EvilZone

SQL injection is a technique often used to attack databases through a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g. dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in a website's software.

there are lot of information available on web regarding sql injection. but i feel that there is not a single place where we can find complete information , all the techniques of sql injection with video demo . one of my friend has started creating videos series on this topic .

Link to part 1: http://www.securitytube.net/video/4171
Link to part 2: http://www.securitytube.net/video/4200
Link to part 3: http://www.securitytube.net/video/4208
Link to part 4: http://www.securitytube.net/video/4210
Link to part 5: http://www.securitytube.net/video/4269
Link to part 6: http://www.securitytube.net/video/4283
Link for test bed: https://github.com/Audi-1/sqli-labs

all above videos cover sql injection in detail with practical

there are number of encoder in metasploit. some of them are really great in performance .

root@bt:~# msfencode -l Framework Encoders ================== Name                    Rank       Description ----                    ----       ----------- cmd/generic_sh          good       Generic Shell Variable Substitution Command Encoder cmd/ifs                 low        Generic ${IFS} Substitution Command Encoder cmd/printf_php_mq       manual     printf(1) via PHP magic_quotes Utility Command Encoder generic/none            normal     The "none" Encoder mipsbe/longxor          normal     XOR Encoder mipsle/longxor          normal     XOR Encoder php/base64              great      PHP Base64 encoder ppc/longxor             normal     PPC LongXOR Encoder ppc/longxor_tag         normal     PPC LongXOR Encoder sparc/longxor_tag       normal     SPARC DWORD XOR Encoder x64/xor                 normal     XOR Encoder x86/alpha_mixed         low        Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper         low        Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower  manual     Avoid UTF8/tolower x86/call4_dword_xor     normal     Call+4 Dword XOR Encoder x86/context_cpuid       manual     CPUID-based Context Keyed Payload Encoder x86/context_stat        manual     stat(2)-based Context Keyed Payload Encoder x86/context_time        manual     time(2)-based Context Keyed Payload Encoder x86/countdown           normal     Single-byte XOR Countdown Encoder x86/fnstenv_mov         normal     Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive   normal     Jump/Call XOR Additive Feedback Encoder x86/nonalpha            low        Non-Alpha Encoder x86/nonupper            low        Non-Upper Encoder x86/shikata_ga_nai      excellent  Polymorphic XOR Additive Feedback Encoder x86/single_static_bit   manual     Single Static Bit x86/unicode_mixed       manual     Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper       manual     Alpha2 Alphanumeric Unicode Uppercase Encoder

you can bypass antivirus using these decoder
you can also visit
http://www.securitytube.net/groups?operation=view&groupId=10  for detail