Merge branch 'master' of github.com:sqlmapproject/sqlmap

2025-07-15 18:52:31 +03:00 · 2013-01-11 13:31:49 +00:00 · 2013-01-11 13:31:49 +00:00 · 675e4a026b
commit 675e4a026b
parent 41834e7a5b db91137eda
132 changed files with 359 additions and 322 deletions
--- a/_sqlmap.py
+++ b/_sqlmap.py
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@ -560,6 +560,7 @@ Kyprianos Vasilopoulos, <kyprianos.vasilopoulos@gmail.com>

 Vlado Velichkovski, <ketejadam@hotmail.com>
 * for reporting considerable amount of bugs
+* for suggesting an enhancement

 Johnny Venter, <johnny.venter@zoho.com>
 * for reporting a couple of bugs
--- a/extra/beep/init.py
+++ b/extra/beep/init.py
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@ -24,7 +24,7 @@ def beep():
            _linux_wav_play(BEEP_WAV_FILENAME)
        else:
            _speaker_beep()
-    except Exception:
+    except:
        _speaker_beep()

 def _speaker_beep():
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
--- a/extra/icmpsh/icmpsh_m.py
+++ b/extra/icmpsh/icmpsh_m.py
--- a/extra/safe2bin/README.txt
+++ b/extra/safe2bin/README.txt
--- a/extra/safe2bin/safe2bin.py
+++ b/extra/safe2bin/safe2bin.py
--- a/extra/shutils/pyflakes.sh
+++ b/extra/shutils/pyflakes.sh
--- a/extra/shutils/pylint.py
+++ b/extra/shutils/pylint.py
@ -18,7 +18,7 @@ def check(module):
    if module[-3:] == ".py":

        print "CHECKING ", module
-        pout = os.popen('pylint --rcfile=/dev/null %s'% module, 'r')
+        pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
        for line in pout:
            if  re.match("E....:.", line):
                print line
--- a/extra/sqlharvest/init.py
+++ b/extra/sqlharvest/init.py
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@ -56,7 +56,7 @@ def setHandler():
                  ("Firebird", FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
                  ("SAP MaxDB", MAXDB_ALIASES, MaxDBMap, MaxDBConn),
                  ("Sybase", SYBASE_ALIASES, SybaseMap, SybaseConn),
-                  ("IBM DB2", DB2_ALIASES, DB2Map, DB2Conn)
+                  ("IBM DB2", DB2_ALIASES, DB2Map, DB2Conn),
            ]

    _ = max(_ if (Backend.getIdentifiedDbms() or "").lower() in _[1] else None for _ in items)
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -223,7 +223,7 @@ class Agent(object):
        _ = (
                ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
                ("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
-                ("[HASH_REPLACE]", kb.chars.hash_)
+                ("[HASH_REPLACE]", kb.chars.hash_),
            )
        payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)

@ -376,7 +376,18 @@ class Agent(object):
            nulledCastedConcatFields = fields
        else:
            fields = fields.replace(", ", ',')
-            fieldsSplitted = fields.split(',')
+            commas = [0, len(fields)]
+            depth = 0
+            for index in xrange(len(fields)):
+                char = fields[index]
+                if char == '(':
+                    depth += 1
+                elif char == ')':
+                    depth -= 1
+                elif depth == 0 and char == ',':
+                    commas.append(index)
+            commas = sorted(commas)
+            fieldsSplitted = [fields[x:y] for (x, y) in zip(commas, commas[1:])]
            dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query
            nulledCastedFields = []

--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -20,7 +20,6 @@ import random
 import re
 import socket
 import string
-import struct
 import sys
 import tempfile
 import time
@ -1068,10 +1067,10 @@ def parseTargetUrl():
        conf.url = conf.url.replace('?', URI_QUESTION_MARKER)

    urlSplit = urlparse.urlsplit(conf.url)
-    hostnamePort = urlSplit[1].split(":") if not re.search("\[.+\]", urlSplit[1]) else filter(None, (re.search("\[.+\]", urlSplit[1]).group(0), re.search("\](:(?P<port>\d+))?", urlSplit[1]).group("port")))
+    hostnamePort = urlSplit.netloc.split(":") if not re.search("\[.+\]", urlSplit.netloc) else filter(None, (re.search("\[.+\]", urlSplit.netloc).group(0), re.search("\](:(?P<port>\d+))?", urlSplit.netloc).group("port")))

