SQL Injection

[jibudada]

SQL injection is a technique often used to attack databases through a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g. dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in a website's software.

there are lot of information available on web regarding sql injection. but i feel that there is not a single place where we can find complete information , all the techniques of sql injection with video demo . one of my friend has started creating videos series on this topic .

Link to part 1: http://www.securitytube.net/video/4171
Link to part 2: http://www.securitytube.net/video/4200
Link to part 3: http://www.securitytube.net/video/4208
Link to part 4: http://www.securitytube.net/video/4210
Link to part 5: http://www.securitytube.net/video/4269
Link to part 6: http://www.securitytube.net/video/4283
Link for test bed: https://github.com/Audi-1/sqli-labs

all above videos cover sql injection in detail with practical

[Kulverstukas]

Better to learn SQL before you learn to inject it... otherwise you are just a script kiddie.

[p_2001]

Better to learn SQL before you learn to inject it... otherwise you are just a script kiddie.

lol, agreed

Though basic sql is not worth 2 days or practice... the advanced part such as functions are a bit tricky.

[L0rd_M@dness]

lol, agreed

Though basic sql is not worth 2 days or practice... the advanced part such as functions are a bit tricky.

Functions only find a real meaning in T-SQL and T-SQL never comes handy in SQLi.
Basic SQL is just SELECT, WHERE, DELETE, UPDATE, INSERT, ORDERBY, and some other queries.
I agree with Kulverstakus tho. The more SQL you know the more likely you're able to apply the exploit.