One of the best tool for blind sql injection is BSQLBF expanded as Blind Sql Injection Brute Forcer.
Supported Database:
It supports 8 kind of attacking:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
back-end server to true & error (e.g syntax error) >>> Blind SQL Injection
Blind SQL Injection “order by” & “group by”
SYS privileges (ORACLE dbms_export_extension exploit ) >>> Find Data
O.S code execution (ORACLE dbms_export_extension exploit)
Read file (ORACLE dbms_export_extension exploit, java)
O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
O.S code execution SYS.KUPP $PROC.CREATE_MASTER_PROCESS(), DBA Privs
O.S code execution DBMS_JAVA_TEST.FUNCALL, java IO Permissions
Download BSQLBF