Minor improvement to use Python ConfigParser library when --save if specified.

Minor update to the user's manual

doc/README.html

@@ -215,19 +215,14 @@ This SQL injection technique is an alternative to the first one.</LI>
 statements support</B>: sqlmap tests if the web application supports
 stacked queries then, in case it does support, it appends to the affected
 parameter in the HTTP request, a semi-colon (<CODE>;</CODE>) followed by the
-SQL statement to be executed. This technique is useful if to run SQL
+SQL statement to be executed. This technique is useful to run SQL
 statements other than <CODE>SELECT</CODE> like, for instance, <EM>data
 definition</EM> or <EM>data manipulation</EM> statements possibly leading
 to file system read and write access and operating system command
-execution depending on the underlying back-end database management system.</LI>
+execution depending on the underlying back-end database management system
+and the session user privileges.</LI>
 </UL>
 </P>
-<P>It is strongly recommended to run at least once sqlmap with the
-<CODE>--union-test</CODE> option to test if the affected parameter is used
-within a <CODE>for</CODE> cycle, or similar, and in case use
-<CODE>--union-use</CODE> option to exploit this vulnerability because it
-saves a lot of time and it does not weight down the web server log file
-with hundreds of HTTP requests.</P>
 
 
 <H2><A NAME="s2">2.</A> <A HREF="#toc2">Features</A></H2>
@@ -2008,6 +2003,13 @@ affected by an inband SQL injection.
 In case this vulnerability is exploitable it is strongly recommended to
 use this technique which saves a lot of time.</P>
 
+<P>It is strongly recommended to run at least once sqlmap with the
+<CODE>--union-test</CODE> option to test if the affected parameter is used
+within a <CODE>for</CODE> cycle, or similar, and in case use
+<CODE>--union-use</CODE> option to exploit this vulnerability because it
+saves a lot of time and it does not weight down the web server log file
+with hundreds of HTTP requests.</P>
+
 
 <H3>Use the UNION query SQL injection</H3>
 

doc/README.sgml

@@ -172,20 +172,14 @@ This SQL injection technique is an alternative to the first one.
 statements support</bf>: sqlmap tests if the web application supports
 stacked queries then, in case it does support, it appends to the affected
 parameter in the HTTP request, a semi-colon (<tt>;</tt>) followed by the
-SQL statement to be executed. This technique is useful if to run SQL
+SQL statement to be executed. This technique is useful to run SQL
 statements other than <tt>SELECT</tt> like, for instance, <em>data
 definition</em> or <em>data manipulation</em> statements possibly leading
 to file system read and write access and operating system command
-execution depending on the underlying back-end database management system.
+execution depending on the underlying back-end database management system
+and the session user privileges.
 </itemize>
 
-It is strongly recommended to run at least once sqlmap with the
-<tt>--union-test</tt> option to test if the affected parameter is used
-within a <tt>for</tt> cycle, or similar, and in case use
-<tt>--union-use</tt> option to exploit this vulnerability because it
-saves a lot of time and it does not weight down the web server log file
-with hundreds of HTTP requests.
-
 
 <sect>Features
 
@@ -1939,6 +1933,14 @@ affected by an inband SQL injection.
 In case this vulnerability is exploitable it is strongly recommended to
 use this technique which saves a lot of time.
 
+<p>
+It is strongly recommended to run at least once sqlmap with the
+<tt>--union-test</tt> option to test if the affected parameter is used
+within a <tt>for</tt> cycle, or similar, and in case use
+<tt>--union-use</tt> option to exploit this vulnerability because it
+saves a lot of time and it does not weight down the web server log file
+with hundreds of HTTP requests.
+
 
 <sect2>Use the UNION query SQL injection