Search This Blog

MySQL 5 Enumeration: Blackhatacademy released Blind SQL Injection Tool

Blackhatacademy released a Script that uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping

  • By default, this script will first determine username, version and database name before enumerating the information_schema information.
  • When the -q flag is applied, a user can supply any query that returns only a single cell
  • If the exploit or vulnerability requires a single quote, simply tack %27 to the end of the URI.
  • This script contains error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors.
  • This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto).
  • This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites.

For More information and get the script from here:
www.blackhatacademy.org/security101/index.php?title=MySql_5_Enumeration
Share it:

PenTesting Tools

Software Release