Michael Sutton's Blog : How Prevalent Are SQL Injection Vulnerabilities?
Really interesting study showing that of a sample population of web apps. live on the Internet 11.3% had SQL injection vulnerabilities.
I also thought it was very interesting to see how a combination of the googleAPI and some relatively simple coding can be turned into a very powerful vulnerability finding mechanism.
I've been doing some SQL injection work on recent tests and it's amazing how much information you can get from a database through one error message, it's pretty trivial (especially if automated) to enumerate all tables on a database and all databases on a server assuming (which tends to be the case) that the database server hasn't been hardened and the user being used by the web application hasn't been restricted (again tends to be the case)
Thinking about it, it's a little surprising that no-one's gone the extra step and done an automation that auto-roots servers with SQL injection vulns... It would be a fair bit harder than a buffer overflow (lots more variables to take account of like differing database servers and differing results from the initial injection allowing different queries to work) but given the reduced efficacy of worms attacking publicly available services (there's not really been a repeat of slammer in recent years) it would seem to be a viable attack path...
