1<?xml version="1.0" encoding="UTF-8"?> 2 3<root> 4 <!-- MySQL --> 5 <dbms value="MySQL"> 6 <!-- http://dba.fyicenter.com/faq/mysql/Difference-between-CHAR-and-NCHAR.html --> 7 <cast query="CAST(%s AS NCHAR)"/> 8 <length query="CHAR_LENGTH(%s)"/> 9 <isnull query="IFNULL(%s,' ')"/> 10 <delimiter query=","/> 11 <limit query="LIMIT %d,%d"/> 12 <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/> 13 <limitgroupstart query="1"/> 14 <limitgroupstop query="2"/> 15 <limitstring query=" LIMIT "/> 16 <order query="ORDER BY %s ASC"/> 17 <count query="COUNT(%s)"/> 18 <comment query="-- -" query2="/*" query3="#"/> 19 <substring query="MID((%s),%d,%d)"/> 20 <concatenate query="CONCAT(%s,%s)"/> 21 <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> 22 <hex query="HEX(%s)"/> 23 <inference query="ORD(MID((%s),%d,1))>%d"/> 24 <banner query="VERSION()"/> 25 <current_user query="CURRENT_USER()"/> 26 <current_db query="DATABASE()"/> 27 <hostname query="@@HOSTNAME"/> 28 <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/> 29 <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/> 30 <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/> 31 <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/> 32 <users> 33 <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user"/> 34 <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user"/> 35 </users> 36 <!-- https://github.com/dev-sec/mysql-baseline/issues/35 --> 37 <!-- https://stackoverflow.com/a/31122246 --> 38 <passwords> 39 <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/> 40 <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/> 41 </passwords> 42 <privileges> 43 <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/> 44 <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/> 45 </privileges> 46 <roles/> 47 <statements> 48 <inband query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST"/> 49 <blind query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST ORDER BY ID LIMIT %d,1" query2="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST WHERE ID=%d" query3="SELECT ID FROM INFORMATION_SCHEMA.PROCESSLIST LIMIT %d,1" count="SELECT COUNT(DISTINCT(INFO)) FROM INFORMATION_SCHEMA.PROCESSLIST"/> 50 </statements> 51 <dbs> 52 <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA" query2="SELECT db FROM mysql.db"/> 53 <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT %d,1" query2="SELECT DISTINCT(db) FROM mysql.db LIMIT %d,1" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db"/> 54 </dbs> 55 <tables> 56 <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" query2="SELECT database_name,table_name FROM mysql.innodb_table_stats" condition="table_schema" condition2="database_name"/> 57 <blind query="SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' LIMIT %d,1" query2="SELECT table_name FROM mysql.innodb_table_stats WHERE database_name='%s' LIMIT %d,1" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count2="SELECT COUNT(table_name) FROM mysql.innodb_table_stats WHERE database_name='%s'"/> 58 </tables> 59 <columns> 60 <inband query="SELECT column_name,column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/> 61 <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/> 62 </columns> 63 <dump_table> 64 <inband query="SELECT %s FROM %s.%s ORDER BY %s"/> 65 <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/> 66 </dump_table> 67 <search_db> 68 <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" query2="SELECT db FROM mysql.db WHERE %s" condition="schema_name" condition2="db"/> 69 <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" query2="SELECT DISTINCT(db) FROM mysql.db WHERE %s" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db WHERE %s" condition="schema_name" condition2="db"/> 70 </search_db> 71 <search_table> 72 <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/> 73 <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/> 74 </search_table> 75 <search_column> 76 <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/> 77 <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/> 78 </search_column> 79 </dbms> 80 81 <!-- PostgreSQL --> 82 <dbms value="PostgreSQL"> 83 <cast query="CAST(%s AS CHARACTER(10000))"/> 84 <length query="LENGTH(%s)"/> 85 <isnull query="COALESCE(%s,' ')"/> 86 <delimiter query="||"/> 87 <limit query="OFFSET %d LIMIT %d"/> 88 <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/> 89 <limitgroupstart query="1"/> 90 <limitgroupstop query="2"/> 91 <limitstring query=" OFFSET "/> 92 <order query="ORDER BY %s ASC"/> 93 <count query="COUNT(%s)"/> 94 <comment query="--" query2="/*"/> 95 <substring query="SUBSTRING((%s)::text FROM %d FOR %d)"/> 96 <concatenate query="%s||%s"/> 97 <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> 98 <hex query="ENCODE(CONVERT_TO((%s),'UTF8'),'HEX')"/> 99 <inference query="ASCII(SUBSTRING((%s)::text FROM %d FOR 1))>%d"/> 100 <banner query="VERSION()"/> 101 <current_user query="CURRENT_USER"/> 102 <current_db query="CURRENT_SCHEMA()"/> 103 <hostname/> 104 <!