-    conf.scheme = urlSplit[0].strip().lower() if not conf.forceSSL else "https"
-    conf.path = urlSplit[2].strip()
+    conf.scheme = urlSplit.scheme.strip().lower() if not conf.forceSSL else "https"
+    conf.path = urlSplit.path.strip()
    conf.hostname = hostnamePort[0].strip()

    conf.ipv6 = conf.hostname != conf.hostname.strip("[]")
@ -1097,8 +1096,8 @@ def parseTargetUrl():
    else:
        conf.port = 80

-    if urlSplit[3]:
-        conf.parameters[PLACE.GET] = urldecode(urlSplit[3]) if urlSplit[3] and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in urlSplit[3] else urlSplit[3]
+    if urlSplit.query:
+        conf.parameters[PLACE.GET] = urldecode(urlSplit.query) if urlSplit.query and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in urlSplit.query else urlSplit.query

    conf.url = getUnicode("%s://%s:%d%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, conf.port, conf.path))
    conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')
@ -1490,7 +1489,7 @@ def getConsoleWidth(default=80):
    if os.getenv("COLUMNS", "").isdigit():
        width = int(os.getenv("COLUMNS"))
    else:
-        output=execute('stty size', shell=True, stdout=PIPE, stderr=PIPE).stdout.read()
+        output = execute("stty size", shell=True, stdout=PIPE, stderr=PIPE).stdout.read()
        items = output.split()

        if len(items) == 2 and items[1].isdigit():
@ -2979,7 +2978,7 @@ def isAdminFromPrivileges(privileges):
    # In Firebird there is no specific privilege that means
    # that the user is DBA
    # TODO: confirm
-    retVal |= (Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges)
+    retVal |= (Backend.isDbms(DBMS.FIREBIRD) and all(_ in privileges for _ in ("SELECT", "INSERT", "UPDATE", "DELETE", "REFERENCES", "EXECUTE")))

    return retVal

@ -3193,7 +3192,7 @@ def decodeHexValue(value):

    try:
        retVal = applyFunctionRecursively(value, _)
-    except Exception:
+    except:
        singleTimeWarnMessage("there was a problem decoding value '%s' from expected hexadecimal form" % value)

    return retVal
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@ -22,7 +22,7 @@ _defaults =  {
   "risk":         1,
   "dumpFormat":   "CSV",
   "tech":         "BEUSTQ",
-               "torType":      "HTTP"
+   "torType":      "HTTP",
 }

 defaults = AttribDict(_defaults)
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -34,7 +34,7 @@ FIREBIRD_TYPES = {
                    "12": "DATE",
                    "13": "TIME",
                    "35": "TIMESTAMP",
-                    "37": "VARCHAR"
+                    "37": "VARCHAR",
                }

 SYBASE_TYPES = {
@ -109,7 +109,7 @@ FIREBIRD_PRIVS = {
                    "U": "UPDATE",
                    "D": "DELETE",
                    "R": "REFERENCES",
-                    "E": "EXECUTE"
+                    "E": "EXECUTE",
                }

 DB2_PRIVS = {
@ -120,7 +120,7 @@ DB2_PRIVS = {
                    5: "INSERTAUTH",
                    6: "REFAUTH",
                    7: "SELECTAUTH",
-                    8: "UPDATEAUTH"
+                    8: "UPDATEAUTH",
           }

 DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}
@ -135,7 +135,7 @@ DBMS_DICT = {
                DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/"),
                DBMS.MAXDB: (MAXDB_ALIASES, None, None),
                DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"),
-                DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/")
+                DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/"),
            }

 FROM_DUMMY_TABLE = {
@ -143,7 +143,7 @@ FROM_DUMMY_TABLE = {
                        DBMS.ACCESS: " FROM MSysAccessObjects",
                        DBMS.FIREBIRD: " FROM RDB$DATABASE",
                        DBMS.MAXDB: " FROM VERSIONS",
-                        DBMS.DB2: " FROM SYSIBM.SYSDUMMY1"
+                        DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
                   }

 SQL_STATEMENTS = {
@ -199,7 +199,9 @@ POST_HINT_CONTENT_TYPES = {
                                POST_HINT.JSON: "application/json",
                                POST_HINT.MULTIPART: "multipart/form-data",
                                POST_HINT.SOAP: "application/soap+xml",
-                                POST_HINT.XML: "application/xml"
+                                POST_HINT.XML: "application/xml",
                          }

-DEPRECATED_HINTS = {"--replicate": "use '--dump-format=SQLITE' instead"}
+DEPRECATED_HINTS = {
+                        "--replicate": "use '--dump-format=SQLITE' instead",
+                   }
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@ -329,7 +329,6 @@ class Dump(object):
    def dbTableValues(self, tableValues):
        replication = None
        rtable = None
-        documentNode, tableNode, bodyNode, headNode, rowNode = (0,) * 5
        dumpFP = None

        if tableValues is None:
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -178,7 +178,7 @@ class PAYLOAD:
                        3: "UNION query",
                        4: "stacked queries",
                        5: "AND/OR time-based blind",
-                        6: "inline query"
+                        6: "inline query",
                   }

