SQLIer takes an URL vulnerable to SQL injection attacks and attempts to determine all of the necessary information to build and exploit an SQL injection hole by itself. It requires no user interaction unless it can't guess the table/field names correctly. By doing so, it can build a UNION SELECT query designed to brute force passwords out of the database. It does not use quotes in the exploit, meaning it will work for a wider range of sites. An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately one minute to crack.
