INFORMATION_SCHEMA provides access to database metadata. Metadata is data about the data, such as the name of a database or table, the data type of a column, or access privileges. Other terms that sometimes are used for this information are data dictionary and system catalog. INFORMATION_SCHEMA is the information database, the place that stores information about all the other databases that the MySQL server maintains. Inside INFORMATION_SCHEMA there are several read-only tables. They are actually views, not base tables, so there are no files associated with them.
How to retrieve all database name from INFORMATION_SCHEMA:
SELECT schema_name FROM INFORMATION_SCHEMA.schemata
After we got database name, now we can get all tables from that database:
SELECT table_name FROM INFORMATION_SCHEMA.tables where table_schema = 'the_database_name'
After we got all the tables name from the database, we can retrieve all column name with the data type:
SELECT column_name, column_type FROM INFORMATION_SCHEMA.columns where table_schema = 'the_database_name' AND table_name = 'the_table_name'
Okay that’s the basic of how to get some of database information from the Information_Schema, there are still lots of other information you can get from the Information_Schema.
So if your website is vulnerable to SQL Injection, the attacker can easily get your database schema from this technique. So please keep up to date your system and keep backup regularly.