--<table_comment query="SELECT pg_catalog.obj_description(c.oid) FROM pg_catalog.pg_class c WHERE c.relname='%s'"/>--> 105 <table_comment query="SELECT description FROM pg_description JOIN pg_class ON pg_description.objoid=pg_class.oid JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid WHERE nspname='%s' AND relname='%s'"/> 106 <column_comment query="SELECT col_description(pg_class.oid,pg_attribute.attnum) FROM pg_class JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid JOIN pg_attribute ON pg_class.oid=pg_attribute.attrelid WHERE nspname='%s' AND relname='%s' AND attname='%s'"/> 107 <is_dba query="(SELECT usesuper=true FROM pg_user WHERE usename=CURRENT_USER OFFSET 0 LIMIT 1)"/> 108 <check_udf query="(SELECT proname='%s' FROM pg_proc WHERE proname='%s' OFFSET 0 LIMIT 1)"/> 109 <users> 110 <inband query="SELECT usename FROM pg_user"/> 111 <blind query="SELECT DISTINCT(usename) FROM pg_user OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user"/> 112 </users> 113 <passwords> 114 <inband query="SELECT usename,passwd FROM pg_shadow" condition="usename"/> 115 <blind query="SELECT DISTINCT(passwd) FROM pg_shadow WHERE usename='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(passwd)) FROM pg_shadow WHERE usename='%s'"/> 116 </passwords> 117 <privileges> 118 <inband query="SELECT usename,(CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user" condition="usename"/> 119 <blind query="SELECT (CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user WHERE usename='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user WHERE usename='%s'"/> 120 </privileges> 121 <roles/> 122 <statements> 123 <inband query="SELECT query FROM pg_stat_activity WHERE query != '<IDLE>'"/> 124 <blind query="SELECT DISTINCT(query) FROM pg_stat_activity WHERE query != '<IDLE>' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(query)) FROM pg_stat_activity WHERE query != '<IDLE>'"/> 125 </statements> 126 <dbs> 127 <inband query="SELECT schemaname FROM pg_tables"/> 128 <blind query="SELECT DISTINCT(schemaname) FROM pg_tables OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/> 129 </dbs> 130 <tables> 131 <inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname"/> 132 <blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/> 133 </tables> 134 <columns> 135 <inband query="SELECT attname,typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/> 136 <blind query="SELECT attname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'" count="SELECT COUNT(attname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/> 137 </columns> 138 <dump_table> 139 <inband query="SELECT %s FROM %s.%s ORDER BY %s"/> 140 <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/> 141 </dump_table> 142 <search_db> 143 <inband query="SELECT datname FROM pg_database WHERE %s" condition="datname"/> 144 <blind query="SELECT DISTINCT(datname) FROM pg_database WHERE %s" count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE %s" condition="datname"/> 145 </search_db> 146 <search_table> 147 <inband query="SELECT schemaname,tablename FROM pg_tables WHERE %s" condition="tablename" condition2="schemaname"/> 148 <blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s" query2="SELECT tablename FROM pg_tables WHERE schemaname='%s'" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s" count2="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" condition="tablename" condition2="schemaname"/> 149 </search_table> 150 <search_column> 151 <inband query="SELECT nspname,relname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND %s" condition="attname" condition2="nspname" condition3="relname"/> 152 <blind query="SELECT DISTINCT(nspname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND %s" query2="SELECT DISTINCT(relname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'" count="SELECT COUNT(DISTINCT(nspname)) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND %s" count2="SELECT COUNT(DISTINCT(relname)) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'" condition="attname" condition2="nspname" condition3="relname"/> 153 </search_column> 154 </dbms> 155 156 <!-- Microsoft SQL Server --> 157 <dbms value="Microsoft SQL Server"> 158 <cast query="CAST(%s AS NVARCHAR(4000))"/> 159 <length query="LTRIM(STR(LEN(%s)))"/> 160 <isnull query="ISNULL(%s,' ')"/> 161 <delimiter query="+"/> 162 <limit query="SELECT TOP %d "/> 163 <limitregexp query="TOP\s+([\d]+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+?\s+NOT\s+IN\s+\(SELECT\s+TOP\s+([\d]+)\s+"/> 164 <limitgroupstart query="2"/> 165 <limitgroupstop query="1"/> 166 <limitstring/> 167 <order query="ORDER BY %s ASC"/> 168 <count query="COUNT(%s)"/> 169 <comment query="--" query2="/*"/> 170 <substring query="SUBSTRING((%s),%d,%d)"/> 171 <concatenate query="%s+%s"/> 172 <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> 173 <hex query="master.dbo.fn_varbintohexstr(CAST(%s AS VARBINARY(8000)))"/> 174 <inference query="UNICODE(SUBSTRING((%s),%d,1))>%d"/> 175 <banner query="SELECT @@VERSION"/> 176 <current_user query="SELECT SYSTEM_USER"/> 177 <current_db query="SELECT DB_NAME()"/> 178 <hostname query="@@SERVERNAME"/> 179 <table_comment query="SELECT value FROM fn_listextendedproperty(NULL,'schema','%s','table','%s',NULL,NULL)"/> 180 <column_comment query="SELECT value FROM fn_listextendedproperty(NULL,'schema','%s','table','%s','column','%s')"/> 181 <is_dba query="IS_SRVROLEMEMBER('sysadmin')=1" query2="IS_SRVROLEMEMBER('sysadmin','%s')=1"/> 182 <users> 183 <inband query="SELECT name FROM master..syslogins" query2="SELECT name FROM sys.sql_logins"/> 184 <!