ok recently I've been using SQL injection in some Penetration testing work I've been doing, so I thought it would be worth getting together all the links/White Papers I've been using/found useful.
Start off with two papers, which are more advanced but which have been the most useful one's I've found in the sense of having techniques I've used...
Advanced SQL Injection and More Advanced SQL Injection from NGS. Both good papers and in the 1st there's a really handy methodology that you can follow through to iterate over the columns in a database table and then insert data into that table, amongst other things.
There's a good introduction to SQL injection here at securiteam and another one here at unixwiz
Some point that I've noticed from the testing I've done.
- If you get SQL error messages out of the database you're half way there. Without them you're stuck trying to guess whether the data you've chucked at the system has caused it to barf in the right way or not... (There are some techniques for this in the paper above, but I've not had much joy with them so far)
- If the web application you're looking at does intelligent escaping of quotes, you're probably only going to be able to attack numeric fields ('cause they don't typically put quotes round the input, thus no need to put one to inject your own SQL statements)
- understanding what the likely accounts and system tables are for a given DBMS is darned handy to expand the vulnerability.
Other Papers I've found handy
SQL Injection Signatures Evasion
Blind SQL Injection