    PARAMETER = {
@ -186,14 +186,14 @@ class PAYLOAD:
                    2: "Single quoted string",
                    3: "LIKE single quoted string",
                    4: "Double quoted string",
-                    5: "LIKE double quoted string"
+                    5: "LIKE double quoted string",
                }

    RISK = {
                0: "No risk",
                1: "Low risk",
                2: "Medium risk",
-                3: "High risk"
+                3: "High risk",
           }

    CLAUSE = {
@ -205,7 +205,7 @@ class PAYLOAD:
                5: "OFFSET",
                6: "TOP",
                7: "Table name",
-                8: "Column name"
+                8: "Column name",
             }

    class METHOD:
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -353,6 +353,7 @@ def _loadQueries():
        class DictObject(object):
            def __init__(self):
                self.__dict__ = {}
+
            def __contains__(self, name):
                return name in self.__dict__

@ -638,7 +639,7 @@ def _setMetasploit():
                    _ = ConnectRegistry(None, HKEY_LOCAL_MACHINE)
                    _ = OpenKey(_, key)
                    retVal = QueryValueEx(_, value)[0]
-                except Exception:
+                except:
                    logger.debug("unable to identify Metasploit installation path via registry key")

                return retVal
@ -749,7 +750,7 @@ def _setOS():

 def _setTechnique():
    validTechniques = sorted(getPublicTypeMembers(PAYLOAD.TECHNIQUE), key=lambda x: x[1])
-    validLetters = map(lambda x: x[0][0].upper(), validTechniques)
+    validLetters = [_[0][0].upper() for _ in validTechniques]

    if conf.tech and isinstance(conf.tech, basestring):
        _ = []
@ -930,9 +931,9 @@ def _setHTTPProxy():
    logger.debug(debugMsg)

    proxySplit = urlparse.urlsplit(conf.proxy)
-    hostnamePort = proxySplit[1].split(":")
+    hostnamePort = proxySplit.netloc.split(":")

-    scheme = proxySplit[0].upper()
+    scheme = proxySplit.scheme.upper()
    hostname = hostnamePort[0]
    port = None
    username = None
@ -1373,8 +1374,9 @@ def _cleanupOptions():
        conf.data = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I)

        if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
+            class _(unicode):
+                pass
            original = conf.data
-            class _(unicode): pass
            conf.data = _(urldecode(conf.data))
            setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
        else:
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -18,7 +18,7 @@ optDict = {
                               "requestFile":       "string",
                               "sessionFile":       "string",
                               "googleDork":        "string",
-                               "configFile":        "string"
+                               "configFile":        "string",
                             },

            "Request":       {
@ -47,7 +47,7 @@ optDict = {
                               "safUrl":            "string",
                               "saFreq":            "integer",
                               "skipUrlEncode":     "boolean",
-                               "evalCode":          "string"
+                               "evalCode":          "string",
                             },

            "Optimization":  {
@ -55,7 +55,7 @@ optDict = {
                               "predictOutput":     "boolean",
                               "keepAlive":         "boolean",
                               "nullConnection":    "boolean",
-                               "threads":           "integer"
+                               "threads":           "integer",
                             },

            "Injection":     {
@ -69,7 +69,7 @@ optDict = {
                               "prefix":            "string",
                               "suffix":            "string",
                               "skip":              "string",
-                               "tamper":            "string"
+                               "tamper":            "string",
                             },

            "Detection":     {
@ -80,7 +80,7 @@ optDict = {
                               "regexp":            "string",
                               "code":              "integer",
                               "textOnly":          "boolean",
-                               "titles":            "boolean"
+                               "titles":            "boolean",
                             },

            "Techniques":    {
@ -89,11 +89,11 @@ optDict = {
                               "uCols":             "string",
                               "uChar":             "string",
                               "dnsName":           "string",
-                               "secondOrder":       "string"
+                               "secondOrder":       "string",
                             },

            "Fingerprint":   {
-                               "extensiveFp":       "boolean"
+                               "extensiveFp":       "boolean",
                             },

            "Enumeration":   {
@ -126,23 +126,23 @@ optDict = {
                               "lastChar":          "integer",
                               "query":             "string",
                               "sqlShell":          "boolean",
-                               "sqlFile":           "string"
+                               "sqlFile":           "string",
                             },