-- NOTE: in NOT IN kind of queries ORDER BY is a must --> 185 <blind query="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins ORDER BY name) ORDER BY name" query2="SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins" count2="SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins"/> 186 </users> 187 <passwords> 188 <inband query="SELECT name,master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name,master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/> 189 <blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s' ORDER BY password) ORDER BY password" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password_hash NOT IN (SELECT TOP %d password_hash FROM sys.sql_logins WHERE name='%s' ORDER BY password_hash) ORDER BY password_hash" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/> 190 </passwords> 191 <!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges --> 192 <privileges/> 193 <roles/> 194 <statements> 195 <inband query="SELECT st.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st"/> 196 <blind query="SELECT TOP 1 a.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) a WHERE a.text NOT IN (SELECT TOP %d b.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) b ORDER BY b.text) ORDER BY a.text" count="SELECT LTRIM(STR(COUNT(st.text))) FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st"/> 197 </statements> 198 <dbs> 199 <inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/> 200 <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/> 201 </dbs> 202 <tables> 203 <inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT name FROM %s..sysobjects WHERE xtype = 'U'"/> 204 <blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name" count2="SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype = 'U' AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype = 'U' ORDER BY name) ORDER BY name" count3="SELECT COUNT(name) FROM %s..sysobjects WHERE xtype = 'U'"/> 205 </tables> 206 <columns> 207 <inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" condition="[DB]..syscolumns.name"/> 208 <blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query3="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/> 209 </columns> 210 <dump_table> 211 <inband query="SELECT %s FROM %s.%s"/> 212 <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/> 213 </dump_table> 214 <search_db> 215 <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/> 216 <blind query="SELECT name FROM master..sysdatabases WHERE %s" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE %s" condition="name"/> 217 </search_db> 218 <search_table> 219 <inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND " condition="name" condition2="name"/> 220 <blind query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') " count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" condition="name" condition2="name"/> 221 </search_table> 222 <search_column> 223 <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/> 224 <blind query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" count="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/> 225 </search_column> 226 </dbms> 227 228 <!-- Oracle --> 229 <dbms value="Oracle"> 230 <cast query="CAST(%s AS VARCHAR(4000))"/> 231 <length query="LENGTH(%s)"/> 232 <isnull query="NVL(%s,' ')"/> 233 <delimiter query="||"/> 234 <limit query="ROWNUM AS LIMIT %s) WHERE LIMIT"/> 235 <limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/> 236 <limitgroupstart/> 237 <limitgroupstop/> 238 <limitstring/> 239 <order query="ORDER BY %s ASC"/> 240 <count query="COUNT(%s)"/> 241 <comment query="--"/> 242 <substring query="SUBSTRC((%s),%d,%d)"/> 243 <concatenate query="%s||%s"/> 244 <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> 245 <hex query="RAWTOHEX(%s)"/> 246 <!-- 247 NOTE: ASCIISTR (https://www.techonthenet.com/oracle/functions/asciistr.php) 248 --> 249 <inference query="ASCII(SUBSTRC((%s),%d,1))>%d"/> 250 <banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/> 251 <current_user query="SELECT USER FROM DUAL"/> 252 <!-- 253 NOTE: current physical DB but not usable for enumeration 254 <current_db query="SELECT SYS.DATABASE_NAME FROM DUAL"/> 255 --> 256 <current_db query="SELECT USER FROM DUAL"/> 257 <!-- 258 NOTE: in Oracle to check if the session user is DBA you can use: 259 SELECT USERENV('ISDBA') FROM DUAL 260 --> 261 <hostname query="SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL"/> 262 <table_comment query="SELECT COMMENTS FROM ALL_TAB_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s'"/> 263 <column_comment query="SELECT COMMENTS FROM ALL_COL_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'"/> 264 <is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/> 265 <users> 266 <inband query="SELECT USERNAME FROM SYS.ALL_USERS"/> 267 <blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/> 268 </users> 269 <passwords> 270 <inband query="SELECT NAME,PASSWORD FROM SYS.USER$" condition="NAME"/> 271 <blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/> 272 </passwords> 273 <!-- 274 NOTE: in Oracle to enumerate the privileges for the session user you can use: 275 SELECT * FROM SESSION_PRIVS 276 --> 277 <privileges> 278 <inband query="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS" query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS" condition="GRANTEE" condition2="USERNAME"/> 279 <blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/> 280 </privileges> 281 <!