According to OWASP top 10 vulnerabilities of 2010, SQL injection
is the most dangerous and most common vulnerability around, A SQL
Injection vulnerability occurs due to improper input validation or no
input validation at all, what I mean by improper or no input validation
is the user input is not filtered(for escape characters) before it
gets passed to the SQL database, A Sql injection attack can be any many forms, but it's usually categorized into 3 types:
1. Inband
2. Out of band
3. Inferential
n
this presentation john Mccray discusses some of advanced SQL Injection
methods and topics such as IDS evasion, filter bypassing etc.
a basic tutorial to begin sql injection will be posted soon.