            "Brute":         {
                               "commonTables":       "boolean",
-                               "commonColumns":      "boolean"
+                               "commonColumns":      "boolean",
                             },

            "User-defined function": {
                               "udfInject":         "boolean",
-                               "shLib":             "string"
+                               "shLib":             "string",
                             },

            "File system":   {
                               "rFile":             "string",
                               "wFile":             "string",
-                               "dFile":             "string"
+                               "dFile":             "string",
                             },

            "Takeover":      {
@ -153,7 +153,7 @@ optDict = {
                               "osBof":             "boolean",
                               "privEsc":           "boolean",
                               "msfPath":           "string",
-                               "tmpPath":           "string"
+                               "tmpPath":           "string",
                             },

            "Windows":       {
@ -163,7 +163,7 @@ optDict = {
                               "regKey":            "string",
                               "regVal":            "string",
                               "regData":           "string",
-                               "regType":           "string"
+                               "regType":           "string",
                             },

            "General":       {
@ -208,7 +208,7 @@ optDict = {
                               "smart":             "boolean",
                               "testFilter":        "string",
                               "wizard":            "boolean",
-                               "verbose":           "integer"
+                               "verbose":           "integer",
                             },
            "Hidden": {
                               "profile":           "boolean",
@ -217,6 +217,6 @@ optDict = {
                               "smokeTest":         "boolean",
                               "liveTest":          "boolean",
                               "stopFail":          "boolean",
-                               "runCase":           "string"
+                               "runCase":           "string",
                      }
          }
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -201,7 +201,7 @@ BASIC_HELP_ITEMS = (
                        "checkTor",
                        "flushSession",
                        "tor",
-                        "wizard"
+                        "wizard",
                   )

 # String representation for NULL value
@ -218,7 +218,7 @@ ERROR_PARSING_REGEXES = (
                          r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
                          r"(?m)^(fatal|error|warning|exception):?\s*(?P<result>.+?)$",
                          r"<li>Error Type:<br>(?P<result>.+?)</li>",
-                          r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)"
+                          r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",
                        )

 # Regular expression used for parsing charset info from meta html headers
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@ -40,7 +40,7 @@ class CompleterNG(rlcompleter.Completer):
        matches = []
        n = len(text)

-        for ns in [ self.namespace ]:
+        for ns in (self.namespace,):
            for word in ns:
                if word[:n] == text:
                    matches.append(word)
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -130,7 +130,7 @@ def _setRequestParams():

    kb.processUserMarks = True if kb.postHint else kb.processUserMarks

-    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(map(lambda place: place in conf.parameters, [PLACE.GET, PLACE.POST])):
+    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)):
        warnMsg = "you've provided target url without any GET "
        warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
        warnMsg += "and without providing any POST parameters "
@ -161,7 +161,7 @@ def _setRequestParams():

            if not kb.processUserMarks:
                if place == PLACE.URI:
-                    query = urlparse.urlsplit(value)[3]
+                    query = urlparse.urlsplit(value).query
                    if query:
                        parameters = conf.parameters[PLACE.GET] = query
                        paramDict = paramToDict(PLACE.GET, parameters)
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@ -104,7 +104,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
    kb.threadContinue = True
    kb.threadException = False

-    if threadChoice and numThreads == 1 and any(map(lambda _: _ in kb.injection.data, (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY, PAYLOAD.TECHNIQUE.UNION))):
+    if threadChoice and numThreads == 1 and any(_ in kb.injection.data for _ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY, PAYLOAD.TECHNIQUE.UNION)):
        while True:
            message = "please enter number of threads? [Enter for %d (current)] " % numThreads
            choice = readInput(message, default=str(numThreads))
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@ -30,7 +30,7 @@ def headersParser(headers):
            "servlet-engine":                  os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"),
            "set-cookie":                      os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
            "x-aspnet-version":                os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
-            "x-powered-by":                    os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml")
+            "x-powered-by":                    os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"),
        }

    for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers):
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -110,7 +110,7 @@ def checkCharEncoding(encoding, warn=True):
    else:
        return encoding

-    # http://www.destructor.de/charsets/index.htm
+    # Reference: http://www.destructor.de/charsets/index.htm
    translate = {"windows-874": "iso-8859-11", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8",  "utc8": "utf8", "ebcdic": "ebcdic-cp-be"}

    for delimiter in (';', ',', '('):
@ -149,14 +149,14 @@ def checkCharEncoding(encoding, warn=True):
    elif encoding.find("utf8") > 0:
        encoding = "utf8"