-- 282 NOTE: in Oracle to enumerate the roles for the session user you can use: 283 SELECT * FROM SESSION_ROLES 284 --> 285 <roles> 286 <inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/> 287 <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/> 288 </roles> 289 <statements> 290 <inband query="SELECT SQL_TEXT FROM V$SQL"/> 291 <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/> 292 </statements> 293 <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes --> 294 <dbs> 295 <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/> 296 <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/> 297 </dbs> 298 <tables> 299 <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES" condition="OWNER"/> 300 <blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/> 301 </tables> 302 <columns> 303 <inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/> 304 <blind query="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND OWNER='%s'" count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/> 305 </columns> 306 <dump_table> 307 <inband query="SELECT %s FROM %s"/> 308 <blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/> 309 </dump_table> 310 <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes --> 311 <search_db> 312 <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s" condition="OWNER"/> 313 <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" condition="OWNER"/> 314 </search_db> 315 <search_table> 316 <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE %s" condition="TABLE_NAME" condition2="OWNER"/> 317 <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE %s)" query2="SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s')" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/> 318 </search_table> 319 <search_column> 320 <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/> 321 <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE %s)" query2="SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s')" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/> 322 </search_column> 323 </dbms> 324 325 <!-- SQLite --> 326 <dbms value="SQLite"> 327 <cast query="CAST(%s AS TEXT)" dbms_version=">=3.0"/> 328 <!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) --> 329 <length query="LENGTH(%s)"/> 330 <isnull query="COALESCE(%s,' ')"/> 331 <delimiter query="||"/> 332 <limit query="LIMIT %d,%d"/> 333 <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/> 334 <limitgroupstart query="1"/> 335 <limitgroupstop query="2"/> 336 <limitstring query=" LIMIT "/> 337 <order query="ORDER BY %s ASC"/> 338 <count query="COUNT(%s)"/> 339 <comment query="--" query2="/*"/> 340 <substring query="SUBSTR((%s),%d,%d)"/> 341 <concatenate query="%s||%s"/> 342 <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> 343 <hex query="HEX(%s)"/> 344 <inference query="SUBSTR((%s),%d,1)>'%c'"/> 345 <banner query="SELECT SQLITE_VERSION()"/> 346 <current_user/> 347 <current_db/> 348 <hostname/> 349 <table_comment/> 350 <column_comment/> 351 <is_dba/> 352 <check_udf/> 353 <users/> 354 <passwords/> 355 <privileges/> 356 <roles/> 357 <statements/> 358 <dbs/> 359 <tables> 360 <inband query="SELECT tbl_name FROM sqlite_master WHERE type='table'"/> 361 <blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/> 362 </tables> 363 <columns> 364 <inband query="SELECT MIN(sql) FROM sqlite_master WHERE tbl_name='%s'"/> 365 <blind query="SELECT sql FROM sqlite_master WHERE tbl_name='%s' LIMIT 1" condition=""/> 366 </columns> 367 <dump_table> 368 <inband query="SELECT %s FROM %s"/> 369 <blind query="SELECT %s FROM %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s"/> 370 </dump_table> 371 <search_db/> 372 <search_table> 373 <inband query="SELECT tbl_name FROM sqlite_master WHERE type='table' AND %s" condition="tbl_name" condition2=""/> 374 <blind query="" query2="SELECT tbl_name FROM sqlite_master WHERE type='table'" count="" count2="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'" condition="tbl_name" condition2=""/> 375 </search_table> 376 <search_column/> 377 </dbms> 378 379 <!-- Microsoft Access --> 380 <dbms value="Microsoft Access"> 381 <cast query="RTRIM(CVAR(%s))"/> 382 <length query="LEN(RTRIM(CVAR(%s)))"/> 383 <isnull query="IIF(LEN(%s)=0,' ',%s)"/> 384 <delimiter query="&"/> 385 <limit query="TOP %d"/> 386 <limitregexp query="\s+TOP\s+([\d]+)"/> 387 <limitgroupstart query="1"/> 388 <limitgroupstop query="1"/> 389 <limitstring query=" TOP "/> 390 <order query="ORDER BY %s ASC"/> 391 <count query="COUNT(%s)"/> 392 <comment query="%16" query2="%00"/> 393 <substring query="MID((%s),%d,%d)"/> 394 <concatenate query="%s&%s"/> 395 <case query="SELECT (IIF(%s,1,0))"/> 396 <inference query="ASCW(MID((%s),%d,1))>%d"/> 397 <banner/> 398 <!--CURRENTUSER() is not available outside the MS Access query tool itself--> 399 <current_user/> 400 <current_db/> 401 <hostname/> 402 <table_comment/> 403 <column_comment/> 404 <is_dba/> 405 <dbs/> 406 <!--MSysObjects have no read permission by default--> 407 <tables> 408 <inband query="SELECT Name FROM MSysObjects WHERE Type=1"/> 409 <blind query="SELECT MIN(Name) FROM MSysObjects WHERE Type=1 AND Name>'%s'" count="SELECT COUNT(Name) FROM MSysObjects WHERE Type=1"/> 410 </tables> 411 <dump_table> 412 <inband query="SELECT %s FROM %s"/> 413 <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s)>'%s'" query2="SELECT TOP 1 %s FROM %s WHERE CVAR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s)"/> 414 </dump_table> 415 <users/> 416 <privileges/> 417 <roles/> 418 <statements/> 419 <search_db/> 420 <search_table/> 421 <search_column/> 422 </dbms> 423 424 <!