Blackhatacademy released a Script that uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping
- By default, this script will first determine username, version and database name before enumerating the information_schema information.
- When the -q flag is applied, a user can supply any query that returns only a single cell
- If the exploit or vulnerability requires a single quote, simply tack %27 to the end of the URI.
- This script contains error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors.
- This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto).
- This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites.
For More information and get the script from here:
www.blackhatacademy.org/security101/index.php?title=MySql_5_Enumeration