-    # http://philip.html5.org/data/charsets-2.html
+    # Reference: http://philip.html5.org/data/charsets-2.html
    if encoding in translate:
        encoding = translate[encoding]
    elif encoding in ("null", "{charset}", "*"):
        return None

-    # http://www.iana.org/assignments/character-sets
-    # http://docs.python.org/library/codecs.html
+    # Reference: http://www.iana.org/assignments/character-sets
+    # Reference: http://docs.python.org/library/codecs.html
    try:
        codecs.lookup(encoding)
    except LookupError:
@ -216,7 +216,7 @@ def decodePage(page, contentEncoding, contentType):
    if not conf.charset:
        httpCharset, metaCharset = None, None

-        # http://stackoverflow.com/questions/1020892/python-urllib2-read-to-unicode
+        # Reference: http://stackoverflow.com/questions/1020892/python-urllib2-read-to-unicode
        if contentType and (contentType.find("charset=") != -1):
            httpCharset = checkCharEncoding(contentType.split("charset=")[-1])

--- a/lib/request/dns.py
+++ b/lib/request/dns.py
@ -137,4 +137,3 @@ if __name__ == "__main__":
    finally:
        if server:
            server._running = False
-
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@ -86,7 +86,7 @@ class Metasploit:
                                                   2: ("Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports"),
                                                   3: ("Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP", "reverse_http"),
                                                   4: ("Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS", "reverse_https"),
-                                                   5: ("Bind TCP: Listen on the database host for a connection", "bind_tcp")
+                                                   5: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"),
                                                 },
                                      "linux":   {
                                                   1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"),
--- a/lib/takeover/registry.py
+++ b/lib/takeover/registry.py
@ -33,17 +33,17 @@ class Registry:

        self._batRead = (
                           "@ECHO OFF\r\n",
-                           readParse
+                           readParse,
                        )

        self._batAdd = (
                           "@ECHO OFF\r\n",
-                           "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData)
+                           "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData),
                       )

        self._batDel = (
                           "@ECHO OFF\r\n",
-                           "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue)
+                           "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue),
                       )

    def _createLocalBatchFile(self):
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -423,7 +423,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                abortedFlag = True

            finally:
-                value = map(lambda _: partialValue[_] if _ < len(partialValue) else threadData.shared.value[_], xrange(length))
+                value = [partialValue[_] if _ < len(partialValue) else threadData.shared.value[_] for _ in xrange(length)]

            infoMsg = None

--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -127,7 +127,7 @@ def tableExists(tableFile, regex=None):
            else:
                kb.data.cachedTables[conf.db].append(item)

-    for _ in map(lambda x: (conf.db, x), threadData.shared.value):
+    for _ in ((conf.db, item) for item in threadData.shared.value):
        if _ not in kb.brute.tables:
            kb.brute.tables.append(_)

--- a/lib/utils/getch.py
+++ b/lib/utils/getch.py
@ -19,7 +19,8 @@ class _Getch(object):
            except(AttributeError, ImportError):
                self.impl = _GetchUnix()

-    def __call__(self): return self.impl()
+    def __call__(self):
+        return self.impl()


 class _GetchUnix(object):
@ -27,7 +28,10 @@ class _GetchUnix(object):
        import tty

    def __call__(self):
-        import sys, tty, termios
+        import sys
+        import termios
+        import tty
+
        fd = sys.stdin.fileno()
        old_settings = termios.tcgetattr(fd)
        try:
@ -77,3 +81,4 @@ class _GetchMacCarbon(object):


 getch = _Getch()
+
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -298,7 +298,7 @@ __functions__ = {
                    HASH.MD5_GENERIC: md5_generic_passwd,
                    HASH.SHA1_GENERIC: sha1_generic_passwd,
                    HASH.CRYPT_GENERIC: crypt_generic_passwd,
-                    HASH.WORDPRESS: wordpress_passwd
+                    HASH.WORDPRESS: wordpress_passwd,
                }

 def storeHashesToFile(attack_dict):
@ -500,7 +500,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
            except (UnicodeEncodeError, UnicodeDecodeError):
                pass  # ignore possible encoding problems caused by some words in custom dictionaries

