Every now and then, I point someone in the direction of this
document. It’s an excellent discussion on SQL Injection and something anyone involved
in Pen Testing should know about. It explains how one can deduce the table structures
of the target database and do cool stuff like making an exploited server “speak”.
A definite must on a techie’s reading list.