-- Firebird --> 425 <dbms value="Firebird"> 426 <cast query="TRIM(CAST(%s AS VARCHAR(10000)))"/> 427 <length query="CHAR_LENGTH(TRIM(%s))"/> 428 <delimiter query="||"/> 429 <limit query="ROWS %d TO %d"/> 430 <limitregexp query="\s+ROWS\s+([\d]+)(\s+TO\s+([\d]+))?"/> 431 <limitgroupstart query="1"/> 432 <limitgroupstop query="2"/> 433 <limitstring query=" ROWS "/> 434 <isnull query="COALESCE(%s,' ')"/> 435 <order query="ORDER BY %s ASC"/> 436 <comment query="--"/> 437 <count query="COUNT(%s)"/> 438 <substring query="SUBSTRING((%s) FROM %d FOR %d)"/> 439 <concatenate query="%s||%s"/> 440 <case query="SELECT IIF(%s,1,0)"/> 441 <inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1))>%d" dbms_version=">=2.1" query2="SUBSTRING((%s) FROM %d FOR 1)>'%c'"/> 442 <banner query="SELECT RDB$GET_CONTEXT('SYSTEM','ENGINE_VERSION') FROM RDB$DATABASE" dbms_version=">=2.1"/> 443 <current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/> 444 <current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/> 445 <hostname/> 446 <table_comment/> 447 <column_comment/> 448 <is_dba query="CURRENT_USER='SYSDBA'"/> 449 <users> 450 <inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/> 451 <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/> 452 </users> 453 <tables> 454 <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/> 455 <blind query="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/> 456 </tables> 457 <privileges> 458 <inband query="SELECT RDB$USER,RDB$PRIVILEGE FROM RDB$USER_PRIVILEGES" condition="RDB$USER"/> 459 <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'" count="SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"/> 460 </privileges> 461 <roles/> 462 <statements/> 463 <dbs/> 464 <columns> 465 <!--<inband query="SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>--> 466 <inband query="SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/> 467 <blind query="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'" count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/> 468 </columns> 469 <dump_table> 470 <inband query="SELECT %s FROM %s"/> 471 <blind query="SELECT FIRST 1 SKIP %d %s FROM %s" count="SELECT COUNT(*) FROM %s"/> 472 </dump_table> 473 <search_db/> 474 <search_table> 475 <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0) AND %s" condition="RDB$RELATION_NAME" condition2=""/> 476 <blind query="" query2="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="" count2="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" condition="RDB$RELATION_NAME" condition2=""/> 477 </search_table> 478 <search_column/> 479 </dbms> 480 481 <!-- SAP MaxDB --> 482 <!-- http://dev.mysql.com/tech-resources/articles/maxdb-php-ready-for-web.html --> 483 <!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html --> 484 <!-- http://maxdb.sap.com/doc/7_6/default.htm --> 485 <!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm --> 486 <!-- http://www.ximido.de/research/PenTestingMaxDB.pdf --> 487 <dbms value="SAP MaxDB"> 488 <length query="LENGTH(%s)"/> 489 <isnull query="VALUE(%s,' ')" query2="IFNULL(%s,' ')"/> 490 <delimiter query=","/> 491 <limit query="LIMIT %d,%d"/> 492 <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)"/> 493 <limitgroupstart query="1"/> 494 <limitgroupstop query="2"/> 495 <!-- No real cast on SAP MaxDB --> 496 <cast query="REPLACE(CHR(%s),' ','_')"/> 497 <order query="ORDER BY %s ASC"/> 498 <count query="COUNT(%s)"/> 499 <comment query="--" query2="#"/> 500 <substring query="SUBSTR((%s),%d,%d)"/> 501 <concatenate query="CONCAT(%s,%s)"/> 502 <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> 503 <hex query="HEX(%s)"/> 504 <inference query="SUBSTR((%s),%d,1)>'%c'"/> 505 <banner query="SELECT ID FROM SYSINFO.VERSION"/> 506 <current_user query="SELECT USER() FROM DUAL"/> 507 <current_db query="SELECT DATABASE() FROM DUAL"/> 508 <hostname/> 509 <table_comment/> 510 <column_comment/> 511 <is_dba query="EXISTS(SELECT USER_ID FROM domain.users WHERE username=USER() AND usermode='SYSDBA')"/> 512 <users> 513 <inband query="SELECT username FROM domain.users"/> 514 <blind query="SELECT MIN(username) FROM domain.users WHERE username>'%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/> 515 </users> 516 <columns> 517 <inband query="SELECT columnname,datatype,len FROM domain.columns WHERE tablename='%s' AND schemaname=%s"/> 518 <blind/> 519 </columns> 520 <tables> 521 <inband query="SELECT tablename FROM domain.tables WHERE schemaname=%s AND type='TABLE'"/> 522 <blind/> 523 </tables> 524 <dbs> 525 <inband query="SELECT DISTINCT(schemaname) FROM domain.tables"/> 526 <blind/> 527 </dbs> 528 <roles> 529 <inband query="SELECT owner,role FROM domain.roles" condition="owner"/> 530 <blind/> 531 </roles> 532 <statements/> 533 <dump_table> 534 <inband query="SELECT %s FROM %%s"/> 535 <blind query="SELECT MIN(%s) FROM %s WHERE CHR(%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CHR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq"/> 536 </dump_table> 537 </dbms> 538 539 <!-- Sybase --> 540 <dbms value="Sybase"> 541 <cast query="CONVERT(VARCHAR(4000),%s)"/> 542 <length query="LTRIM(STR(LEN(%s)))"/> 543 <isnull query="ISNULL(%s,' ')"/> 544 <delimiter query="+"/> 545 <limit query="SELECT TOP %d "/> 546 <limitregexp query="TOP\s+([\d]+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+?