Hi Elekt,
i write this e-mail because i found really very very good your
paper about benchmark alternative in exploiting blind sql injection.
I would contribute with your research with this simple trick.

If u type : ... AND (SELECT 1,2,3,4)=1
mysql returns "Operand should contain 4 column(s)". It can be used as
an alternative of your method !
see ya
Luca