SQL Injection is
essentially when a low privileged user interactively executes SQL
commands on a database server by adding additional syntax into standard
arguments, this is then passed to a particular function enabling
enhanced privileges. SQL Injection can also take the form of
appending specific strings to queries that break out of the database
servers known logic and return sensitive information not normally
available to an unauthenticated user.
SQL Injection has been known about for several years now and rather than
re-document all the material locally. I have put together a list
of useful papers that may help you in your task:
SQL Injection walkthrough
Basically the beginners guide to SQL Injection.
Advanced SQL Injection in SQL Server
This paper introduces the varied formats in which SQL can be used and
'injected' into an application/back-end database. It also
introduces ways around authentication controls prevalent in today's
More Advanced SQL Injection
This paper deals with SQL Injection in a Microsoft SQL Server/ IIS/
Active Server Pages environment. Most of the techniques discussed
can be ported to other similar database environments i.e. Sybase. This
paper is essentially an add-on to Advanced SQL Injection in SQL Server
Advanced SQL Injection in Oracle databases
This paper solely discusses the many ways to use SQL Injection against
Oracle Databases. There are numerous examples of syntax required
to carry out this type of attack and shows how easily Oracle in-built
security can be circumvented.
Blind SQL Injection
This paper discusses the varied ways that an attacker would try to
enumerate errors in an application. I essence the attacker learns to
identify errors and tries to identify whether they are SQL related or
not and tailor their attack to what they have found.
SQL Injection by example
A paper discussing an actual SQL Injection attack carried out as part of
a security review of a large Intranet site.
Understanding SQL Injection
Reading these should give you an excellent grounding on the subject and
most provide almost a step-by-step guide. Of particular note of
those papers produced by members of NGS Software, which also provides
invaluable database auditing tools.
There area number of SQL injection cheat sheets to help you with a manual test, notably available from: