When using sqlmap, I have the following:
sqlmap got a 302 redirect to 'http://localhost/sqlmap/index.php'. Do you want to follow? [Y/n] y
I understand that my POST response is redirecting to index.php. The next question is:
redirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] y
But I don't understand what resending the origin data to a new location mean.
Can anyone help?
Basically it's resending your POST data to the new location (redirect) found. Let's say your POST data is:
data = {
"username": "example",
"password": "example"
}
And you're sending it to http://example.com/php?login=True
if the site redirects you to http://example.com/php?login=False
it will resend the data to that link, so in a nutshell, sqlmap is going to retry the login credentials on the new link it's been redirected to.
Edited for confusion (see comments)
POST:
In computing, POST is a request method supported by the HTTP protocol used by the World Wide Web. By design, the POST request method requests that a web server accept the data enclosed in the body of the request message, most likely for storing it. It is often used when uploading a file or when submitting a completed web form.
Reference: https://en.m.wikipedia.org/wiki/POST_(HTTP)
GET:
GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.
Reference: What is the difference between POST and GET?