-            except Exception:
+            except:
                warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
                warnMsg += "Please report by e-mail to %s" % ML
                logger.critical(warnMsg)
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@ -52,7 +52,7 @@ class Fingerprint(GenericFingerprint):
                      "97":           ("MSysModules2", "MSysAccessObjects"),
                      "2000" :        ("!MSysModules2", "MSysAccessObjects"),
                      "2002-2003" :   ("MSysAccessStorage", "!MSysNavPaneObjectIDs"),
-                      "2007" :        ("MSysAccessStorage", "MSysNavPaneObjectIDs")
+                      "2007" :        ("MSysAccessStorage", "MSysNavPaneObjectIDs"),
                    }
        # MSysAccessXML is not a reliable system table because it doesn't always exist
        # ("Access through Access", p6, should be "normally doesn't exist" instead of "is normally empty")
--- a/plugins/dbms/db2/enumeration.py
+++ b/plugins/dbms/db2/enumeration.py
@ -18,3 +18,4 @@ class Enumeration(GenericEnumeration):
        logger.warn(warnMsg)

        return {}
+
--- a/plugins/dbms/firebird/connector.py
+++ b/plugins/dbms/firebird/connector.py
@ -40,7 +40,7 @@ class Connector(GenericConnector):

        try:
            self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
-                user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html
+                user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8")  # Reference: http://www.daniweb.com/forums/thread248499.html
        except kinterbasdb.OperationalError, msg:
            raise SqlmapConnectionException(msg[1])
        self.setCursor()
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@ -70,10 +70,10 @@ class Fingerprint(GenericFingerprint):
    def _sysTablesCheck(self):
        retVal = None
        table = (
-                    ("1.0", ["EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
-                    ("1.5", ["NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
-                    ("2.0", ["EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0"]),
-                    ("2.1", ["BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0"])
+                    ("1.0", ("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)",)),
+                    ("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")),
+                    ("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")),
+                    ("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")),
                 )

        for i in xrange(len(table)):
--- a/plugins/dbms/mssqlserver/takeover.py
+++ b/plugins/dbms/mssqlserver/takeover.py
@ -41,7 +41,7 @@ class Takeover(GenericTakeover):
                    #"2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)" ),

                    # 2003 Service Pack 2 updated at 05/2009
-                    "2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)")
+                    "2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"),

                    # 2003 Service Pack 2 updated at 09/2009
                    #"2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"),
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@ -174,7 +174,7 @@ class Fingerprint(GenericFingerprint):
            infoMsg = "confirming %s" % DBMS.MYSQL
            logger.info(infoMsg)

-            result = inject.checkBooleanExpression("USER()=USER()")
+            result = inject.checkBooleanExpression("USER() LIKE USER()")

            if not result:
                warnMsg = "the back-end DBMS is not %s" % DBMS.MYSQL
--- a/plugins/dbms/oracle/connector.py
+++ b/plugins/dbms/oracle/connector.py
@ -64,10 +64,8 @@ class Connector(GenericConnector):
        try:
            self.cursor.execute(utf8encode(query))
            retVal = True
-        except (cx_Oracle.DatabaseError), msg:
+        except cx_Oracle.DatabaseError, msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
-        except cx_Oracle.InternalError, msg:
-            raise SqlmapConnectionException(msg)

        self.connector.commit()

--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@ -221,7 +221,7 @@ class Enumeration(GenericEnumeration):

            if colList:
                table = {}
-                table[safeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList))
+                table[safeSQLIdentificatorNaming(tbl)] = dict((_, None) for _ in colList)
                kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
                continue

--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -13,6 +13,7 @@ from lib.core.common import getLimitRange
 from lib.core.common import isInferenceAvailable
 from lib.core.common import isListLike
 from lib.core.common import isNoneValue
+from lib.core.common import isNullValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import parseSqliteTableSchema
@ -275,7 +276,7 @@ class Databases:
                values = filter(None, arrayizeValue(values))

                if len(values) > 0 and not isListLike(values[0]):
-                    values = map(lambda x: (dbs[0], x), values)
+                    values = [(dbs[0], _) for _ in values]

                for db, table in filterPairValues(values):
                    db = safeSQLIdentificatorNaming(db)
@ -524,6 +525,17 @@ class Databases:

                values = inject.getValue(query, blind=False, time=False)

+                if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
+                    index, values = 1, []
+                    while True:
+                        query = rootQuery.inband.query2 % (conf.db, tbl, index)
+                        value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
+                        if isNoneValue(value) or value == " ":
+                            break
+                        else:
+                            values.append((value,))
+                            index += 1
+
                if Backend.isDbms(DBMS.SQLITE):
                    parseSqliteTableSchema(unArrayizeValue(values))
                elif not isNoneValue(values):
@ -536,7 +548,7 @@ class Databases:

                            if name:
                                if len(columnData) == 1:
-                                    columns[name] = ""
+                                    columns[name] = None
                                else:
                                    columns[name] = columnData[1]

