268e09 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 23 Aug 2011 21:42:34 +0000 Subject: [PATCH] better language --- doc/README.sgml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/README.sgml b/doc/README.sgml index f60bd9762..6172950b7 100644 --- a/doc/README.sgml +++ b/doc/README.sgml @@ -220,21 +220,21 @@ has been configured to disclose back-end database management system error messages. UNION query SQL injection, also known as inband SQL injection: sqlmap appends to the affected parameter a syntatically -valid SQL statement string starting with a UNION ALL SELECT. -This techique works when the web application page passes the output of the -SELECT statement within a for cycle, or similar, so that -each line of the query output is printed on the page content. +valid SQL statement starting with an UNION ALL SELECT. +This techique works when the web application page passes directly the output +of the SELECT statement within a for loop, or similar, so +that each line of the query output is printed on the page content. sqlmap is also able to exploit partial (single entry) UNION query SQL injection vulnerabilities which occur when the output of the -statement is not cycled in a for construct whereas only the first +statement is not cycled in a for construct, whereas only the first entry of the query output is displayed. Stacked queries SQL injection, also known as multiple statements SQL injection: sqlmap tests if the web application supports -stacked queries then, in case it does support, it appends to the affected +stacked queries and then, in case it does support, it appends to the affected parameter in the HTTP request, a semi-colon (;) followed by the SQL statement to be executed. This technique is useful to run SQL -statements other than SELECT like, for instance, data -definition or data manipulation statements possibly leading +statements other than SELECT, like for instance, data +definition or data manipulation statements, possibly leading to file system read and write access and operating system command execution depending on the underlying back-end database management system and the session user privileges.