Fully automated MySQL5 boolean based enumeration tool
The Hacker News

Blackhatacademy Developers releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the information_schema information.

  • When the -q flag is applied, a user can supply any query that returns only a single cell
  • If the exploit or vulnerability requires a single quote, simply tack %27 to the end of the URI.
  • This script contains error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors.
  • This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto).
  • This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.