So firstly, let me just say that this is by no means a “How To” post on SQL Injection. This is more of a very basic primer, or an introduction to SQL Injection. Secondly, I would like to thank the guys at Offensive Security for the following information (I hope this isn’t stepping on anyone’s toes – this is my take on the whole concept), it’s a topic covered in the Pentesting with BackTrack course they have on offer. Finally, please don’t try this on anyone’s systems!! If you want to learn more about this please get something like webgoat or configure your own server to practice this on!! One last thing, I will not go into detail here with how/why some of these things work, wikipedia and a host of other sites can explain this all a lot better then me (i’m no SQL injection expert) and there are many many books (big scary books) that will walk you through this concept. With that out of the road .. let’s move on
