<div>Dave,</div>
<div> </div>
<div>I'm personally a big fan of sqlmap, <a href="http://sqlmap.sourceforge.net/">http://sqlmap.sourceforge.net/</a>. for blind SQL injection and enumeration.</div>
<div> </div>
<div>Some nice features include:</div>
<div>- Using both page hashes and string matches to pick responses apart.</div>
<div>- Extensive fingerprinting</div>
<div>- Limited IDS evasion.</div>
<div>- Support for a variety of RDBMS'</div>
<div> </div>
<div>Being able to do the below in Python is hot; in a very PCI-is-a-buzz-word kind of way.</div>
<div> </div>
<div><font face="courier new,monospace">$ python sqlmap.py -u "<a href="http://localhost/index.php?id=1&cat=2">http://localhost/index.php?id=1&cat=2</a>" --tables -D mysql<br><br>Database: mysql<br>[21 tables]
<br>+---------------------------+<br>| columns_priv |</font></div>
<div><font face="courier new,monospace">| db |<br></font><a id="l_403"></a><font face="courier new,monospace">| event |<br></font><a id="l_404"></a><font face="courier new,monospace">
| func |<br>| general_log |<br></font><a id="l_406"></a><font face="courier new,monospace">| help_category |<br></font><a id="l_407"></a><font face="courier new,monospace">| help_keyword |
<br></font><a id="l_408"></a><font face="courier new,monospace">| help_relation |<br>| help_topic |<br></font><a id="l_410"></a><font face="courier new,monospace">| host |<br>
| plugin |<br></font><a id="l_412"></a><font face="courier new,monospace">| proc |<br></font><a id="l_413"></a><font face="courier new,monospace">| procs_priv |<br></font>
<a id="l_414"></a><font face="courier new,monospace">| slow_log |<br></font><a id="l_415"></a><font face="courier new,monospace">| tables_priv |<br></font><a id="l_416"></a><font face="courier new,monospace">
| time_zone |<br></font><a id="l_417"></a><font face="courier new,monospace">| time_zone_leap_second |<br></font><a id="l_418"></a><font face="courier new,monospace">| time_zone_name |<br></font>
<a id="l_419"></a><font face="courier new,monospace">| time_zone_transition |<br></font><a id="l_420"></a><font face="courier new,monospace">| time_zone_transition_type |<br></font><a id="l_421"></a><font face="courier new,monospace">
| user |<br></font><a id="l_422"></a><font face="courier new,monospace">+---------------------------+</font><br> </div>