\s+NOT\s+IN\s+\(SELECT\s+TOP\s+([\d]+)\s+"/> 547 <limitgroupstart query="2"/> 548 <limitgroupstop query="1"/> 549 <limitstring/> 550 <order query="ORDER BY %s ASC"/> 551 <count query="COUNT(%s)"/> 552 <comment query="--" query2="/*"/> 553 <substring query="SUBSTRING((%s),%d,%d)"/> 554 <concatenate query="%s+%s"/> 555 <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> 556 <hex query="BINTOSTR(CONVERT(VARBINARY,%s))"/> 557 <inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/> 558 <banner query="SELECT @@VERSION"/> 559 <current_user query="SELECT SUSER_NAME()"/> 560 <current_db query="SELECT DB_NAME()"/> 561 <hostname/> 562 <table_comment/> 563 <column_comment/> 564 <is_dba query="PATINDEX('%sa_role%',SHOW_ROLE())>0" query2="EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')"/> 565 <users> 566 <inband query="SELECT name FROM master..syslogins"/> 567 <blind/> 568 </users> 569 <passwords> 570 <inband query="SELECT name,password FROM master..syslogins" condition="name"/> 571 <blind/> 572 </passwords> 573 <privileges/> 574 <roles> 575 <inband query="SELECT name,srid FROM master..syslogins,master..sysloginroles" condition="name"/> 576 <blind/> 577 </roles> 578 <statements/> 579 <dbs> 580 <inband query="SELECT name FROM master..sysdatabases"/> 581 <blind/> 582 </dbs> 583 <tables> 584 <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U')"/> 585 <blind/> 586 </tables> 587 <columns> 588 <inband query="SELECT %s..syscolumns.name,%s..syscolumns.usertype FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/> 589 <blind/> 590 </columns> 591 <dump_table> 592 <inband query="SELECT %s FROM %s.%s"/> 593 <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(VARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(VARCHAR(4000),%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq"/> 594 </dump_table> 595 <search_db> 596 <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/> 597 <blind/> 598 </search_db> 599 <search_table> 600 <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/> 601 <blind/> 602 </search_table> 603 <search_column> 604 <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/> 605 <blind/> 606 </search_column> 607 </dbms> 608 609 <!-- IBM DB2 --> 610 <dbms value="IBM DB2"> 611 <!-- Casting to varchar does not work with version < v9, so we had to use char(254) instead --> 612 <cast query="RTRIM(CAST(%s AS CHAR(254)))"/> 613 <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/> 614 <isnull query="COALESCE(%s,' ')"/> 615 <delimiter query="||"/> 616 <limit query="ROW_NUMBER() OVER () AS LIMIT %s) AS qq WHERE LIMIT"/> 617 <limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/> 618 <limitgroupstart/> 619 <limitgroupstop/> 620 <limitstring/> 621 <order query="ORDER BY %s ASC"/> 622 <count query="COUNT(%s)"/> 623 <comment query="--"/> 624 <!-- TODO --> 625 <substring query="SUBSTR((%s),%d,%d)"/> 626 <concatenate query="%s||%s"/> 627 <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1"/> 628 <hex query="HEX(%s)"/> 629 <inference query="SUBSTR((%s),%d,1)>'%c'"/> 630 <!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions --> 631 <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1"/> 632 <current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/> 633 <!-- NOTE: On DB2 we use the current user as default schema (database) --> 634 <current_db query="SELECT current server FROM SYSIBM.SYSDUMMY1"/> 635 <hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/> 636 <table_comment/> 637 <column_comment/> 638 <is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/> 639 <users> 640 <inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/> 641 <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/> 642 </users> 643 <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS --> 644 <passwords/> 645 <privileges> 646 <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/> 647 <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/> 648 </privileges> 649 <roles/> 650 <statements/> 651 <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes --> 652 <dbs> 653 <inband query="SELECT schemaname FROM syscat.schemata"/> 654 <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,schemaname FROM syscat.schemata) AS qq WHERE LIMIT=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/> 655 </dbs> 656 <tables> 657 <inband query="SELECT tabschema,tabname FROM sysstat.tables" condition="tabschema"/> 658 <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/> 659 </tables> 660 <columns> 661 <inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/> 662 <blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" query2="SELECT RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s' AND tbcreator='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/> 663 </columns> 664 <dump_table> 665 <inband query="SELECT %s FROM %s"/> 666 <blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/> 667 </dump_table> 668 <search_db> 669 <inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/> 670 <blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE %s) AS qq" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE %s" condition="schemaname"/> 671 </search_db> 672 <search_table> 673 <inband query="SELECT tabschema,tabname FROM sysstat.tables WHERE %s" condition="tabname" condition2="tabschema"/> 674 <blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE %s) AS qq" query2="SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE %s" count2="SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'" condition="tabname" condition2="tabschema"/> 675 </search_table> 676 <search_column> 677 <inband query="SELECT tabschema,tabname FROM sysstat.columns WHERE %s" condition="colname" condition2="tabschema" condition3="tabname"/> 678 <blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE %s) AS qq" query2="SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE %s" count2="SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'" condition="colname" condition2="tabschema" condition3="tabname"/> 679 </search_column> 680 </dbms> 681 682 <!