@ -600,17 +612,28 @@ class Databases:

                count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

+                table = {}
+                columns = {}
+
                if not isNumPosStrValue(count):
-                    errMsg = "unable to retrieve the number of columns "
+                    if Backend.isDbms(DBMS.MSSQL):
+                        count, index, values = 0, 1, []
+                        while True:
+                            query = rootQuery.blind.query3 % (conf.db, tbl, index)
+                            value = unArrayizeValue(inject.getValue(query, union=False, error=False))
+                            if isNoneValue(value) or value == " ":
+                                break
+                            else:
+                                columns[safeSQLIdentificatorNaming(value)] = None
+                                index += 1
+
+                    if not columns:
+                        errMsg = "unable to retrieve the %scolumns " % ("number of " if not Backend.isDbms(DBMS.MSSQL) else "")
                        errMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
                        errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                        logger.error(errMsg)
-
                        continue

-                table = {}
-                columns = {}
-
                for index in getLimitRange(count):
                    if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                        query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -6,7 +6,6 @@ See the file 'doc/COPYING' for copying permission
 """

 import os
-import tempfile

 from lib.core.agent import agent
 from lib.core.common import dataToOutFile
@ -16,7 +15,6 @@ from lib.core.common import decodeHexValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isListLike
 from lib.core.common import isTechniqueAvailable
-from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
--- a/procs/README.txt
+++ b/procs/README.txt
--- a/sqlmap.py
+++ b/sqlmap.py
--- a/sqlmapapi.py
+++ b/sqlmapapi.py
--- a/thirdparty/chardet/init.py
+++ b/thirdparty/chardet/init.py
--- a/thirdparty/chardet/big5freq.py
+++ b/thirdparty/chardet/big5freq.py
--- a/thirdparty/chardet/big5prober.py
+++ b/thirdparty/chardet/big5prober.py
--- a/thirdparty/chardet/chardistribution.py
+++ b/thirdparty/chardet/chardistribution.py
--- a/thirdparty/chardet/charsetgroupprober.py
+++ b/thirdparty/chardet/charsetgroupprober.py
--- a/thirdparty/chardet/charsetprober.py
+++ b/thirdparty/chardet/charsetprober.py
--- a/thirdparty/chardet/codingstatemachine.py
+++ b/thirdparty/chardet/codingstatemachine.py
--- a/thirdparty/chardet/constants.py
+++ b/thirdparty/chardet/constants.py
--- a/thirdparty/chardet/escprober.py
+++ b/thirdparty/chardet/escprober.py
--- a/thirdparty/chardet/escsm.py
+++ b/thirdparty/chardet/escsm.py
--- a/thirdparty/chardet/eucjpprober.py
+++ b/thirdparty/chardet/eucjpprober.py
--- a/thirdparty/chardet/euckrfreq.py
+++ b/thirdparty/chardet/euckrfreq.py
--- a/thirdparty/chardet/euckrprober.py
+++ b/thirdparty/chardet/euckrprober.py
--- a/thirdparty/chardet/euctwfreq.py
+++ b/thirdparty/chardet/euctwfreq.py
--- a/thirdparty/chardet/euctwprober.py
+++ b/thirdparty/chardet/euctwprober.py
--- a/thirdparty/chardet/gb2312freq.py
+++ b/thirdparty/chardet/gb2312freq.py
--- a/thirdparty/chardet/gb2312prober.py
+++ b/thirdparty/chardet/gb2312prober.py
--- a/thirdparty/chardet/hebrewprober.py
+++ b/thirdparty/chardet/hebrewprober.py
--- a/thirdparty/chardet/jisfreq.py
+++ b/thirdparty/chardet/jisfreq.py
--- a/thirdparty/chardet/jpcntx.py
+++ b/thirdparty/chardet/jpcntx.py
--- a/thirdparty/chardet/langbulgarianmodel.py
+++ b/thirdparty/chardet/langbulgarianmodel.py
--- a/thirdparty/chardet/langcyrillicmodel.py
+++ b/thirdparty/chardet/langcyrillicmodel.py
--- a/thirdparty/chardet/langgreekmodel.py
+++ b/thirdparty/chardet/langgreekmodel.py
--- a/thirdparty/chardet/langhebrewmodel.py
+++ b/thirdparty/chardet/langhebrewmodel.py
--- a/thirdparty/chardet/langhungarianmodel.py
+++ b/thirdparty/chardet/langhungarianmodel.py
--- a/thirdparty/chardet/langthaimodel.py
+++ b/thirdparty/chardet/langthaimodel.py
--- a/thirdparty/chardet/latin1prober.py
+++ b/thirdparty/chardet/latin1prober.py
--- a/thirdparty/chardet/mbcharsetprober.py
+++ b/thirdparty/chardet/mbcharsetprober.py
--- a/thirdparty/chardet/mbcsgroupprober.py
+++ b/thirdparty/chardet/mbcsgroupprober.py
--- a/thirdparty/chardet/mbcssm.py
+++ b/thirdparty/chardet/mbcssm.py
--- a/thirdparty/chardet/sbcharsetprober.py
+++ b/thirdparty/chardet/sbcharsetprober.py
--- a/thirdparty/chardet/sbcsgroupprober.py
+++ b/thirdparty/chardet/sbcsgroupprober.py
--- a/thirdparty/chardet/sjisprober.py
+++ b/thirdparty/chardet/sjisprober.py
--- a/thirdparty/chardet/test.py
