SQL Injection Attacks by Example gives you a detailed view how experts used the technique to break into a customers system.

“There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.”

SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

What does it mean in plain english ? You try to utilise instances of a website that submits data to the webserver, this could be for example a login page, a form field or a comments form.

The article “SQL Injection Walkthrough” helps you identify vulnerable scripts and explains the methods to test, verify and exploit that vulnerability. After reading the article you will have a basic understanding of the technique, if you follow the links given at the end you will be able to read advanced topics on the subject.