-- Hyper SQL Database --> 683 <dbms value="HSQLDB"> 684 <cast query="CAST(%s AS LONGVARCHAR)"/> 685 <length query="CHAR_LENGTH(%s)"/> 686 <isnull query="IFNULL(%s,' ')"/> 687 <delimiter query="||"/> 688 <limit query="LIMIT %d %d" query2="LIMIT %d OFFSET %d"/> 689 <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/> 690 <limitgroupstart query="1"/> 691 <limitgroupstop query="2"/> 692 <limitstring query=" LIMIT "/> 693 <order query="ORDER BY %s ASC"/> 694 <count query="COUNT(%s)"/> 695 <comment query="--" query2="/*" query3="//"/> 696 <substring query="SUBSTR((%s),%d,%d)"/> 697 <concatenate query="CONCAT(%s,%s)"/> 698 <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> 699 <hex query="RAWTOHEX(%s)"/> 700 <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/> 701 <banner query="DATABASE_VERSION()"/> 702 <current_user query="CURRENT_USER"/> 703 <current_db query="DATABASE()"/> 704 <hostname/> 705 <table_comment/> 706 <column_comment/> 707 <is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.USERS WHERE NAME=CURRENT_USER"/> 708 <check_udf/> 709 <users> 710 <!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used --> 711 <blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/> 712 <inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user"/> 713 </users> 714 <passwords> 715 <!-- Passwords only shown in later versions >=2.0 --> 716 <blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s' ORDER BY password_digest" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/> 717 <inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user_name" condition="user_name"/> 718 </passwords> 719 <privileges/> 720 <roles/> 721 <statements/> 722 <dbs> 723 <blind query="SELECT LIMIT %d 1 DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem" count="SELECT COUNT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS"/> 724 <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem" /> 725 </dbs> 726 <tables> 727 <blind query="SELECT LIMIT %d 1 table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s' ORDER BY table_name" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'"/> 728 <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES ORDER BY table_schem" condition="table_schem"/> 729 </tables> 730 <columns> 731 <blind query="SELECT column_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s' ORDER BY column_name" query2="SELECT column_type FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schem='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s'" condition="column_name"/> 732 <inband query="SELECT column_name,type_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s' ORDER BY column_name" condition="column_name"/> 733 </columns> 734 <dump_table> 735 <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/> 736 <inband query="SELECT %s FROM %s.%s ORDER BY %s"/> 737 </dump_table> 738 <search_db> 739 <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/> 740 <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/> 741 </search_db> 742 <search_table> 743 <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'" condition="table_name" condition2="table_schem"/> 744 <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" condition="table_name" condition2="table_schem"/> 745 </search_table> 746 <search_column> 747 <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_schem='%s'" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_schem='%s'" condition="column_name" condition2="table_schem" condition3="table_name"/> 748 <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" condition="column_name" condition2="table_schem" condition3="table_name"/> 749 </search_column> 750 </dbms> 751 752 <dbms value="H2"> 753 <cast query="CAST(%s AS LONGVARCHAR)"/> 754 <length query="CHAR_LENGTH(%s)"/> 755 <isnull query="IFNULL(%s,' ')"/> 756 <delimiter query="||"/> 757 <limit query="OFFSET %d LIMIT %d"/> 758 <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/> 759 <limitgroupstart query="1"/> 760 <limitgroupstop query="2"/> 761 <limitstring query=" OFFSET "/> 762 <order query="ORDER BY %s ASC"/> 763 <count query="COUNT(%s)"/> 764 <comment query="--" query2="//"/> 765 <substring query="SUBSTR((%s),%d,%d)"/> 766 <concatenate query="CONCAT(%s,%s)"/> 767 <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> 768 <hex query="RAWTOHEX(%s)"/> 769 <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/> 770 <banner query="H2VERSION()"/> 771 <current_user query="CURRENT_USER"/> 772 <current_db query="DATABASE()"/> 773 <hostname/> 774 <table_comment/> 775 <column_comment/> 776 <is_dba query="SELECT CURRENT_USER='SA'"/> 777 <check_udf/> 778 <users> 779 <inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/> 780 <blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/> 781 </users> 782 <passwords/> 783 <privileges/> 784 <roles/> 785 <statements/> 786 <dbs> 787 <inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/> 788 <blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA OFFSET %d LIMIT 1" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/> 789 </dbs> 790 <tables> 791 <inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES" condition="TABLE_SCHEMA"/> 792 <blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/> 793 </tables> 794 <columns> 795 <blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/> 796 <inband query="SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition="COLUMN_NAME"/> 797 </columns> 798 <dump_table> 799 <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/> 800 <inband query="SELECT %s FROM %s.