+++ b/thirdparty/chardet/test.py
--- a/thirdparty/chardet/universaldetector.py
+++ b/thirdparty/chardet/universaldetector.py
--- a/thirdparty/chardet/utf8prober.py
+++ b/thirdparty/chardet/utf8prober.py
--- a/thirdparty/gprof2dot/init.py
+++ b/thirdparty/gprof2dot/init.py
--- a/thirdparty/gprof2dot/gprof2dot.py
+++ b/thirdparty/gprof2dot/gprof2dot.py
--- a/thirdparty/keepalive/init.py
+++ b/thirdparty/keepalive/init.py
--- a/thirdparty/prettyprint/init.py
+++ b/thirdparty/prettyprint/init.py
--- a/thirdparty/xdot/init.py
+++ b/thirdparty/xdot/init.py
--- a/xml/queries.xml
+++ b/xml/queries.xml
@ -136,8 +136,8 @@
            <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
        </dump_table>
        <search_db>
-            <inband query="SELECT datname FROM pg_database WHERE " query2="" condition="datname" condition2=""/>
-            <blind query="SELECT DISTINCT(datname) FROM pg_database WHERE " query2="" count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE " count2="" condition="datname" condition2=""/>
+            <inband query="SELECT datname FROM pg_database WHERE " condition="datname"/>
+            <blind query="SELECT DISTINCT(datname) FROM pg_database WHERE " count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE " condition="datname"/>
        </search_db>
        <search_table>
            <inband query="SELECT schemaname,tablename FROM pg_tables WHERE " condition="tablename" condition2="schemaname"/>
@ -194,8 +194,8 @@
            <blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name" count2="SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype = 'U' AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype = 'U' ORDER BY name) ORDER BY name" count3="SELECT COUNT(name) FROM %s..sysobjects WHERE xtype = 'U'"/>
        </tables>
        <columns>
-            <inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
-            <blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
+            <inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" condition="[DB]..syscolumns.name"/>
+            <blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query3="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s.%s"/>
@ -290,8 +290,8 @@
        </dump_table>
        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
        <search_db>
-            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE " query2="" condition="OWNER" condition2=""/>
-            <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE " query2="" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="" condition="OWNER" condition2=""/>
+            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE " condition="OWNER"/>
+            <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE " count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " condition="OWNER"/>
        </search_db>
        <search_table>
            <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE " condition="TABLE_NAME" condition2="OWNER"/>
@ -397,8 +397,7 @@
   <dbms value="Firebird">
        <cast query="CAST(%s AS VARCHAR(10000))"/>
        <length query="CHAR_LENGTH(%s)"/>
-        <!-- TODO: add proper value -->
-        <delimiter query=""/>
+        <delimiter query="||"/>
        <limit query="ROWS %d TO %d"/>
        <limitregexp query="\s+ROWS\s+([\d]+)(\s+\TO\s+([\d]+))?"/>
        <limitgroupstart query="1"/>
@ -599,7 +598,7 @@
        <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->        
        <passwords/>
        <privileges>
-            <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" query2="" condition="grantee" condition2=""/>
+            <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
            <blind query="SELECT tabschema||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
        </privileges>
        <roles/>
@ -621,8 +620,8 @@
            <blind query="SELECT %s FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s FROM %s) AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
        </dump_table>
        <search_db>
-            <inband query="SELECT schemaname FROM syscat.schemata WHERE " query2="" condition="schemaname" condition2=""/>
-            <blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE " query2="" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE " count2="" condition="schemaname" condition2=""/>
+            <inband query="SELECT schemaname FROM syscat.schemata WHERE " condition="schemaname"/>
+            <blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE " count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE " condition="schemaname"/>
        </search_db>
        <search_table>
            <inband query="SELECT tabschema,tabname FROM sysstat.tables WHERE " condition="tabname" condition2="tabschema"/>