Oracle SQLi Column Name Enumeration Miss-Written Payload

[papq1]

Hi @LasCC big appreciation for this wonderful extension.

Today I came across on a miss-written payload, which could cause people using the extension miss a valid SQLi attack. It has to do with the oracle database section, more specifically 'Column Name Enumeration' payload which does not specify the all_tab_columns table as part for the SQLi.

The corrected version should be: "'UNION SELECT column_name,NULL FROM all_tab_columns where table_name="X" -- -"