%s ORDER BY %s"/> 801 </dump_table> 802 <search_db> 803 <blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="SCHEMA_NAME"/> 804 <inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="SCHEMA_NAME"/> 805 </search_db> 806 <search_table> 807 <blind query="SELECT DISTINCT(TABLE_SCHEMA) FROM INFORMATION_SCHEMA.TABLES WHERE %s ORDER BY 1" query2="SELECT DISTINCT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' ORDER BY 1" count="SELECT COUNT(DISTINCT(TABLE_SCHEMA)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'" condition="TABLE_NAME" condition2="TABLE_SCHEMA"/> 808 <inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="TABLE_NAME" condition2="TABLE_SCHEMA"/> 809 </search_table> 810 <search_column> 811 <blind query="SELECT DISTINCT(TABLE_SCHEMA) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s ORDER BY 1" query2="SELECT DISTINCT(TABLE_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='%s' ORDER BY 1" count="SELECT COUNT(DISTINCT(TABLE_SCHEMA)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='%s'" condition="column_name" condition2="TABLE_SCHEMA" condition3="TABLE_NAME"/> 812 <inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="TABLE_SCHEMA" condition3="TABLE_NAME"/> 813 </search_column> 814 </dbms> 815 816 <!-- Informix --> 817 <!-- https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_072.htm --> 818 <!-- https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sec.doc/ids_am_041.htm --> 819 <dbms value="Informix"> 820 <cast query="RTRIM(TO_CHAR(%s))"/> 821 <length query="CHAR_LENGTH(RTRIM(%s))"/> 822 <isnull query="NVL(%s,' ')"/> 823 <delimiter query="||"/> 824 <limit query="SELECT SKIP %d LIMIT 1"/> 825 <limitregexp query="\s+SKIP\s+([\d]+)\s*LIMIT\s*([\d]+)"/> 826 <limitgroupstart query="1"/> 827 <limitgroupstop query="2"/> 828 <limitstring query=" LIMIT "/> 829 <order query="ORDER BY %s ASC"/> 830 <count query="COUNT(%s)"/> 831 <comment query="--"/> 832 <substring query="SUBSTR((%s),%d,%d)"/> 833 <concatenate query="%s||%s"/> 834 <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSMASTER:SYSDUAL"/> 835 <hex query="HEX(%s)"/> 836 <!-- http://www.dbforums.com/showthread.php?1660588-select-first-and-union&p=6478613#post6478613 --> 837 <inference query="ASCII(SUBSTR((SELECT * FROM (%s)),%d,1))>%d"/> 838 <banner query="SELECT DBINFO('VERSION','FULL') FROM SYSMASTER:SYSDUAL"/> 839 <current_user query="SELECT USER FROM SYSMASTER:SYSDUAL"/> 840 <current_db query="SELECT DBINFO('DBNAME') FROM SYSMASTER:SYSDUAL"/> 841 <hostname query="SELECT DBINFO('DBHOSTNAME') FROM SYSMASTER:SYSDUAL"/> 842 <table_comment/> 843 <column_comment/> 844 <is_dba query="(SELECT USERTYPE FROM SYSUSERS WHERE USERNAME=USER)='D'"/> 845 <users> 846 <inband query="SELECT USERNAME FROM SYSUSERS"/> 847 <blind query="SELECT SKIP %d LIMIT 1 USERNAME FROM SYSUSERS ORDER BY USERNAME" count="SELECT COUNT(USERNAME) FROM SYSUSERS"/> 848 </users> 849 <passwords> 850 <inband query="SELECT USERNAME,HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/> 851 <blind query="SELECT HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/> 852 </passwords> 853 <privileges> 854 <inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="USERNAME"/> 855 <blind query="SELECT USERTYPE FROM SYSUSERS WHERE USERNAME='%s'"/> 856 </privileges> 857 <roles/> 858 <statements/> 859 <dbs> 860 <inband query="SELECT NAME FROM SYSMASTER:SYSDATABASES"/> 861 <blind query="SELECT SKIP %d LIMIT 1 NAME FROM SYSMASTER:SYSDATABASES ORDER BY NAME" count="SELECT COUNT(NAME) FROM SYSMASTER:SYSDATABASES"/> 862 </dbs> 863 <tables> 864 <inband query="SELECT TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99"/> 865 <blind query="SELECT SKIP %d LIMIT 1 TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99 ORDER BY TABNAME" count="SELECT COUNT(TABNAME) FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99"/> 866 </tables> 867 <columns> 868 <inband query="SELECT COLNAME,COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'" condition="COLNAME"/> 869 <blind query="SELECT SKIP %d LIMIT 1 COLNAME FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' ORDER BY COLNAME" query2="SELECT COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' AND COLNAME='%s'" count="SELECT COUNT(COLNAME) FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'" condition="COLNAME"/> 870 </columns> 871 <dump_table> 872 <inband query="SELECT %s FROM %s:%s"/> 873 <blind query="SELECT MIN(%s) FROM %s WHERE RTRIM(TO_CHAR(%s))>'%s'" query2="SELECT MAX(%s) FROM %s WHERE RTRIM(TO_CHAR(%s)) LIKE '%s'" count="SELECT COUNT(*) FROM %s:%s" count2="SELECT COUNT(DISTINCT %s) FROM %s"/> 874 </dump_table> 875 <search_db/> 876 <search_table/> 877 <search_column/> 878 </dbms> 879</root> 880